OpenXPKI 3.30: Native Support of OpenID Connect
The challenges of managing access credentials for IT systems are constantly growing. In addition to the purely administrative issues of forgotten passwords and data maintenance, protecting against a wide variety of attacks on user accounts is becoming increasingly important. For this reason, the decision was made during the initial design of OpenXPKI to offload user management into an API that is easy to extend.
With the latest release 3.30 of OpenXPKI, support for OpenID Connect adds another native integration of an authentication protocol. OpenID Connect was standardized back in 2014 and has seen rapid adoption in recent years through the “Log in with...” feature offered by major social media providers. All major identity management products now support this protocol, including MS Entra, Microsoft’s successor to Active Directory.
|
In addition to basic authentication, metadata such as name and email address can be transmitted directly during login and used in subsequent OpenXPKI workflows. This allows, for example, contact information to be automatically pre-filled in the application process. But there’s more: The protocol also allows user groups to be passed during the login process. Based on this, it is possible to assign a role directly to the user. In combination with the Local RA module for multi-tenancy in OpenXPKI, this also enables the assignment of a user to a tenant. The OIDC extensions are part of the standard Enterprise Edition and are available free of charge to all customers following an upgrade to v3.30. If you have any questions, the White Rabbit Security team is happy to help! |
