Setting Up OAuth2/OpenID Device Flow Authentication
To set up OAuth2/OpenID Device Flow, select 41. OAuth2/OpenID Device Flow from the Definitions menu (STRMFA > 21). The Work with OAuth2/OpenID Device Flow Definitions screen appears.
| Work with OAuth2/OpenID Device Flow Definitions Type options, press Enter. Subset . . . . . . . 1=Select 3=Copy 4=Delete Opt Provider Active Description PINGID Y Ping Identity Bottom F3=Exit F6=Add new |
For each provider, a line on the screen shows the Provider name, whether the provider is Active, and a plain text Description of the provider.
To modify an OAuth2/OpenID Device Flow, enter 1 in the Opt field for that provider. The Modify OAuth2/OpenID Device Flow Definition screen appears:
| Modify OAuth2/OpenID Device Flow Definition Type choices, press Enter. Provider . . . . . . . . EXAMPLE Description . . . . . . Example Identity Active . . . . . . . . . Y Y=Yes, N=No Client_ID. . . . . . . . xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Client secret . . . . . Case sensitive, 100A Discovery metadata URL . https://auth.example.eu/xxxxxxxx-xxxx-xxxx-xxxx-xx xxxxxxxxxx/as/.well-known/openid-configuration Device code URL. . . . . https://xxxxxxx-xxxxxx-xx-xx.example.app/pr/Mfa-CR .html Authorization URL . . . https://auth.example.eu/xxxxxxxx-xxxx-xxxx-xxxx-xx xxxxxxxxxx/device/code Token URL . . . . . . . https://auth.example.eu/xxxxxxxx-xxxx-xxxx-xxxx-xx xxxxxxxxxx/as/token Timeout . . . . . . . . 60 Seconds Scope . . . . . . . . . openid email F3=Exit F12=Cancel |
The information for most of the fields is generated when you set up your organization's OpenID service with the provider. Copy the information for that provider to corresponding fields on this screen.
The remaining fields have these values:
Provider
A unique name for the provider.
Description
A free text description of the provider.
Active
Setting this to Y makes the service active. Setting it to N makes it inactive.
Timeout
The maximum number of seconds that the system waits for a response from the provider.
To copy an OAuth2/OpenID Device Flow Definition, enter 3 in the Opt field for that server on the Work with OAuth2/OpenID Device Flow Definitions screen. The Copy OAuth2/OpenID Device Flow Definition screen appears. Enter the name of the new server in the To: Definition field of that screen, then press Enter.
To delete an OAuth2/OpenID Device Flow Definition, enter 4 in the Opt field for that server on the Work with OAuth2/OpenID Device Flow Definitions screen. The Delete OAuth2/OpenID Device Flow Definition screen appears, displaying information about the server. Press Enter to delete that definition.
To add an OAuth2/OpenID Device Flow Definition, press the F6 key on the Work with OAuth2/OpenID Device Flow Definitions screen. The Add New OAuth2/OpenID Device Flow Definition screen appears, with the same fields as the Modify OOAuth2/OpenID Device Flow Definition screen.