Configuring deployment without Identity server
It is possible to run the DMS server without identity server. The DMS core server and the notification server will in this deployment directly communicate with the identity provider. Especially in a deployment in a cloud environment like Azure or AWS this is useful. This deployment scenario is configured via the appsettings.json. In appsettings.json, replace the IdentitfyServer section with:
"OidcAuthentication": {
"Audience": "audience key from identity provider",
"Authority": "test-authority",
"AutoAuthorizeOnAuthentication": true,
"ClaimToUserName": "ReplacementSearchString;ReplacementWithString",
"ClaimType": "sub",
"ClientId": "test-client-id",
"PrincipalCaching": true,
"RedirectUri": "redirecturl",
"PostLogoutRedirectUri": "postlogout-redirecturl",
"RequireGroupSearch": true,
"RequireHttpsMetadata": "true",
"Scope": "openid profile email offline_access groups"
},
In the table below there is an overview of the setting keys, their default values, and a short explanation of the setting key.
| Setting key: (default) value | Explanation |
|---|---|
| Audience | Audience value for any received OIDC call. |
| Authority | Authority url to make OIDC calls. |
| AutoAuthorizeOnAuthentication | Enables or disables the authorization while auto-provisioning new external user. |
| ClaimToUserName | Customized transformation from claim to username. It should be in format of -....;.... Value mentioned between '-' and ';' will be removed from claim and claim will be appended to value after ';' |
| ClaimType | Claim type to request for user. |
| ClientId | Unique client id of the external OIDC provider. |
| PrincipalCaching | Caching credentials, can have big performance win when true. |
| RedirectUri | OIDC sign-in redirect URI. |
| PostLogoutRedirectUr | Redirect URI after the OIDC logout page. |
| RequireGroupSearch | Enables or disables to search external user in group principal. |
| RequireHttpsMetadata | If HTTPS is required for the metadata address or authority. |
| Scope | OIDC scope. These represent high-level operations performed against the API endpoints. Applications request these scopes from the authorization server. The server access policy decides which scopes to grant and which ones to deny. Space separated. |