Configure Domino REST API to use an OIDC provider
About this task
The procedure guides you on how to configure Domino REST API to use an OpenID Connect (OIDC) provider for authentication.
Procedure
- Create a JSON file using a text editor.
-
Copy the JSON object to the JSON file.
{ "oidc": { "any-name": { "active": true, "providerUrl": "https://some.keycloak.server/auth/realms/some-realm", "clientId": "some-clientid", "clientSecret": "some-clientsecret", "userIdentifier": "dn", "userIdentifierInLdapFormat": true } } }
-
Set the values of the
providerUrl
,clientId
, andclientSecret
parameters to the values from your identity provider (e.g. Keycloak).{ "oidc": { "any-name": { "active": true, "providerUrl": "https://some.keycloak.server/auth/realms/some-realm", "clientId": "a3fe24-88dd-a003d3", "clientSecret": "16072d-cf96-1ea8d9", "userIdentifier": "dn", "userIdentifierInLdapFormat": true } } }
-
Save the JSON file in the
keepconfig.d
directory.Tip
Use a filename for the JSON file that reveals its purpose. To learn more on how JSON files in
keepconfig.d
are processed, see Understanding configuration. -
Restart Domino REST API on all servers.