Setting Up Authentication for OpenID Connect with Yahoo
Adding a New Application
On https://developer.yahoo.com, create a new application with the following settings:
•Type: Web Application
•Redirect URL: https://{tenant-url}/handlers/sso/OIDC/AuthResultHandler.ashx
•API Permissions: OpenID Connect Permissions, Email, and Profile
Information required for configuration in Service Manager:
•Client ID
•Client Secret
Creating a Service Manager Authentication Provider
1.Open the Configuration console.
2.Click Configure > Security Controls > Authentication Providers to open the Authentication Providers workspace.
3.From the New Record Menu list, select New OpenID Connect.
4.Delete the default data from the existing fields.
5.Enter information into the fields.
| Field | Description |
|---|---|
| Default |
Specifies if this authentication provider is called. Automatically set by the application. To set the authentication provider as default, you must first set Default to False for all other authentication providers and then change the Default settings for this authentication provider to True. |
| Disabled |
Specifies if this authentication provider is disabled. |
|
Name |
The name of the OpenID Connect provider. |
|
Authentication URL |
Enter https://api.login.yahoo.com/oauth2/request_auth. For more details about authentication, see https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html |
| Token Verification URL |
Enter https://api.login.yahoo.com/oauth2/get_token. For more details about token verification, see https://developer.yahoo.com/oauth2/guide/openid_connect/getting_started.html |
|
Logout URL |
Enter the URL that sign out from Yahoo account when the you log out from Service Manager, After logging out from Ivanti Service Manager, the end session of OpenID Connect endpoint is called and clients in the same browser session are also signed out. |
| Session Renewal URL |
URL used to request to renew the session. If this field is empty, the application uses the value of the Authentication URL field. Ivanti Service Manager must be able to initiate an outbound HTTPS (port 443) connection to this URL. |
| Client ID |
Enter the Yahoo client ID. This is the Client ID captured from new application. |
| Client Secret |
Enter the client secret value from your Yahoo application. This is the Client Secret captured from new application. |
| OIDC Hosted Domain |
Not used for Yahoo. |
| OIDC Realm |
Enter the Ivanti Service Manager tenant URL. You can enter the following URL https://{tenant-url}. |
| Certificate URL |
Not used for Yahoo. |
| Certificate Issuer |
Not used for Yahoo. |
| Expiration Date |
Not used for Yahoo. |
|
Force Login |
The Force Login option is applicable to users reaching concurrent session limits, in the case of external authentication. •If the option is selected, when you reach a concurrent session limit, the application terminates all existing sessions and devices, and automatically logs them into a new session. •If the option is not selected, when you reach a concurrent session limit, an error message will appear on the page. Then you need to log out of existing sessions or devices, and then try logging in again. |
| Auto Provisioning |
Adds new users via authentication. You have the option to auto provision the role, status, and team for the new user. By selecting Auto Provisioning, the application creates an employee record if a user logs in using authentication and does not already have an employee record. |
| Profile Information URL |
Not used for Yahoo. |
| Auto Provision Role |
Role associated with the new user. |
| Auto Provision Status |
Status of the new user. |
| Auto Provision Team |
Team associated with the new user. |
| Auto Provision User Business Object |
Type of user record to create. You can select the following types: •Employee •External contact |
6.Click Save.
7.To verify your configuration, click Test Authentication.
You must have an Employee record with an appropriate External Authentication linking to this provider before the test runs successful.
A successful test looks similar to the below screenshot.
