tencent cloud

피드백

Configuring OIDC in Tencent Cloud SP

마지막 업데이트 시간:2024-01-23 17:39:39

    Overview

    As the SP, Tencent Cloud needs to configure the OIDC for the IdP to establish a trust relationship with the enterprise IdP. This enables users from the enterprise IdP to log in to Tencent Cloud via user-based SSO. This document uses Azure Active Directory as an example of IdP.
    Note
    View the OIDC protocol configuration information, (Copy the link at Azure Active Directory > App Registration > Endpoints > OpenID Connect Metadata Document, and open it in browser for specific configuration details)

    Directions

    1. Log in to the Tencent Cloud account Cloud Access Management Console.
    2. In the navigation pane on the left, click Identity Providers > User-Based SSO.
    3. On the User-Based SSO Management page, you can view the current User-Based SSO status and configuration information.
    
    4. By clicking on the switch button following User-Based SSO, you can either enable or disable it.
    
    When user-based SSO is enabled: CAM sub-users cannot log in to Tencent Cloud via account ID and password. All CAM sub-users will be redirected to the IdP user login page for identity verification.
    When user-based SSO is disabled: CAM users can login to Tencent Cloud via account ID and password, and the user-based SSO settings will not take effect.
    SSO Protocol: Select the OIDC type.
    IdP URL: Identifier of OpenID Connect IdP. Corresponds to the 'issuer' field value in the OpenID Connect metadata document provided by the IdP.
    Client ID: Client ID registered with the OpenID Connect IdP. It can be obtained from the Azure Active Directory > Enterprise Applications > OIDCSSO Application Overview page.
    User Mapping Field: The field maps the CAM sub-user name in the OpenID Connect IdP. Optional values in the "claims_supported" provided in the OpenID Connect metadata document obtained from the IdP. In this example, the name field is used to map the CAM's username.
    Authorization Request Endpoint: The address of the authorization request of the OpenID Connect IdP. Corresponds to the "authorization_endpoint" field value in the OpenID Connect metadata document provided by the IdP.
    Authorization Request Scope: The range of information for the authorization request by the OpenID Connect IdP. By default, 'openid' is mandatory.
    Authorization Request Response Type: The type of parameters returned by the authorization request from OpenID Connect IdP. By default, 'id_token' is mandatory.
    Authorization Request Response Mode: The response mode of the authorization request by OpenID Connect IdP. 'form_post' and 'fragment' modes are optional, and 'form_post' is recommended.
    Signature Public Key: The public key for verifying the signature of the OpenID Connect IdP ID Token. Corresponds to the content (obtained by visiting the link) linked in the "jwks_uri" field in the OpenID Connect metadata document provided by the IdP. For the security of your account, we recommend you to routinely rotate the signing public key.
    5. Click Save.
    
    문의하기

    고객의 업무에 전용 서비스를 제공해드립니다.

    기술 지원

    더 많은 도움이 필요하시면, 티켓을 통해 연락 바랍니다. 티켓 서비스는 연중무휴 24시간 제공됩니다.

    연중무휴 24시간 전화 지원