|
Parameter
|
Value
|
||
|
<es-base-url>
|
The URL used to access your Experience Service.
This should be in the following format:
<es-protocol>://<es-host>:<es-port>
For example:
https://es.example.com:8443
If your Experience Service is using the protocol's default port (port 80 for HTTP or port 443 for HTTPS), do not specify the default port for your Experience Service base URL. In some cases, including the default port can cause PingFederate to consider the Vuforia Studio redirect URI invalid.
For example, if the server in the previous example used port 443 instead of port 8443, then the base URL would be:
https://es.example.com
|
||
|
<es-scope>
|
If your company does not support creating custom or new scopes, you’ll need to set this parameter to a predefined scope. Typically, you can check your OpenID configuration for supported scopes, or check with your OpenID administrator.
If nothing is defined, es-scope will be set to: studio-es-<es-host>:<es-port>.
For example:
studio-es-es.example.com:8443
|
||
|
<es-client-id>
|
Choose a unique value to use as the client ID for the Experience Service. For example: studio-es.
|
||
|
<es-client-secret>
|
When configuring the Experience Service client, your OpenID provider may give you the option to generate a secret for the client. If you choose to generate a secret for the client, capture the value generated, as it will be required to complete other installation and configuration steps. Alternatively, you can choose your own client secret. In this case, ensure that the secret you choose is a strong password and cannot be easily guessed.
|
||
|
<es-redirect-uri>
|
<es-base-url>/ExperienceService/auth/oidc/callback
For example:
https://es.example.com:8443/ExperienceService/auth/oidc/callback
|
||
|
<studio-redirect-uri>
|
http://localhost:3000/authorization_code_redirect?audience=<es-base-url>
For example:
http://localhost:3000/authorization_code_redirect?audience=https://es.example.com:8443
|
||
|
<as-base-url>
|
The base URL for the runtime engine service for your OpenID provider. For example:
https://pingfed.example.com:9031
|
||
|
<as-auth-endpoint>
|
The authorization endpoint URL of the authorization server for your OpenID provider. This URL is used to initiate the authorization code flow that is used to authenticate users and obtain delegated authorization. To obtain the value for this parameter, refer to your OpenID provider’s documentation. For example, for PingFederate, you can find this value using these steps:
1. In a web browser, navigate to the following URL:
<as-base-url>/.well-known/openid-configuration
This displays a JSON file containing OpenID and OAuth configuration information for your PingFederate server.
2. The value of the authorization_endpoint property is the authorization endpoint URL. For example:
https://pingfed.example.com/as/authorization.oauth2
|
||
|
<as-token-endpoint>
|
The token endpoint URL of the authorization server for your OpenID provider. Clients use this endpoint to retrieve access and refresh tokens. To obtain the value for this parameter, please refer to your OpenID provider’s documentation. For example, for PingFederate, you can find this value using these steps:
1. In a web browser, navigate to the following URL:
<as-base-url>/.well-known/openid-configuration
This displays a JSON file containing OpenID and OAuth configuration information for your PingFederate server.
2. The value of the token_endpoint property is the token endpoint URL. For example:
https://pingfed.example.com/as/token.oauth2
|
