Below are the steps  to configure Azure OpenID Connect for DataPower:

NOTE: Use Client ID and Client secret details generated from the registered Application in Azure AD.

5. On Client secret Main page, create Password map alias.

6. Click on ‘Apply’ button.

In client secret password field use azure client-secret value to create password map alias.

7. On Authentication details page, Click on ‘+’ to add the ‘TLS Client profile’ details.

8. Enter the name for TLS client profile.
Add TLS client profile

9. Scroll down and click on ‘+’ to add ‘Validation Credentials’.
Add Validation credentials

10. On the Validation credentials page, enter the valid name.

11. Add/Upload the Certificates by clicking on ‘+’ icon.

Note: This screenshot is an example of exporting the signing certificate from the well-known endpoints for your Azure application.

Example :

To See the OpenID Configuration document for an application’s common authority , navigate to

https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

Export Certificate from the signing provider

12. Upload and add the saved certificate in the certificate field.

Export the certificate  which used for sign the cert provider and upload

13. Once the certificate is added, Click on Apply button.

14. Select the password alias which was created before in ‘password alias ’ dropdown.

Provide name of certificate  and Select the uploaded certificate, Do apply.

15. Navigate to ‘credential mapping’ page And select ‘XML file’ (to add access profiles).

16. Click on ’+’ icon on ‘XML file URL’ Field.

17. Click on ‘Next’ button without filling any input filed till you navigate to ‘Access profile mappings'. 

18. click on Add button to add credential mapping.

19. Enter ‘Credential Name’ and click on ‘Build’ to build the Access profile.

20. Make sure , Credential name should match with the ‘Sub’ value.
The 'sub' claim ("user-object-id") is a unique identifier for the user. It is issued as part of the tokens by Azure AD.

This ensures your application is correctly registered and configured in Azure AD.

Credential Name is a regular expression that matches the credential name.

21. For this example, select the Resource type and

22. Enable all the Privileges as mentioned in the screenshot and click on Apply .

 This will give access to all resources.  You can adjust the resources and access

 rights to fit your needs.

22. Click on Add the Access policies created in the below list and click on submit.

Access profile listed once its build and click on submit

23. Once submitted, access profile will get listed as shown in screenshot, and Click on ‘Next’ Button to create XML file.

24. In ‘Select a file filed’ provide the name of XML with your choice with .XML extension and click on ‘Next’ button to create.

Generate xml file to use for credential mapping ,Currently OIDC support only xml.

25. Click on commit to create the .xml file. Once the .xml file gets created, page returns back to the ‘credential-mapping page’ where it shows the .xml file.

26. To verify the successful creation of the xml file, Search and navigate to the ‘File management’ in the DataPower.

27. Under ‘File Management’, view the highlighted file under local path.

28. Make sure the Highlighted part in created .xml is valid because it’s very important to provide you the correct access to the OIDC login .

Go Back to RBM setting Authentication tab ,select  'Local accounts for fallback' field as 'All users' and click on 'Save' to apply the all changes.

Once all changes saved/applied , Enable/disable the web management using cli or from DataPower UI and open DataPower UI into another browser to see OIDC login button into login screen like above screenshot.

To Debug  DataPower OIDC feature, It must enable logging to check the log like below screenshot.

Search for the Debug > Troubleshooting and enable both the highlighted radio button’s  as show in screenshot and click on submit.

screenshot below set of messages is an example of how to find out the credential name you need to have in your RBM xml file.