Configure OIDC Client on the Industrial Edge Device - Manual - Industrial Edge Platform - Industrial Edge - Industrial Edge - Documentation of the Industrial Edge Platform - IEM - Hub - Industrial - Device - IED - Edge

Configure OIDC Client on the Industrial Edge Device - Manual - Industrial Edge Platform - Industrial Edge - Industrial Edge - Documentation of the Industrial Edge Platform - IEM - Hub - Industrial - Device - IED - Edge - IEH

Industrial Edge Platform Operation - APIs & References

Portfolio

Industrial Edge

Product

Industrial Edge Platform

Edition

02/2025

Language

en-US (original)

Log into the Edge Device as admin:

curl -X POST \
  'https://<ip of device>/device/edge/api/v1/login/direct' \
  --header 'Accept: */*' \
  --header 'Content-Type: application/json' \
  --data-raw '{
    "username" : "iem.user@demo.com",
    "password" : "P@ssw0rd"
}'

Use your IP address, username and password to log into the Edge Device. You will receive an access code which you use for the next step.

Create the OIDC configuration as follows:

curl -X POST \
  'https://<ip of device>/device/edge/auth/api/v1/oidc-providers' \
  --header 'Accept: */*' \
  --header 'Authorization: {{access_token}}' \
  --header 'Content-Type: application/json' \
  --data-raw '{
    "OidcName":         "First IDP",
    "OidcClientId":     "oidc124",
 "OidcClientSecret": "SFHIVT9WhEEKTVgnJwYYClrKFUW6ZtHq",
 "OidcIssuer":       "https://<ip of keycloak>/auth/realms/customer",
 "OidcRedirectHost": "https://<ip of ied>"
}'

Use your own parameters.

As response, you get the Universally Unique Identifier (UUID) of the OIDC configuration which you need for the callback information, if wildcard is not allowed in your identity provider.

NOTICE

By default a time offset of 5 seconds between the issuer and the Device is accepted. To change it manually, follow the instructions in this chapter.