cancel
Showing results for 
Search instead for 
Did you mean: 

Identify Authentication Service - Establish Trust with IdP using OAuth2.0/OIDC

0 Kudos
421

I have established an Identity Authentication Service tenant and have "connected" it to a BTP subaccount (i.e. - the tenant is present in "Trust Configuration"). I am now attempting to define an IdP as a "Corporate Identity Provider" that has an OIDC/OAuth2.0 interface, but my attempts have been unsuccessful . Note that the IdP does not provide a SAML interface. The IdP's OIDC "well-known/openid-configuration" interface is as follows...

// https://some-idp.com/some-idp-tenant/.well-known/openid-configuration
{
"authorization_endpoint": "https://some-idp.com/some-idp-tenant/oauth2/authorize",
"id_token_signing_alg_values_supported": [
"RS256"
],
"issuer": "https://some-idp.com/some-idp-tenant",
"jwks_uri": "https://some-idp.com/some-idp-tenant/.well-known/jwks.json",
"response_types_supported": [
"code",
"token"
],
"scopes_supported": [
"openid",
"email",
"phone",
"profile"
],
"subject_types_supported": [
"public"
],
"token_endpoint": "https://some-idp.com/some-idp-tenant/oauth2/token",
"token_endpoint_auth_methods_supported": [
"client_secret_basic",
"client_secret_post"
],
"userinfo_endpoint": "https://some-idp.com/some-idp-tenant/oauth2/userInfo"
}

Questions:

1) Given the above IdP OIDC/OAuth2.0 interface, is it possible to establish a trust relationship between SAP Identity Authentication Service and this IdP?
2) If so, can you please provide guidance on the (minimal) "Trust" configuration parameters (i.e.- "Subject Name Identifier", "Enriched Token Claims", etc.) that are required to establish the trust relationship?

Thank you.

Accepted Solutions (0)

Answers (1)

Answers (1)

MSo
Product and Topic Expert
Product and Topic Expert
0 Kudos

So far only MS AAD is officially supported for OIDC integration with corporate IdP's in IAS. But you can give it a try confguring it as described here: https://help.sap.com/docs/IDENTITY_AUTHENTICATION/6d6d63354d1242d185ab4830fc04feb1/8ff83a12bbb8491c9...