To configure Single sign-on via OIDC in the Lifecycle Twin mobile application, you must first configure the parameters in the web.config file present at the installation location in Lifecycle Twin at IIS > Services > API and at the OIDC provider level that supports Single sign-on.

The configuration parameters present in this section are an example for configuring the auth0 Single sign-on. The parameters could vary across different Single sign-on (SSO) providers.

Settings in the configuration file

Do the following to configure the parameters in the web.config file.

  1. Navigate to the IIS folder > Services > API at the Lifecycle Twin installation location and locate and open the web.config file.
  1. In the web.config file, specify the values to the following parameters for OIDC configuration.
  • OpenID.Issuer
  • OpenID.ClientId
  • OpenID.Audience
  • OpenID.Connection

Information related to OpenID.Issuer, OpenID.ClientId, OpenID.Audience, OpenID.Connection can be found on the Open ID provider configuration.

  • OpenID.Label - Display text on the login page of the application.
  1. Save the settings.

OpenID Connect Settings at the OpenID Connect provider level

In order to work with Lifecycle Twin with your configured SSO, the OIDC providers must perform the following configuration settings at their end.

  1. Navigate to the location on your machine to configure the OIDC configuration settings.
  1. Specify the values to the following configuration parameters:
  • Allowed Callback URLs - URL to which the authorization server forwards the user once it is authenticated. The allowed callback URLs must be registered on the OpenID Connect application. For Lifecycle Twin the following callback URLs must be registered:
    https://<lct-domain>/
    com.siemens.ecodomus://<oidc-issuer>/ios/com.siemens.ecodomus/callback
    https://<oidc-issuer>/bimconnector
  • Allowed Logout URL - URL to redirect the user when logging out of the application. For Lifecycle Twin the following logout URL must be registered:
    https://<lct-domain>/logout
  1. Save the settings.
  • After the parameters are configured in the web.config file and at the configuration settings of the OIDC provider, you can login to Lifecycle Twin.

 

The OIDC application must be configured to provide the refresh_token in the /token endpoint response.

The configuration procedure for Single sign-on via OIDC might vary across different OIDC providers.

To allow to login with OIDC on the Lifecycle Twin mobile application, you need to register the proper callback URL on the OIDC application.

The standard format for the Lifecycle Twin mobile application callback URL is as follows:
YOUR_BUNDLE_IDENTIFIER://YOUR_AUTH0_DOMAIN/ios/YOUR_BUNDLE_IDENTIFIER/callback, where
YOUR_BUNDLE_IDENTIFIER - Bundle Identifier of your application ( com.siemens.ecodomus)

An example,

Domain name of the OIDC application (for example, auth0) - lt.auth0.com
Callback URL - com.siemens.ecodomus://[YOUR OIDC ISSUER]/ios/com.siemens.ecodomus/callback