Setting up OpenID Connect in MuleSoft Anypoint

Setting up OpenID Connect in MuleSoft Anypoint

tutorials

MuleSoft Anypoint is a platform for complete API lifecycle management. The platform supports OpenID Connect as part of its identity management. This tutorial shows how to setup Anypoint Platform to enable authentication through OpenID Connect using the Curity Identity Server.

Setting up OpenID Connect in MuleSoft Anypoint

After logging in to the Anypoint Platform with an administrator account, click Access Management and then External Identity.

Mulesoft1

  • Enable Identity Management and select OpenID Connect. Then click Edit to set it up.
  • Click Use manual registration and copy the redirect URI.
  • Now setup a client in the Curity Identity Server.

Curity Setup

MuleSoft Anypoint Platform needs a client. It should be configured like this:

  • Authentication method: secret. Store the secret.
  • Capabilities: Code Flow
  • Following scopes: openid, profile and email
  • Choose suitable authentication methods.
  • Add redirect URI copied from Anypoint Platform.

More information in Code Flow tutorial.

Continue MuleSoft Anypoint Setup

Enter the client ID and client secret from the client configuration in the Curity Identity Server.

Mulesoft2

Then you need to enter some of the endpoints configured in the Curity Identity Server.

SettingCurity endpoint typeSample (Base URL + endpoint)
OpenID Connect Issueroauth-anonymoushttps://example.com/oauth/anonymous
Authorize URLoauth-authorizehttps://example.com/oauth/authorize
Token URLoauth-tokenhttps://example.com/oauth/token
User Info URLoauth-userinfohttps://example.com/oauth/userinfo

Use external identities

You can now start using the external identities by letting the users access Anypoint Platform via the SSO URL, for example https://anypoint.mulesoft.com/accounts/login/{yourOrgDomain}

As an administrator, you can later assign users to roles to set up the permission you want.

Let’s Stay in Touch!

Get the latest on identity management, API Security and authentication straight to your inbox.

Was this page helpful?