2.12.3 IDaaS linkage configuration file (jdn_idaas_auth.conf)
To use IDaaS linkage, you must create the IDaaS linkage configuration file (jdn_idaas_auth.conf).
The following describes how to create the IDaaS linkage configuration file.
Location of the IDaaS linkage configuration file
JP1/IT Desktop Management 2 - Manager-installation-folder\mgr\conf
File description format of the IDaaS linkage configuration file
The following tables describe the file specification of the IDaaS linkage configuration file.
|
Items |
Description |
|---|---|
|
File format |
|
|
Character code |
UTF-8 (without BOM) |
The following tables describe the format of the IDaaS linkage configuration file.
|
Category |
Key |
Description |
Required/Optional |
Necessity of obfuscation#1 |
Remarks |
|---|---|---|---|---|---|
|
URL information |
authorization_endpoint |
Specify the authorization endpoint URL. |
Y |
N |
#2 |
|
token_endpoint |
Specify the token endpoint URL. |
Y |
N |
#2 |
|
|
Request parameters for authorization code flow (for operation window) |
param.auth_code.client_id |
Specify the client ID of the IdP. |
Y |
N |
|
|
param.auth_code.client_secret |
Specify the client secret. |
Y |
Y |
#3 |
|
|
param.auth_code.redirect_uri |
Specify Login window URL for IDaaS linkage as a redirection URI. Specify value that change jp1itdm.jsp to idaas.jsp in operation window login URL of the JP1/IT Desktop Management 2. |
Y |
N |
#4 |
|
|
param.auth_code.response_type |
Specify the response Type. |
N |
N |
#5 |
|
|
param.auth_code.scope |
Specify the scope. For multiple specify, specify a space-delimited list. |
N |
N |
#6 |
|
|
Request parameters for the resource owner password credentials flow (for the Remote Install Manager, the Packager, and the Network Access Control Commands) |
param.ropc.client_id |
Specify the client ID.
|
Y |
N |
|
|
param.ropc.client_secret |
Specify the client secret. |
Y |
Y |
#7 |
|
|
param.ropc.scope |
Specify the scope. For multiple specify, specify a space-delimited list. |
N |
N |
#6 |
|
|
Proxy information |
use_proxy |
Specify whether to use a proxy server. 0: Do not use proxy server 1: Use proxy server |
N |
N |
The default is assumed to be 0. |
|
proxy_server |
Specify the proxy server name. |
#8 |
N |
||
|
proxy_port |
Specify the port number of the proxy server. |
#8 |
N |
||
|
proxy_user |
Specify the user name of the proxy server. |
N |
N |
||
|
proxy_password |
Specify the password of the proxy server. |
N |
Y |
#9 |
Legend: Y: Required or obfuscated, N: Optional or not obfuscated
#1: The value of the key that requires obfuscation specifies the one generated by the string obfuscation command. For details about the string obfuscation command, see the description of the itdm2encodetext.exe (string obfuscation) in the manual JP1/IT Desktop Management 2 Administration Guide.
#2: Authorized endpoint URL and token endpoint URL can be found in Keycloak documentation for Keycloak, and in Settings module for Microsoft Entra ID. The following table shows an example.
|
IdP |
Key |
Sample Configuration Value |
|---|---|---|
|
Keycloak |
authorization_endpoint |
URL-of-authentication-server/realms/realm-name/protocol/openid-connect/auth |
|
token_endpoint |
URL-of-authentication-server/realms/realm-name/protocol/openid-connect/token |
|
|
Microsoft Entra ID |
authorization_endpoint |
URL-of-authentication-server/tenant-name/oauth2/v2.0/authorize |
|
token_endpoint |
URL-of-authentication-server/tenant-name/oauth2/v2.0/token |
#3: Specify the client secret for the client ID which is specified in the key param.auth_code.client_id.
#4: Specification example: http://host-name-of-management-server:31080/jp1itdm/idaas.jsp
Specifies the same URL as the redirection URI specified in the settings page of the IdP. It is case-sensitive.
#5: It should be omitted in general. When you specify this key, you must specify the value code.
#6: It should be omitted in general. When you specify this key, you must specify the value openid∆profile (∆: half-width space).
#7: Specify the client secret for the client ID which is specified in the key param.ropc.client_id.
#8: This key is required when you specify the value 1 in the key use_proxy.
#9: When the key proxy_user is not specified, the value of this key is not used.
Example of the IDaaS linkage configuration file
The following shows an example of the IDaaS linkage configuration file.
#IDaaS linkage configuration File # Configuration for Keycloak authorization_endpoint=https://idpserver:8443/realms/ itdm2-realm/protocol/openid-connect/auth token_endpoint=https://idpserver:8443/realms/ itdm2-realm/protocol/openid-connect/token # Configuration for Microsoft Entra ID #authorization_endpoint=https://login.microsoftonline.com/itdm2-tenant/oauth2/v2.0/authorize #token_endpoint=https://login.microsoftonline.com/itdm2-tenant/oauth2/v2.0/token # Request parameters (for authorization code flow) param.auth_code.client_id= itdm2-client param.auth_code.client_secret=TSgxJ0d3Jlc4NmBFKzNBQXUmK0p3Q0EvOFk2WDpYKDd8ejJNRmlmTFFqRmYpen0hZ0tbLiNZWVB0TEVSPW9rWHNtTDZlMXhIMyxrY2pdTnhLZFVwbiR0fVgzM0dIXnB7XkFWYW5SUHJITTg4SGRYSj4raFJ9NkR4e3lieiw+JSc7Oz9rWF5iYV8lS2ZFdk0uKkw+XEBzYz4iJ2laN3BDWyVkOy59NzVqclpmNEdZJzhmNXF3NUVBRHwyLzxQajlw param.auth_code.redirect_uri= http://itdm2server:31080/jp1itdm/idaas.jsp param.auth_code.response_type=code param.auth_code.scope=openid profile # Request parameters (for resource owner password credential flows) param.ropc.client_id=itdm2-client param.ropc.client_secret=TSgxJ0d3Jlc4NmBFKzNBQXUmK0p3Q0EvOFk2WDpYKDd8ejJNRmlmTFFqRmYpen0hZ0tbLiNZWVB0TEVSPW9rWHNtTDZlMXhIMyxrY2pdTnhLZFVwbiR0fVgzM0dIXnB7XkFWYW5SUHJITTg4SGRYSj4raFJ9NkR4e3lieiw+JSc7Oz9rWF5iYV8lS2ZFdk0uKkw+XEBzYz4iJ2laN3BDWyVkOy59NzVqclpmNEdZJzhmNXF3NUVBRHwyLzxQajlw param.ropc.scope=openid profile # Proxy Settings use_proxy=1 proxy_server=proxy.proxyserver.com proxy_port=80 proxy_user=user1 proxy_password=U1x2RTF6LHI5c2RuZ3Ajc2sjcjRvPVl4PHkiIylwNGFcc080UGhzKFBWOmF8Q3YrfjlTSU8xSDBEMU9LSVtgbzBFc29kaS9PUHg9Ni0kIVA2JG9NfFw2QiZfbmhBdVBm