Configuring an external provider for authentication
To work with Urbi Pro and CityLens products, end users must pass the authentication. The On-Premise solution does not provide an authentication service to be installed in a private environment. Therefore, you need to use your own OpenID Connect (OIDC) provider to authorize users via Single Sign-On (SSO) technology.
Only users registered in the external OIDC provider database can authenticate and be authorized in Urbi Pro and CityLens. User management is also handled on the provider side.
Configure your OIDC provider by meeting the following requirements:
-
Define the mandatory claims. The following user data must always be filled in the
user-inforesponse:sub- user identifier.email- user email.email_verified- flag indicating if the email is verified by the user.name- user full name.phone_number- user phone number.
-
Configure the scopes that can be used to request the defined claims. The standard set of scopes includes the following values:
openid- mandatory parameter indicating that OIDC is used for user authentication.email- user email.profile- link to the user profile.phone- user phone number.
-
Create a client in your OIDC provider:
-
Configure the client ID (
client_id) and secret (client_secret). -
Specify the Callback URL and the Logout URL for each service:
-
Urbi Pro:
- Callback URL:
https://{application_host}/api/auth/code - Logout URL:
https://{application_host}/api/auth/after_sign_out_openid
- Callback URL:
-
CityLens Web:
- Callback URL:
https://{application_host}/kc/callback - Logout URL:
https://{application_host}/
- Callback URL:
-
CityLens Routes UI:
- Callback URL:
https://{application_host}/auth - Logout URL:
https://{application_host}
- Callback URL:
-
-
Configure the client to work with previously defined scopes.
-