Body
Environment
PHP, AFS virtual host
Issue
How to Provision OIDC Service Client Credentials.
Resolution
- Navigate to "OIDC Provisioning and Management" in the Wolverine Web Services portal application to provision OIDC service client credentials for your site:
https://admin.webservices.umich.edu/oidcprov/
- Select "Provision New OIDC Service Client"
- Fill out the required information:
Field |
Description |
Site Identifier |
A short identifier (or "slug") for the site that makes sense to you. It can be at most 20 characters and can only contain letters and numbers. |
College or business division |
Select your college or business division name from the pull-down menu |
MCommunity manager group |
Select the MCommunity group whose members will be able to make changes to the OIDC client from the pull-down menu |
Shortcode |
A valid U-M shortcode must be specified but will never be charged for provisioning OIDC client credentials |
Mcommunity groups for groups-based authentication |
Select the MCommunity group(s) to be used for group-based authentication |
Redirect URL(s) |
Your application URL that the authorization server will redirect the user back to after the user is successfully authenticated |
Some common Redirect URI(s) are as follows where FQDN (Fully Qualified Domain Name) is the URL for your site (ex. mysite.umich.edu):
PHP Application |
Standard Redirect URI |
Drupal (OpenID Connect generic plugin) |
https://[FQDN]/openid-connect/generic |
Drupal 7 (Wolverine Web Services plugin) |
https://[FQDN]/openid-connect/umichoidc |
Drupal 9 (Wolverine Web Services plugin) |
https://[FQDN]/openid-connect/WWSUmich |
WordPress |
https://[FQDN]/wp-admin/admin-ajax.php?action=openid-connect-authorize |
- Fill in all entries and press "Submit"
- Upon successful creation of your site's OIDC service client credentials, you will return to the original URL and should see a table entry for the newly created credentials
- Select the new Client ID in the table to see further details (including the OIDC Secret). You should copy the OIDC Client ID and OIDC Secret and use them in your web application's configuration in order to configure your web application to authenticate visitors using OIDC. Please protect the OIDC Secret as you would protect a password -- anyone who learns can compromise your web application's authentication and private data.
Additional Information
Need additional information or assistance? Contact the ITS Service Center.