vaadin-sso-kit-cidaas-demo | configure Cidaas and use it as a SSO provider

To run the demo, you have to configure Cidaas first. In this tutorial, we will do the following:.
create a Cidaas account and Cidaas IAM instance in it
create at least one user in this new IAM instance
create an OIDC client (an "App" in Cidaas terms) configuration so our application can use the IAM instance for login
Go to https://www.cidaas.com/ → Pricing → Choose "cidaas IAM" product → Choose Free Tier → Create an account
After registering, create a new company in Cidaas administration
After the company has been created, choose "Individual / Free" plan
That will bring you to the instance creation screen
Wait until the instance is created and then go to the Admin portal (e.g. https://xxxxxxx-prod.cidaas.eu/admin-ui - just replace xxxxxxxx with the name of your instance)
Go to Users → "Create user"
Here we will create a user, which we will use to test the demo application login. Fill in user details as you like, for example:
Go to Apps → App Settings → Click on the "Create New App" button
Here we will create an instance of an OIDC client to which our demo application will connect to. Fill in the details as you like. We've selected the "Single page" app type, but I believe other values would also work.
Click next, and on the following App settings screen, fill in the following fields: Scope → openid, profile, email, roles Redirect URLs: http://localhost:8080/login/oauth2/code/cidaas Allow logout URLs: http://localhost:8080
Click next, and on the last page of the app creation wizard, fill in any details about your company:
Go to Apps → App Settings and lookup your newly created app
Click on the edit button to open the details of the app
Copy app "Client id" and "Client Secret" and use them in application.properties in this project (see Vaadin application setup below)
Note that at the time of this tutorial creation, there was a problem in Cidaas app processing, where the signing key of your newly created app was not immediately added to https://xxxxxxx-prod.cidaas.eu/.well-known/jwks.json. This JSON is used as a source of known singing keys by the SSO Kit, and a missing key caused SSO Kit not to work. Therefore, it was necessary to wait some time (24 hours) before the key was added to this JSON. This problem was reported to Cidaas and is likely already fixed by now. You can verify that all is ok by checking that the app signing key ID is present in https://xxxxxxx-prod.cidaas.eu/.well-known/jwks.json. If it's not there, then you have to wait. The key id can be found in app settings under Advanced Settings -> Certificates:
Go to Advanced settings of the app
In the OAuth2/OIDC Settings, set the following values: Response Types: only "code" Grant Types: only "authorization_code" Backchannel logout URI: http://localhost:8080/logout/back-channel/cidaas Backchannel logout session: set to enabled
No other changes in the Advanced Settings of the app were necessary, and all other options were set to their default values
That's it. Your Cidaas provider is now ready
You must modify the application.properties and fill in the Cidaas-specific values to the oauth2 configuration for this application to work. You can find all Cidaas-specific values in the configuration of your Cidaas instance (https://xxxxxxx-prod.cidaas.eu/admin-ui ) → go App Settings → find app which you created in previous steps → click on edit button -> "Client id" and "Client Secret" can be found there. Please modify the following properties in application.properties:.