How can we help?

The latest application delivery knowledge and expertise at your fingertips.

OIDC OAUTH ESP Authentication

OIDC OAUTH ESP Authentication

This article relates to LoadMaster firmware version 7.2.53.

As part of the Kemp Edge Security Pack (ESP), the LoadMaster supports a number of authentication protocols, including OIDC/OAUTH authentication.

Open ID Connect (OIDC) is the preferred protocol from Microsoft for Azure AD/Identity Management OIDC is an authentication protocol based on the OAuth2 protocol (which is used for authorization). OIDC uses the standardized message flows from OAuth2 to provide identity services.

Open ID Connect (OIDC) is an identity layer added to the OAuth2.0 Protocol that enables authentication of users via tokens provided by an Identity Provider(IdP) (Referred to as the Authorisation Server role in Oauth). OIDC is commonly used to enabled Single Sign On of users across multiple applications via a single Identity Provider. OIDC uses the standardized message flows from OAuth2 to provide identity services.

When using OIDC on the LoadMaster, the loadmaster performs the Resource Server role, granting or denying access to an application via authorisation tokens. This requires an Identity Provider to be utilised for actually authenticating the users for example Microsoft Azure AD Identity Management.

Below is a brief outline of the flow when using OIDC to authenticate users on LoadMaster. Some details of the OIDC/Oauth protocol have been left out for simplicity.

As can be seen the LoadMaster doesn’t process user credentials but instead access is granted via the authorization token that is provided by the Identity Provider. Where Single Sign on is enabled the user does not need to sign into subsequent applications and the flow shown can occur ‘silently’ without user input.

For further details on OIDC OAUTH in general, refer to the OIDC OAUTH ESP Authentication Feature Description.


Comments