This documentation supports the 24.3 and consecutive patch versions of BMC Helix Single Sign-On.To view an earlier version, select the version from the Product version menu.

Generating JSON Web Keys for the OAuth flow

To use an OpenID Connect protocol for the OAuth client, you must generate JSON Web Keys (JWK) and specify the OpenID Connect Issuer URL corresponding to the current FQDN of the tenant, so that the BMC Helix SSO server can sign the id_token, and the OpenID client can check the id_token signature.

 To support multiple domain applications when BMC Helix SSO server is used as an OAuth server, and the  BMC Helix SSO agent is used as an OAuth client, you need to generate JSON Web Key (JWK). 

  1. Log in to the BMC Helix SSO Admin Console. 
  2. Click OAuth2, and then select OpenID.

  3. Click Generate

    Important

    You can generate a maximum of 10 JWKs.

The generated JWK is used by the BMC Helix SSO server to authenticate applications hosted on different domains.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*