Configure OIDC Client on the Industrial Edge Device - Manual - Industrial Edge - Industrial Edge - Industrial Edge - Documentation of Industrial Edge APIs - CLI tools - Industrial Edge - References

Configure OIDC Client on the Industrial Edge Device - Manual - Industrial Edge - Industrial Edge - Industrial Edge - Documentation of Industrial Edge APIs - CLI tools - Industrial Edge - References - APIs

Industrial Edge Platform Operation - APIs & References

Product

Industrial Edge

Edition

12/2024

Language

en-US (original)

Log into the Edge Device as admin:

curl -X POST \
  'https://<ip of device>/device/edge/api/v1/login/direct' \
  --header 'Accept: */*' \
  --header 'Content-Type: application/json' \
  --data-raw '{
    "username" : "iem.user@demo.com",
    "password" : "P@ssw0rd"
}'

Use your IP address, username and password to log into the Edge Device. You will receive an access code which you use for the next step.

Create the OIDC configuration as follows:

curl -X POST \
  'https://<ip of device>/device/edge/auth/api/v1/oidc-providers' \
  --header 'Accept: */*' \
  --header 'Authorization: {{access_token}}' \
  --header 'Content-Type: application/json' \
  --data-raw '{
    "OidcName":         "First IDP",
    "OidcClientId":     "oidc124",
 "OidcClientSecret": "SFHIVT9WhEEKTVgnJwYYClrKFUW6ZtHq",
 "OidcIssuer":       "https://<ip of keycloak>/auth/realms/customer",
 "OidcRedirectHost": "https://<ip of ied>"
}'

Use your own parameters.

As response, you get the Universally Unique Identifier (UUID) of the OIDC configuration which you need for the callback information, if wildcard is not allowed in your identity provider.

NOTICE

By default a time offset of 5 seconds between the issuer and the Device is accepted. To change it manually, follow the instructions in this chapter.