Ezeelogin - A secure SSH Jump Server solution

OpenID Connect

Configure OpenID Connect authentication for the web interface.Once this is configured, set the WebPanel Authentication to OpenID Connect and  users in your  OpenID Account  can login

Client ID The client identifier issued  by the OpenID Provider on client registration.

Client Secret The client secret issued by the OpenID Provider on client registration

Provider URL The OpenID Provider URL

Email Attribute Name of the OpenID Connect user info for email attribute. This attribute value is used for username when auto-create is enabled in Ezeelogin.

Username Attribute Name of the OpenID Connect user info for username attribute. This attribute value is used for username when auto-create is enabled in Ezeelogin

Group Attribute Name of the OpenID Connect user info attribute for usergroup. A usergroup with the same name should be added in Ezeelogin for automatic group assignment. If there are multiple matching groups, then the group with the highest priority would be assigned.

Firstname Attribute Name of the OpenID Connect user info attribute for the user firstname. This attribute is used for  Firstname when auto-creating the user in Ezeelogin.

Lastname Attribute Name Name of the OpenID Connect user info attribute for the Lastname. This attribute value is used for  Lastname whenusername when auto-creating the user in Ezeelogin.

HTTP Proxy URL The HTTP Proxy URL to be used when connecting to the proxy url.

Path To CA Bundle Use the specified certificate directory to verify the peer.

Issuer The entity that issues a set of claims.

Client Assertion  Some authentication flows require sending a signed JWT assertion instead of a client secret.

Client Assertion Type Specifies the format of the client assertion, commonly used in OAuth 2.0.

Code Challenge Method  Used in PKCE (Proof Key for Code Exchange) for extra security.

JWKS URI The URL where the identity provider publishes its public keys for verifying JWT tokens.

Authorization Endpoint The URL where users are redirected to log in.

End Session Endpoint The URL used to obtain access tokens from the IdP.

Revocation Endpoint If the IdP supports token revocation, this is the URL to revoke access tokens.

Token Endpoint The URL used to obtain access tokens from the IdP.

User info Endpoint The URL to retrieve user details (email, username, etc.) after authentication.

JWT Secret If enabled, the system may use a secret key for signing JWT token.

Additional Scopes Defines extra permissions when requesting authentication.

Verify Host If enabled, the system verifies the hostname of the authentication server to ensure it matches the certificate.

Verify Peer If enabled, the system verifies the SSL certificate of the authentication server.

Upgrade Insecure If enabled, it forces insecure HTTP requests to upgrade to HTTPS.

Allow Internal Authentication If enabled, it allows users to log in via Ezeelogin’s internal authentication system if the external provider fails.