What is OpenID Connect?
OpenID Connect (OIDC) is an open authentication standard based on the OAuth2 protocol. It enables secure and standardized user login via external identity providers such as Keycloak, Azure AD, or other OIDC-compatible systems.
With OIDC, X4 BPMS can switch to modern, interoperable authentication methods while resolving the tight coupling to Keycloak.
Why was OIDC integrated with X4 BPMS?
Starting with version X4 BPMS 7.5.0, the previous authentication architecture has been fundamentally revised. The goal was to simplify configuration, better support external identity providers, and better map future security requirements.
Key objectives of OIDC integration include:
-
Decoupling from the previously mandatory Keycloak server
-
Direct support of any OIDC-compliant identity provider
-
Unified, centralized configuration of authentication processes
-
Eliminate outdated mechanisms (e.g. Resource Owner Password Flow in X4 Web Apps)
What has changed?
With the introduction of OIDC authentication, the following fundamental changes are made compared to X4 BPMS version 7.4.x and earlier:
|
Change |
Description |
|---|---|
|
New configuration model |
The
|
|
The Resource Owner Password Flow authorization flow is not available anymore. |
This authorization flow has been completely removed because it is no longer considered secure. |
|
Flexible identity provider support |
X4 BPMS can now work with OIDC-compliant identity providers. Keycloak is still supported, but is no longer a prerequisite for using X4 BPMS. |
More information: