OIDC Social Login (oidcLogin)

The configuration of a social login that uses OIDC.

NameTypeDefaultDescription

authFilterRef

A reference to top level authFilter element (string).

Specifies the authentication filter reference.

authorizationEndpoint

string

Specifies an Authorization end point URL.

clientId

string

The application or client ID.

clientSecret

Reversably encoded password (string)

The secret of the application or client.

clockSkew

int

300000

The maximum time difference in milliseconds between when a key is issued and when it can be used.

discoveryEndpoint

string

Specifies a discovery endpoint URL for an OpenID Connect provider.

discoveryPollingRate

A period of time with millisecond precision

300s

Rate in milliseconds at which the OpenID Connect client checks for updates to the discovery file. The check is done only if an authentication failure exists. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

displayName

string

oidcLogin

The name of the social login configuration for display.

groupNameAttribute

string

The value of the claim is used as the user group membership.

hostNameVerificationEnabled

boolean

true

Specifies whether to enable host name verification when the client contacts the provider.

id

string

The unique ID.

isClientSideRedirectSupported

boolean

true

Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript.

issuer

string

The url of the issuer.

jwkClientId

string

Specifies the client identifier to include in the basic authentication scheme of the JWK request.

jwkClientSecret

Reversably encoded password (string)

Specifies the client password to include in the basic authentication scheme of the JWK request.

jwksUri

string

Specifies a JSON Web Key service URL.

mapToUserRegistry

boolean

false

Specifies whether to map userIdentifier to registry user.

realmNameAttribute

string

iss

The value of the claim is used as the subject realm.

redirectToRPHostAndPort

string

Specifies a callback host and port number.

scope

string

openid profile email

Specifies required scope.

signatureAlgorithm

string

RS256

The algorithm that is used to sign a token or key.

sslRef

A reference to top level ssl element (string).

Specifies an ID of the SSL configuration that is used to connect to the social media.

tokenEndpoint

string

Specifies a token end point URL.

tokenEndpointAuthMethod

  • client_secret_basic

  • client_secret_post

client_secret_post

Specifies required authentication method.

trustAliasName

string

Specifies a trusted key alias for using the public key to verify the signature of the token.

useSystemPropertiesForHttpClientConnections

boolean

false

Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties.

userInfoEndpoint

string

Specifies a UserInfo end point URL.

userInfoEndpointEnabled

boolean

false

Specifies whether the User Info endpoint is contacted.

userNameAttribute

string

sub

The value of the claim is authenticated user principal.

userUniqueIdAttribute

string

The value of the claim is used as the subject uniqueId.

website

tokenType

The website address.

authFilter

Specifies the authentication filter reference.

authFilter > host

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string

Specifies the name.

authFilter > remoteAddress

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

ip

string

Specifies the IP address.

matchType

  • contains

  • equals

  • greaterThan

  • lessThan

  • notContain

contains

Specifies the match type.

authFilter > requestUrl

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

urlPattern

string

Specifies the URL pattern.

authFilter > userAgent

A unique configuration ID.

NameTypeDefaultDescription

agent

string

Specifies the user agent

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

authFilter > webApp

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string

Specifies the name.

authzParameter

Specifies custom parameters to send to the authorization endpoint of the OpenID Connect provider.

NameTypeDefaultDescription

id

string

A unique configuration ID.

name

string

Specifies the name of the additional parameter.

value

string

Specifies the value of the additional parameter.

jwt

Specifies the information that is used to build the JWT tokens. This information includes the JWT builder reference and the claims from the id token.

NameTypeDefaultDescription

builder

tokenType

The referenced JWT builder creates a JWT token, and the token is added to the authenticated subject.

jwt > claims

Specifies a comma-separated list of claims to copy from the user information or the id token.

tokenParameter

Specifies custom parameters to send to the token endpoint of the OpenID Connect provider.

NameTypeDefaultDescription

id

string

A unique configuration ID.

name

string

Specifies the name of the additional parameter.

value

string

Specifies the value of the additional parameter.