OpenID Connect is a lightweight authentication layer that enables users to authenticate using accounts they have on other systems ( Some examples of providers are Google , Microsoft , Okta etc ). This authentication layer built Over the OAuth 2.0 authorization protocol. By using OpenID Connect, you delegate user authentication to other providers, making it easy for users with existing accounts to authenticate to your Liferay installation.
Refer this link to understand the OpenID Connect on the Microsoft identity platform
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc
In Liferay DXP to use the OpenId connect you can follow the steps in this URL
MAJOR FIELDS
Field | Description |
---|---|
Provider Name | This name appears in the Sign-In Portlet when users use OpenID Connect to log in. |
OpenID Client ID | Provide the OAuth 2.0 Client ID you received from your provider. |
OpenID Connect Client Secret | Provide the OAuth 2.0 Client Secret you received from your provider. |
Scopes | Leave the default, which requests the user name and the email. Your provider may offer other scopes of user information. |
Discovery Endpoint | Other URLs may be obtained from this URL, and they vary by provider. |
Discovery Endpoint Cache in Milliseconds | Cache the endpoints (URLs) discovered for this amount of time. |
Authorization Endpoint | This URL points to the provider’s URL for authorizing the user (i.e., signing the user in). |
Issuer URL | The provider’s URL that points to information about the provider who is issuing the user information. |
JWKS URI | A URL that points to the provider’s JSON Web Key Set that contains the public keys that can verify the provider’s tokens. |
ID Token Signing Algorithms | Set the supported ID token algorithms manually. Normally, this is “discovered” at the discovery endpoint. You can add as many of these as you need. |
Subject Types | A Subject Identifier is a unique and never reassigned identifier the provider uses to establish who the user is, and is consumed by the client (i.e., Liferay DXP). There are two types: public (provides the same value to all clients) and private (provides a different value to each client). |
Token Endpoint | The provider’s URL where tokens can be requested. |
Token Connection Timeout in Milliseconds | Wait this long when requesting a token for validation before timing out. A value of 0 means wait forever and is not recommended. |
User Information Endpoint | The OAuth 2.0 protected URL from which user information can be obtained. |