Before going into some time off, and probably not touching any Jamf Connect related stuff for 2 weeks, let’s have a look at another iDP: IBM Cloud Identity.
This is going to be a shorter post compared to other Jamf Connect related blogs, as I managed to get everything working nicely. I had a small ROPG roadblock but was able to fix it. See below.
NOTE: I'll try to you some time here mentioning the fact that when you go through the setup of the OIDC app in IBMCI, you need to configure it as "Public Client (no client secret)". Saving the app following the instruction above by default creates it WITH a secret, and while I was able to deploy Jamf Connect, it actually broke ROPG. Setting the "OIDCNewPassword" key to false to validate the password gave me "incorrect password" when trying to create the user account.
The logs gave me: "ROPG Error: CSIAQ0160E A confidential client attempted to access the token endpoint without authenticating."
Changing the app setup in IBM to Public fixed it.
NOTE: I also had an issue with trying to deploy Jamf Connect Login with IBMCI on a virtual machine. While it works fine with other iDP's, I ran into issues loading the webview of the IBM login screen on a VM. Logs gave me: Logs: SecurityAgent: (JamfConnectLogin) [com.jamf.connect.login:UI] OIDC webview load failed.Continue reading “Jamf Connect Login and IBM Cloud Identity”
This flashes the login screen briefly but then shows the "unable to contact the Identity Provider screen".
However, I assume this is only a VM hickup, as it all works fine on a physical machine.