How is the implicit flow secured in SQLMonitor when using OIDC SSO?
Andres_SEOPS
Posts: 1 New member
We want to enable SSO for SQL Monitor and according to the documentation the only authentication protocol supported is OpenID Connect (OIDC). However, the only OIDC grant type that is supported is Implicit flow. Can anyone tell us how the access/ID token are secured with implicit flow in SQL Monitor?
Thanks in advance!
Andres
Thanks in advance!
Andres
Tagged:
Answers
Thank you for reaching out.
SQL Monitor does currently use the OIDC Implicit Flow for authentication, but not for resource grants. Tokens provided by the identity provider are checked to ensure the signature is valid, has the expected issuer, audience, and signing key (determined by the SQL Monitor Web Server retrieving the identity provider's well-known metadata), and has replay protection using one-time nonces. The identity provider should be configured to only redirect back to the SQL Monitor installation's URLs, and these should be configured to use HTTPS with a trusted certificate.