|
Property
|
Description
|
Default value
|
|---|---|---|
|
ida:Enabled
|
Determines if Microsoft Entra ID/OIDC is enabled or not. If this is set to false, then the following settings are not required.
|
|
|
ida:TenandId
|
This is a mandatory property. The value specified here is to be used for Entra login and OIDC Bearer Tokens.
|
This value is used in any URI that requires a [tenant ID].
|
|
ida:CliendId
|
This is a mandatory property. The client ID is associated with the current Web Interface instance. The value specified here is to be used for Entra login and OIDC Bearer tokens.
|
This value is used in any URI that requires a [client ID].
|
|
ida:ClockSkew
|
Determines the minutes allowed Clock Skew when validating Bearer tokens, this allows a grace period of minutes to allow for date/time variations. This value is required for Entra login and OIDC bearer tokens.
(Clock skew is the time difference between two clocks that should be synchronized).
|
5
|
|
ida:Discovery
|
URI used for Discovery of Services, specifically Signing keys when validating users. This value is required for Entra login and OIDC bearer tokens.
|
https://login.microsoftonline.com/{tenant-id}/v2.0/.well-known/openid-configuration
|
|
ida:AuthorizationEndPoint
|
This is the URI the user is directed to for authorization. This value is required for Entra login.
|
https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/authorize
|
|
ida:TokenEndPoint
|
URI required for clients to obtain tokens.
|
https://login.microsoftonline.com/{tenant-id}/oauth/v2.0/token
|
|
ida:Scopes
|
Determines scope checking for Bearer Tokens only. When scopes are defined, at least one scope must match. If no scopes are defined, scope checking is disabled and will be shown in status.log as:
ida:Scopes Configured: 0 (Scope checking will be disabled)
|
Contains the following two values:
• user_impersonation
• WINDCHILL_READ
|
|
ida:SignInScopes
|
Scopes sent when Sign in with Entra is made.
|
openid profile email.
|
|
ida:Audiences
|
Determines the Audience used for validation.
This value is required for Entra Login and OIDC Bearer Tokens.
|
Contains the following two values
• [client ID]
• https://database.windows.net
|
|
ida:Issuers
|
Determines the Issuer used for validation
This value is required for Microsoft Entra ID Login and OIDC Bearer Tokens
|
Contains the following two values
• https://sts.windows.net/{tenant-id}/
• https://login.microsoftonline.com/{tenant-id}/v2.0
|
|
ida:TrustedClientIds
|
Define which clients are trusted by the Web Interface REST API and OSLC. This can be used to provide access to a limited number of trusted clients. The clients are separated by a space. If no values are set, then all clients are trusted. If the values is empty, then the status.log file entry reads:
ida:TrustedClientIds Configured: 0 (All Clients will be trusted)
Note that this setting affects only those requests by clients with OIDC Bearer tokens.
|
|
|
Web Interface should only be configured with either Microsoft Entra ID or PingFederate for Single Sign-On, not both.
|