How do I configure a remote identity provider?

Purpose

You can configure OpenId Connect and SAML identity provider instances in NSP to connect with IDPs in your network. After you have enabled and submitted an IDP configuration in NSP, a cross-launch link to the IDP appears on the NSP login page. If you configure multiple IDP instances, there will be a list of cross-launch links at login.

What are the identity provider parameters? describes the parameters you encounter for each IDP protocol.

Note: The following NSP Keycloak metadata URL can be used in SAML or OpenID Connect IPDs to allow NSP Keycloak as a client:

https://<NSP_IP_Address>/auth/realms/Nokia/broker/<IDP_name_or_alias>/endpoint/descriptor

Steps
 

Open Users and System Security.

Click png1.png More Actions, Settings.

In the Users and System Security Settings form, click Identity Provider.

In the Identity Provider form, click + Server.

In the Select Protocol form, type a name for the IDP in the Displayed Name field.

This name appears as a redirect link on the NSP Login page.

Specify the authentication protocol for the IDP in the Select Protocol menu.

Additional authentication parameters appear in the GUI, based on the protocol you selected.

Do one of the following:

  • For a SAML IDP, complete Step 8.

  • For an OpenID Connect IDP, complete Step 9.

Configure the SAML IDP parameters:

  1. Configure the connection parameters using the values specific to the remote SAML IDP.

  2. Click Test Connection to read the IP address/hostname from the configuration and verify the SAML IDP reachability with a ping test. This ensures that the IDP is online and accessible from your network.

  3. Turn on the Enable SAML Authentication option if you want NSP to connect to the SAML IDP immediately.

Configure the OpenID Connect IDP parameters:

  1. Configure the connection parameters using the values specific to the remote OpenID Connect IDP.

    If you configure multiple OpenID Connect IDPs, each one must have a unique IP address or hostname.

  2. Update the NSP TLS certificate for OpenID Connect remote authentication; see How do I update the NSP TLS certificate for remote authentication?.

  3. Click Test Connection to read the IP address/hostname from the configuration and verify the OpenID Connect IDP reachability with a ping test. This ensures that the IDP is online and accessible from your network.

  4. Turn on the Enable OpenID Connect Authentication parameter if you want NSP to connect to the OpenID Connect identity provider immediately.

10 

Click Submit to save the identity provider configuration.

End of steps