Authentication
SegnoSharp is set up to use OpenID Connect (OIDC) for authentication and authorization. The preferred OIDC provider must be set up to allow SegnoSharp to authenticate through it. This entails creating a “Client” with a “Client ID” and “Client Secret”, and configuring SegnoSharp to use these values.
Note
This documentation will not cover how to create an OIDC provider or how to configure the provider, but all the major computer companies like Google, Microsoft, and Meta all have their own OIDC providers you can create your own clients with.
When you have the client values use them in the following configuration options in SegnoSharp:
OpenIdConnect.Authority |
URI |
OIDC provider URI, i.e. |
OpenIdConnect.ClientId |
Secret string value |
“ClientId” defined in the OIDC provider. |
OpenIdConnect.ClientSecret |
Secret string value |
“ClientSecret” defined in the OIDC provider. |
OpenIdConnect.AdditionalScopes |
Secret string value |
SegnoSharp will always ask for |
OpenIdConnect.RoleClaim |
Secret string value |
Of all the claims returned from the OIDC provider, which claim key should be mapped to roles. |
OpenIdConnect.AdminRole |
Secret string value |
If the value of the claim defined above contains this value, then the authentication is authorized with administration privileges. |
OpenIdConnect.UsernameClaimKey |
Secret string value |
Of all the claims returned from the OIDC provider, which claim key will be mapped to the username displayed in SegnoSharp |
OpenIdConnect.SupportsEndSession |
Secret string value |
Whether the OIDC provider supports the “end_session_endpoint”. Default |
OpenIdConnect.UseOidc |
|
Whether to use OIDC or not. Default |
Note
UseOidc should never be set to false in a production environment! Setting this to false overrides all security measures and allows anyone to log on as administrator!
Note
Check the OIDC provider’s .well-known/openid-configuration to see if it supports the “end_session_endpoint”.