OIDC Social Login (oidcLogin)
The configuration of a social login that uses OIDC.
Name | Type | Default | Description |
---|---|---|---|
authFilterRef | A reference to top level authFilter element (string). | Specifies the authentication filter reference. | |
authorizationEndpoint | string | Specifies an Authorization end point URL. | |
clientId | string | The application or client ID. | |
clientSecret | Reversably encoded password (string) | The secret of the application or client. | |
clockSkew | int | 300000 | The maximum time difference in milliseconds between when a key is issued and when it can be used. |
createSession | boolean | false | Specifies whether to create an HttpSession if the current HttpSession does not exist. |
discoveryEndpoint | string | Specifies a discovery endpoint URL for an OpenID Connect provider. | |
discoveryPollingRate | A period of time with millisecond precision | 300s | Rate in milliseconds at which the OpenID Connect client checks for updates to the discovery file. The check is done only if an authentication failure exists. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. You can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds. |
displayName | string | oidcLogin | The name of the social login configuration for display. |
groupNameAttribute | string | The value of the claim is used as the user group membership. | |
hostNameVerificationEnabled | boolean | true | Specifies whether to enable host name verification when the client contacts the provider. |
id | string | The unique ID. | |
isClientSideRedirectSupported | boolean | true | Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript. |
issuer | string | The url of the issuer. | |
jwkClientId | string | Specifies the client identifier to include in the basic authentication scheme of the JWK request. | |
jwkClientSecret | Reversably encoded password (string) | Specifies the client password to include in the basic authentication scheme of the JWK request. | |
jwksUri | string | Specifies a JSON Web Key service URL. | |
keyManagementKeyAlias | string | Private key alias of the key management key that is used to decrypt the Content Encryption Key of a JSON Web Encryption (JWE) token. | |
mapToUserRegistry | boolean | false | Specifies whether to map userIdentifier to registry user. |
realmNameAttribute | string | iss | The value of the claim is used as the subject realm. |
redirectToRPHostAndPort | string | Specifies a callback protocol, host, and port number. For example, https://myhost:8020. | |
responseType |
| code | Specifies the OAuth response type. |
scope | string | openid profile email | Specifies required scope. |
signatureAlgorithm | string | RS256 | The algorithm that is used to sign a token or key. |
sslRef | A reference to top level ssl element (string). | Specifies an ID of the SSL configuration that is used to connect to the social media. | |
tokenEndpoint | string | Specifies a token end point URL. | |
tokenEndpointAuthMethod |
| client_secret_post | Specifies required authentication method. |
trustAliasName | string | Specifies a trusted key alias for using the public key to verify the signature of the token. | |
useSystemPropertiesForHttpClientConnections | boolean | false | Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties. |
userInfoEndpoint | string | Specifies a UserInfo end point URL. | |
userInfoEndpointEnabled | boolean | false | Specifies whether the User Info endpoint is contacted. |
userNameAttribute | string | sub | The value of the claim is authenticated user principal. |
userUniqueIdAttribute | string | The value of the claim is used as the subject uniqueId. | |
website | string (with whitespace trimmed off) | The website address. |
authFilter
Specifies the authentication filter reference.
authFilter > cookie
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
name | string | Specifies the name. |
authFilter > host
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
name | string | Specifies the name. |
authFilter > remoteAddress
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
ip | string | Specifies the remote host TCP/IP address. | |
matchType |
| contains | Specifies the match type. |
authFilter > requestHeader
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
name | string | Specifies the name. | |
value | string | The value attribute specifies the value of the request header. If the value is not specified, then the name attribute is used for matching, for example, requestHeader id="sample" name="email" matchType="contains". |
authFilter > requestUrl
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
urlPattern | string | Specifies the URL pattern. The * character is not supported to be used as a wildcard. |
authFilter > userAgent
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
agent | string | Specifies the browser's user agent to help identify which browser is being used. | |
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
authFilter > webApp
A unique configuration ID.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
matchType |
| contains | Specifies the match type. |
name | string | Specifies the name. |
authzParameter
Specifies custom parameters to send to the authorization endpoint of the OpenID Connect provider.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
name | string | Specifies the name of the additional parameter. | |
value | string | Specifies the value of the additional parameter. |
jwt
Specifies the information that is used to build the JWT tokens. This information includes the JWT builder reference and the claims from the id token.
Name | Type | Default | Description |
---|---|---|---|
builder | string (with whitespace trimmed off) | The referenced JWT builder creates a JWT token, and the token is added to the authenticated subject. | |
claims | string | Specifies a comma-separated list of claims to copy from the user information or the id token. |
tokenParameter
Specifies custom parameters to send to the token endpoint of the OpenID Connect provider.
Name | Type | Default | Description |
---|---|---|---|
id | string | A unique configuration ID. | |
name | string | Specifies the name of the additional parameter. | |
value | string | Specifies the value of the additional parameter. |