Knowledge Base

Support Policies

OIDC/OAUTH with Windows SSO Realm

SecureAuth Idp Version affected: All
Description:
This article will show how to allow access to the OIDC/OAuth Endpoints on a Windows SSO Realm. 

Cause:

When you enable windows SSO, it enables it for the entire realm. This works fine for the Authorized/OidcAuthorize.aspx as the WindowsSSO credentials are passed there.

What it doesn't work well for are the other end points
https://.../secureauth1/oidctoken.aspx
https://.../secureauth1/oidcuserinfo.aspx
https://.../secureauth1/oidcendsession.aspx
https://.../secureauth1/oidcchecksession.aspx
https://.../secureauth1/.well-known/openid-configuration
https://.../secureauth1/OAuthintrospect.aspx
https://.../secureauth1/OAuthRevocate.aspx

Resolution:

When Windows SSO is enabled, it protects all the endpoints which isn't helpful for OIDCToken.aspx etc due to the way they are reached.

1. Open IIS and navigate to the realm.

2. Click content view

3. Select the endpoint eg, OIDCToken.aspx

4. Click switch to feature view (On the right side of the page)

IIScontent.PNG

5. Click Authentication

6. Change the Authentication to anonymous as per screenshot

authentication.PNG

7. Repeat for the other endpoints (apart from OidcAuthorize.aspx)

 

Please see this article for help with accessing this endpoint https://SecureAuthIdP/SecureAuth#/.well-known/openid-configuration 



SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.