Note: OpenID Connect (OIDC) can be used with the CSUN Shibboleth IdP if you have an application that supports it. For additional details about the OIDC standards and documentation, refer to Open ID Connect Core 1.0.
Steps to set up an OIDC Service Provider at CSUN
- Install and configure OIDC software
- The Shibboleth OIDC metadata is available at: https://shibboleth.csun.edu/.well-known/openid-configuration
- Install mod_auth_openidc or another OIDC Relying Party (RP) on Linux, Apache, and IIS to use OIDC. Some applications may have the ability to have OIDC integrated directly into them. This can be done with your Operating system's package manager (for example, yum, apt-get, ports, and so on). The mod_auth_openidc RP is a direct replacement for mod_cosign.
- Contact the CSUN Identity Management Team. Create a Support Ticket with the following information:
- The name of your service
- The redirect URL(s) for your service
- Contact information for the people supporting and configuring your service
Resources to assist with installation and configuration
Configure Apache HTTP Server to Authenticate Using OIDC
For instructions on How to configure Apache HTTP Server (httpd) to authenticate visitors using OIDC for Single Sign On, see Configure Apache HTTP Server to Authenticate Using OIDC.
Drupal-OIDC
The OpenID Connect module provides a pluggable client implementation for the Drupal platform.
WordPress
OpenID Connect Generic Client plugin: Install and Configure OpenID Connect (OIDC) Client for WordPress
PHP web applications other than Drupal and Wordpress
The jumbojett/OpenID-Connect-PHP library is a popular PHP library used for integration of the OpenID Connect and authorization flow.
After your service is set up:
The Identity Management team will contact you to let you know that your service has been set up. The Identity team will provide a client ID and secret, and will make the necessary update(s) to the OIDC configuration on the IDP. It may take up to two business days to enable a new OIDC SP in production.
If you're adding Shibboleth with OIDC to a vendor-provided service, the Identity Management team is happy to work with the vendor on technical issues, but it is expected that you will maintain the vendor relationship and initiate contact with the vendor when needed.
