When the value of the LGNCON install parameter is set to ROPC, the web service authentication happens using the OpenID Connect Resource Owner Password Grant authentication flow. The following section details about the configuration required in EAM to support ROPC.
-
Complete the configuration as described in the Configuring HxGN EAM application with OpenID Connect details of AD FS section using the ADFS Confidential client.
-
Copy the value of the token_endpoint and set it as the value of the Token End Point field on the SSO Configuration screen of the EAM Application. The token_endpoint can be obtained from the OpenID Connect Discovery end point (See the points 2, 3 from the Configuring HxGN EAM application with OpenID Connect details section).
See the points 2-3 from the Configuring custom claims for the OpenID Connect client in AD FS section.
-
Set the value of the Scope field on the SSO Configuration screen of the EAM application to openid.
-
Set the value of the Client Password field on the SSO Configuration screen of the EAM application to the client secret generated in the Configuring OpenID Connect confidential client in AD FS section.
ROPC will only work if MFA is not enabled for the user and the ADFS client is created
as a confidential client.