How to enable custom identity provider support

The Anbox Cloud Appliance has support for custom identity providers for authentication through the use of OpenID Connect.

Support for a custom identity provider has to be enabled at initialization by using a preseed configuration. See Anbox Cloud Appliance preseed configuration format for more details.

Anbox Cloud uses the authorization code flow to obtain an identity token. No access token is requested in this flow because authorization is handled within the Anbox Cloud services.

In order to allow discovery of the necessary endpoints on the identity provider, it must support the OpenID Connect Discovery protocol.

This section shows you how to configure an OpenID Connect based identity provider for the appliance.

Preparation

In order to configure OpenID Connect based authentication, you will need the following from your identity provider:

• The issuer URL

• The client ID

To set up your identity provider and retrieve the required values, follow the guide below based on the identity provider you are using:

• How to configure Auth0

• How to configure Keycloak

• How to configure Ory Hydra