To configure your external identity provider, you require the redirect and logout endpoints. All clients must be able to reach these URIs using single sign-on.
If you configure role failover for the Directory, Mobile Server, Web Client Server, or Web App Server roles, each additional server needs separate redirect and logout URIs.
The following table lists the compatible clients for different URIs:
URIs | Compatible clients | Default web address |
---|---|---|
/genetec | SDK, Config Tool, and Security Desk | - |
<Mobile>OpenId | Genetec™ Mobile |
Mobile
|
<WebApp>OpenId | Genetec™ Web App |
WebApp
|
<SecurityCenter>OpenId | Security Center Web Client |
SecurityCenter
|
NOTE: Any modification to the Mobile, SecurityCenter, or WebApp
addresses creates corresponding changes to the URIs.
OpenID Connect and SAML 2.0 use the same URIs. When you create an Authentication Service
role using the OpenID Connect or SAML 2.0 protocols, the system automatically generates the
redirect and logout URIs.
NOTE: The system generates the URIs based on the
availability and configuration of the server roles. The URIs refresh when you add, edit,
or delete any server roles.
During the role creation process, you can add, edit, and delete endpoints from the
App registration page of the Creating a role:
Authentication Service configuration wizard. After creating the role, you can
modify the endpoints directly from the Network endpoint page of the
Authentication Service role.
You might need to modify the endpoint URIs in the following scenarios:
- Servers are added or removed after setting up the identity provider.
- You need to access Security Center systems that are not accessible from the internet. This is common for mobile and web clients.
In the Network endpoint page of the Authentication Service role, the
User-defined column indicates whether or not the URI has been
modified. To reset the user-defined URIs to default, click Reset
configuration.