Akeyless introduced its support for OpenID Connect (OIDC).
OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.

CLI

Run the following command in your terminal, with the relevant parameters enabled.

akeyless create-auth-method-oidc --name oauth-am --issuer {your-issuer-url} --client-id {your-client-id}  --client-secret {your-client-secret} --unique-identifier {your-unique-identifier (e.g 'email' or 'username'')}

Options:

-n, --name

*Auth Method name

--issuer

Issuer URL

--client-id

Client ID (application ID)

--client-secret

Client secret

--unique-identifier

Unique identifier (ID) value should be configured for OIDC, OAuth2, LDAP, and SAML authentication method types and is usually a value such as an email, username, or upn for example. Whenever a user logs in with a token, these authentication types issue a "sub claim" containing details uniquely identifying that user. This Sub-Claims includes a key containing the ID value that you configured, and is used to distinguish between different users from within the same organization

--access-expires[=0]

Access expiration date in Unix timestamp (select 0 for access without expiry date)

--bound-ips

A CIDR whitelist of the IPs that the access is restricted to

UI

In order to create a new OIDC authentication credentials, go to Auth Methods tab, click on new and select OIDC.


Did this page help you?