OAuth Login (oauth2Login)

The configuration of a generic social media login.

Name	Type	Default	Description
accessTokenHeaderName	string		Name of the header to use when an OAuth access token is forwarded.
accessTokenRequired	boolean	false	Determines whether the access token that is provided in the request is used for authentication. If true, the client must provide a valid access token.
accessTokenSupported	boolean	false	Determines whether to support access token authentication if an access token is provided in the request. If true, and an access token is provided in the request, the access token is used as an authentication token.
authFilterRef	A reference to top level authFilter element (string).		Specifies the authentication filter reference.
authorizationEndpoint	string (with whitespace trimmed off)		Specifies an Authorization end point URL.
clientId	string		The application or client ID.
clientSecret	Reversably encoded password (string)		The secret of the application or client.
displayName	string		The name of the social login configuration for display.
groupNameAttribute	string (with whitespace trimmed off)		The value of the claim is used as the user group membership.
id	string Required		The unique ID.
isClientSideRedirectSupported	boolean	true	Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript.
mapToUserRegistry	boolean	false	Specifies whether to map userIdentifier to registry user.
realmName	string (with whitespace trimmed off)		The realm name for this social media.
realmNameAttribute	string (with whitespace trimmed off)		The value of the claim is used as the subject realm.
redirectToRPHostAndPort	string		Specifies a callback protocol, host, and port number. For example, https://myhost:8020.
responseType	code	code	Specifies the OAuth response type. code Authorization code
scope	string		Specifies required scope.
sslRef	A reference to top level ssl element (string).		Specifies an ID of the SSL configuration that is used to connect to the social media.
tokenEndpoint	string (with whitespace trimmed off)		Specifies a token end point URL.
tokenEndpointAuthMethod	client_secret_basic client_secret_post	client_secret_post	Specifies required authentication method. client_secret_basic Use the HTTP Basic authentication scheme to authenticate the client with the token endpoint of the OpenID Connect provider. client_secret_post Include the client credentials in the request body to authenticate the client with the token endpoint of the OpenID Connect provider.
useSystemPropertiesForHttpClientConnections	boolean	false	Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties.
userApi	string		The URL of retrieving the user information.
userApiToken	Reversably encoded password (string)		Specifies the access token that has permission to call the user API. For OpenShift, the token is from a service account with permission to call the TokenReview API, which usually requires the system:auth-delegator role.
userApiType	basic introspect kube	basic	Indicates which specification to use for the user API. basic Indicates that the user API can be directly started with an HTTP GET request. introspect internal kube Indicates that the user API is a Kubernetes TokenReview API.
userNameAttribute	string (with whitespace trimmed off)	email	The value of the claim is authenticated user principal.
userUniqueIdAttribute	string (with whitespace trimmed off)		The value of the claim is used as the subject uniqueId.
website	string (with whitespace trimmed off)		The website address.

Name

Type

Default

Description

accessTokenHeaderName

string

Name of the header to use when an OAuth access token is forwarded.

accessTokenRequired

boolean

false

Determines whether the access token that is provided in the request is used for authentication. If true, the client must provide a valid access token.

accessTokenSupported

boolean

false

Determines whether to support access token authentication if an access token is provided in the request. If true, and an access token is provided in the request, the access token is used as an authentication token.

authFilterRef

A reference to top level authFilter element (string).

Specifies the authentication filter reference.

authorizationEndpoint

string (with whitespace trimmed off)

Specifies an Authorization end point URL.

clientId

string

The application or client ID.

clientSecret

Reversably encoded password (string)

The secret of the application or client.

displayName

string

The name of the social login configuration for display.

groupNameAttribute

string (with whitespace trimmed off)

The value of the claim is used as the user group membership.

string
Required

The unique ID.

isClientSideRedirectSupported

boolean

true

Specifies whether client side redirection is supported. Examples of a client include a browser or a standalone JavaScript application. If set to true, the client must support JavaScript.

mapToUserRegistry

boolean

false

Specifies whether to map userIdentifier to registry user.

realmName

string (with whitespace trimmed off)

The realm name for this social media.

realmNameAttribute

string (with whitespace trimmed off)

The value of the claim is used as the subject realm.

redirectToRPHostAndPort

string

Specifies a callback protocol, host, and port number. For example, https://myhost:8020.

responseType

code

code

Specifies the OAuth response type.
code
Authorization code

scope

string

Specifies required scope.

sslRef

A reference to top level ssl element (string).

Specifies an ID of the SSL configuration that is used to connect to the social media.

tokenEndpoint

string (with whitespace trimmed off)

Specifies a token end point URL.

tokenEndpointAuthMethod

client_secret_basic
client_secret_post

client_secret_post

Specifies required authentication method.
client_secret_basic
Use the HTTP Basic authentication scheme to authenticate the client with the token endpoint of the OpenID Connect provider.
client_secret_post
Include the client credentials in the request body to authenticate the client with the token endpoint of the OpenID Connect provider.

useSystemPropertiesForHttpClientConnections

boolean

false

Specifies whether to use Java system properties when the OpenID Connect or OAuth client creates HTTP client connections. Set this property to true if you want the connections to use the http* or javax* system properties.

userApi

string

The URL of retrieving the user information.

userApiToken

Reversably encoded password (string)

Specifies the access token that has permission to call the user API. For OpenShift, the token is from a service account with permission to call the TokenReview API, which usually requires the system:auth-delegator role.

userApiType

basic
introspect
kube

basic

Indicates which specification to use for the user API.
basic
Indicates that the user API can be directly started with an HTTP GET request.
introspect
internal
kube
Indicates that the user API is a Kubernetes TokenReview API.

userNameAttribute

string (with whitespace trimmed off)

The value of the claim is authenticated user principal.

userUniqueIdAttribute

string (with whitespace trimmed off)

The value of the claim is used as the subject uniqueId.

website

string (with whitespace trimmed off)

The website address.

authFilter

Specifies the authentication filter reference.

authFilter > cookie

A unique configuration ID.

Name	Type	Default	Description
id	string		A unique configuration ID.
matchType	contains equals notContain	contains	Specifies the match type.
name	string Required		Specifies the name.

Name

Type

Default

Description

string

A unique configuration ID.

matchType

contains
equals
notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

authFilter > host

A unique configuration ID.

Name	Type	Default	Description
id	string		A unique configuration ID.
matchType	contains equals notContain	contains	Specifies the match type.
name	string Required		Specifies the name.

Name

Type

Default

Description

string

A unique configuration ID.

matchType

contains
equals
notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

authFilter > remoteAddress

A unique configuration ID.

Name	Type	Default	Description
id	string		A unique configuration ID.
ip	string		Specifies the remote host TCP/IP address.
matchType	contains equals greaterThan lessThan notContain	contains	Specifies the match type.

Name

Type

Default

Description

string

A unique configuration ID.

string

Specifies the remote host TCP/IP address.

matchType

contains
equals
greaterThan
lessThan
notContain

contains

Specifies the match type.

authFilter > requestHeader

A unique configuration ID.

Name	Type	Default	Description
id	string		A unique configuration ID.
matchType	contains equals notContain	contains	Specifies the match type.
name	string Required		Specifies the name.
value	string		The value attribute specifies the value of the request header. If the value is not specified, then the name attribute is used for matching, for example, requestHeader id="sample" name="email" matchType="contains".

Name

Type

Default

Description

string

A unique configuration ID.

matchType

contains
equals
notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

value

string

The value attribute specifies the value of the request header. If the value is not specified, then the name attribute is used for matching, for example, requestHeader id="sample" name="email" matchType="contains".

authFilter > requestUrl

A unique configuration ID.

Name	Type	Default	Description
id	string		A unique configuration ID.
matchType	contains equals notContain	contains	Specifies the match type.
urlPattern	string Required		Specifies the URL pattern. The * character is not supported to be used as a wildcard.

Name

Type

Default

Description

string

A unique configuration ID.

matchType

contains
equals
notContain

contains

Specifies the match type.

urlPattern

string
Required

Specifies the URL pattern. The * character is not supported to be used as a wildcard.

authFilter > userAgent

A unique configuration ID.

Name	Type	Default	Description
agent	string Required		Specifies the browser's user agent to help identify which browser is being used.
id	string		A unique configuration ID.
matchType	contains equals notContain	contains	Specifies the match type.

Name

Type

Default

Description

agent

string
Required

Specifies the browser's user agent to help identify which browser is being used.

string

A unique configuration ID.

matchType

contains
equals
notContain

contains

Specifies the match type.

authFilter > webApp

A unique configuration ID.

Name	Type	Default	Description
id	string		A unique configuration ID.
matchType	contains equals notContain	contains	Specifies the match type.
name	string Required		Specifies the name.

Name

Type

Default

Description

string

A unique configuration ID.

matchType

contains
equals
notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

jwt

Specifies the information that is used to build the JWT tokens. This information includes the JWT builder reference and the claims from the id token.

Name	Type	Default	Description
builder	string (with whitespace trimmed off)		The referenced JWT builder creates a JWT token, and the token is added to the authenticated subject.
claims	string This is specified as a child element rather than as an XML attribute (maximum occurrences 400).		Specifies a comma-separated list of claims to copy from the user information or the id token.

Name

Type

Default

Description

builder

string (with whitespace trimmed off)

The referenced JWT builder creates a JWT token, and the token is added to the authenticated subject.

claims

string
This is specified as a child element rather than as an XML attribute (maximum occurrences 400).

Specifies a comma-separated list of claims to copy from the user information or the id token.