PingAM

AM as a Temenos identity provider

This use case shows how Temenos can use AM as an OpenID Provider (OP) to authenticate end users. Specifically, you set up AM as an OAuth 2.0 identity service in Temenos Quantum Fabric.

AM supports OAuth 2.0 and OpenID Connect (OIDC) natively, making it a good choice for integrating with Temenos and other standards-based applications.

Goals

After completing this use case, you’ll know how to do the following:

  • Configure AM as an OIDC identity provider

  • Configure Temenos to use AM as an OIDC identity provider

What you’ll do

  • Create an OIDC application for Temenos.

  • Configure a Temenos identity service to connect as the application to AM.

Before you begin

Before you start, make sure you have:

  • A basic understanding of:

    • The AM admin UI

    • OAuth 2.0

    • OIDC

  • Set up AM for evaluation, including creating a test user

  • Access to your AM as an administrator

  • Access to a Temenos development environment as an administrator

Tasks

This use case requires the use of third-party services. Use your environment-specific details where necessary.

Task 1: Configure AM as an OpenID Provider

  1. Sign on to the AM admin UI as an administrator.

  2. Go to the appropriate realm.

  3. Go to Applications > OAuth 2.0 > Clients and click + Add Client.

  4. On the New OAuth 2.0 Client page, add a client with the following configuration and click Create:

    Field Value

    Client ID

    temenos_oidc

    Client secret

    Enter a password for the client. Remember the password because you need it to configure Temenos.

    Redirection URIs

    https://<accountID>.auth.konycloud.com/OAuth2/Callback

    Here <accountID> is the Temenos account ID.

    Scopes

    openid, profile, email, phone

    The Temenos OIDC client page opens.

Task 2: Add AM as an OAuth 2.0 identity service in Temenos

These instructions include steps for a third-party product. We’ve verified them to the best of our ability, but third-party functionality and interfaces may change. Read the official Temenos documentation if you notice any differences.

  1. Sign on to the Temenos development environment as an administrator.

  2. Go to the Quantum Fabric identity service designer page, create a new identity service with the following configuration, and click Save:

    Field Value

    Name

    AM

    Type of Identity

    OAuth 2.0

    Provider Details > Grant Type

    Authorization Code

    Provider Details > Authorize endpoint

    https://am.example.com:8443/am/oauth2/realms/root/realms/realm/authorize

    Provider Details > Token endpoint

    https://am.example.com:8443/am/oauth2/realms/root/realms/realm/access_token

    Provider Details > Scope

    openid, profile, email, phone

    Client Details > Client Assertion Type

    Basic authentication

    Client Details > Client ID

    temenos_oidc

    Client Details > Client Secret

    The password for the temenos_oidc client you created in the previous task.

    User Profile Endpoint Details > Profile Endpoint Type

    Profile in response of URL

    User Profile Endpoint Details > URL

    https://am.example.com:8443/am/oauth2/realms/root/realms/realm/userinfo

    User Attribute Selectors > Federation ID

    _id

  3. Use the Test Login feature to test the identity service.

    Sign on as the AM test user you created when setting up AM for evaluation.

  4. When the service works as expected, publish the Fabric application.

Reference material

Find background information for the procedures in this use case in the following documentation: