Configuring the SystemLink Username for OpenID Connect Users

Assign a more readable username to OpenID Connect users.

Before you begin, follow the steps in Viewing Claims for OpenID Connect Users to obtain user claims.
SystemLink creates a unique username for each user using OpenID Connect claims. SystemLink uses the sub and iss claims by default to ensure that the value is unique across all providers. However those claims often contain internal IDs or URLs from the provider.
Notice To avoid creating duplicate users and losing per-user settings, configure the username before users begin using the server.
  1. Log into the server running SystemLink, navigate to C:\Program Files\National Instruments\Shared\Web Server\conf\defines.d\, and open 50_mod_auth_openidc-defines.conf in a text editor.
  2. Change the configuration UnDefine AUTH_OIDC_USER_CLAIM to Define AUTH_OIDC_USER_CLAIM and append the name of the claim you want SystemLink to use as the username. Your file should look similar to the following example.
    Note The username must be unique across all enabled providers including OpenID Connect, LDAP, Windows, and Web Server.
    #
# Defined OpenID-Connect configuration for the Windows Apache installation.
#

# The name of the JSON map containing metadata about each identity provider.
Define AUTH_OIDC_ATTRIBUTES_KEY ni-attributes

# CA bundle to use when making requests to an identity provider.
Define AUTH_OIDC_BUNDLE ../nicurl/ca-bundle.crt

# Override the OIDCCacheShmEntrySizeMax to mitigate claim size issues
Define AUTH_OIDC_CACHE_ENTRY_SIZE 66065

# Path to OIDC provider configuration.
Define AUTH_OIDC_PROVIDER_DIR ${HTCONF_PATH}/openidc

# The location to redirect when performing an OpenID-Connect login.
Define AUTH_OIDC_REDIRECT_URI /login/openidc-redirect

#
# User-editable variables.
#

# Whether OIDC is enabled.
Define AUTH_OIDC_ENABLED

# The claim that will be used as the SystemLink user name.
# If not defined, a combination of the sub and iss claims will be used.
Define AUTH_OIDC_USER_CLAIM email

# When enabled, /login/openidc-redirect?info=json and
# /login/openidc-redirect?info=html will return the claims for the currently
# logged in user.
UnDefine AUTH_OIDC_ENABLE_CLAIM_INFO
  3. Save the file and restart NI Web Server.