Open ID Connect Authentication

The operation flow for configuring the OpenID Connect server is the same as process outlined in Setup an LDAP Authentication Profile. In Step 3, select [OpenID Connect] from the [Type] menu, and enter the information of the OpenID Connect server. OpenID Connect authentication is available only when using the Smart Operati on Panel. Refer to Setup OpenID Connect (OIDC) Authentication Profile for field level information.

Once an OpenID Connect authentication profile is created, it cannot be changed to another type. To enable LDAP or Kerberos authentication, select it in the "Type" field in the [General] tab.

The OpenID Connect authentication profile cannot be deleted when it is used in one or more RICOH Streamline NX PC Client Location Profiles.

When creating an OpenID Connect authentication profile, you can click check (Check Connection) to determine whether a token can be obtained from the token endpoint with the specified client ID and client secrets.

OIDC Provider Redirect URI Paths

The following path must be set in the Redirect URI on the OIDC Provider so that the OIDC users can log in to the Management Console and User Console:

https://[CoreServerAddress]:[Port]/login (for Management Console and Driver Distribution)

https://[CoreServerAddress]:[Port]/userConsoleLogin (for User Console)

If there are multiple Core servers behind a load balancer, the https://[CoreServerAddress] in the RedirectURL of the OIDC app must be the load balancer address, not individual Core server addresses. In addition, you must configure the GC key ‘clientURL’ with the same value https://[CoreServerAddress] from SLNX Advanced System Settings. Refer to Core Servers Behind A Load Balancer for instructions.

The following path must also be set in the Redirect URI on the OIDC Provider so that the OIDC users can log in to the MFP:

http://localhost/authorization_code/oidc/callback

When using OpenID Connect profiles, you can obtain user information such as user certificates from an external LDAP server by using [Get User Information From External LDAP]. Also see Resolving Usernames for OIDC Profiles for troubleshooting information.