This document is intended to help you configure an OpenID Connect application in the administration console for SAP Cloud Identity Services for the client credentials flow.
You have an OpenID Connect application in the administration console for SAP Cloud Identity Services. For more information, see Create OpenID Connect Application.
The trust is configured by entering the information manually. You can enter manually the name of the client (relying party), and its redirect URIs.
To configure an OpenID Connect trusted application in the administration console for SAP Cloud Identity Services, proceed as follows:
-
Sign in to the administration console for SAP Cloud Identity Services.
-
Under Applications and Resources, choose the Applications tile.
-
Choose the application that you want to edit.
Type the name of the application in the search field to filter the list items, or choose the application from the list on the left.
If you don’t have a created application in your list, you can create one. For more information, see Create a New Application.
-
Choose the Trust tab.
-
Under SINGLE SIGN-ON, choose OpenID Connect Configuration.
-
Manually enter the communication settings negotiated between Identity Authentication and the client.
Setting
Description
Name (mandatory)
Provide a name of your choice.
Redirect URIs (optional)
The redirection URIs to which the response can be sent. You can add up to 20 redirect URIs.
Post Logout Redirect URIs (optional)
The redirection URIs where the user can be forwarded after logout. You can add up to 20 redirect URIs.
Front-Channel Logout URIs (optional)
URIs which will be requested for logout. You can add up to 20 URIs.
For more information about the format of the redirect URIs and post logout redirect URIs, see OpenID Connect Application Configurations.
-
Optional: (If you added second signing certificate in tenant settings) Under Identity Provider Certificate, choose the certificate to be used.
When the default identity provider certificate is changed with a new one, and the old one is not used anymore, we recommend you to delete the old certificate.
-
Select the Client Credentials grant type.
Beware that for each flow the respective grant type must be selected. All other grant types can be deselected if they aren't required by the application.
-
Save your selection. Once the application has been changed, the system displays the message Application <name of application> updated.
Configure trust on the client side. See the client documentation for more information about how to configure the trust.
Configure HTTP basic authentication for the application. For more information about the configuration, see Configure Secrets for API Authentication.
Related Information
Configure OpenID Connect Application for Authorization Code Flow
Configure OpenID Connect Application for Resource Owner Password Credentials Flow
Configure OpenID Connect Application for Implicit Flow
Configure OpenID Connect Application for JWT Bearer Flow