Problem Statement
I need to implement SSO for the ADP HR and Payroll platform, which claims to support OIDC as documented here: https://developers.adp.com/articles/guides/authorization-process-end-user-apps.
ADP doesn’t have an auto-configuration Issuer URL (ending with ‘/.well-known/openid-configuration’), so the Auth0 UI can’t be used to create a generic OIDC connection. I tried to create a connection using the Auth0 Management API, however, I can’t do that because ADP also doesn’t supply a JWKS endpoint (ending with ‘/.well-known/jwks.json’). They also have a requirement that a signed certificate that they have provided is to be sent in every request to their “token” endpoint.
Is it possible to create an Auth0 connection that implements the protocol ADP described, including sending a certificate in the token request?
Solution
We suggest you create a Custom Social Connection which should be able to interface with the ADPs authentication server. ADP also requires Mutual TLS (mTLS) support when interacting with their ‘/token’ endpoint.
Currently, we do not support mTLS natively or in transport. You will need to set up a proxy solution to inject the necessary certificate when interacting with ADPs ‘/token’ endpoint.