OpenId Authentication (openId)

OpenId authentication.

NameTypeDefaultDescription

authFilterRef

A reference to top level authFilter element (string).

Specifies the authentication filter reference.

authenticationMode

  • checkid_immediate

  • checkid_setup

checkid_setup

Specifies the OpenID provider authentication mode either checkid_immediate or checkid_setup. checkid_setup is the default authentication mode.
checkid_immediate
The checkid_immediate disables the browser interact with the user.
checkid_setup
The checkid_setup enables the openID provider to interact with the user, to request authentication or self-registration before returning a result to the openId relying party.

hashAlgorithm

  • SHA1

  • SHA256

SHA256

Specifies the hash algorithm that is used to sign and encrypt the OpenID provider response parameters.
SHA1
Secure hash algorithm SHA1
SHA256
Secure hash algorithm SHA256

hostNameVerificationEnabled

boolean

true

Specifies whether enable host name verification or not.

httpsRequired

boolean

true

Require SSL communication between the OpenID relying party and provider service.

mapIdentityToRegistryUser

boolean

false

Specifies whether to map identity to registry user. The user registry is not used to create the user subject.

providerIdentifier

string

Specifies a default OpenID provider URL where users get the Open IDs.

realmIdentifier

string

Specifies the attribute for the OpenID provider name.

sslRef

A reference to top level ssl element (string).

Specifies an ID of the SSL configuration is used to connect to the OpenID provider.

useClientIdentity

boolean

false

Specifies whether to use the client OpenID identity to create a user subject. If set to true, only the OpenID client identity is used. If set to false and the first element of userInfoRef is found, we use it to create a user subject. Otherwise, we use the OpenID identity to create a user subject.

userInfoRef

List of references to top level userInfo elements (comma-separated string).

email

Specifies a list of userInfo references separated by commas for the OpenID provider to include in the response.

authFilter

Specifies the authentication filter reference.

authFilter > cookie

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

authFilter > host

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

authFilter > remoteAddress

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

ip

string

Specifies the remote host TCP/IP address.

matchType

  • contains

  • equals

  • greaterThan

  • lessThan

  • notContain

contains

Specifies the match type.

authFilter > requestHeader

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

value

string

The value attribute specifies the value of the request header. If the value is not specified, then the name attribute is used for matching, for example, requestHeader id="sample" name="email" matchType="contains".

authFilter > requestUrl

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

urlPattern

string
Required

Specifies the URL pattern. The * character is not supported to be used as a wildcard.

authFilter > userAgent

A unique configuration ID.

NameTypeDefaultDescription

agent

string
Required

Specifies the browser's user agent to help identify which browser is being used.

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

authFilter > webApp

A unique configuration ID.

NameTypeDefaultDescription

id

string

A unique configuration ID.

matchType

  • contains

  • equals

  • notContain

contains

Specifies the match type.

name

string
Required

Specifies the name.

userInfo

Specifies a list of userInfo references separated by commas for the OpenID provider to include in the response.

NameTypeDefaultDescription

alias

string

email

Specifies an alias name.

count

int
Min: 1

1

Specifies how much userInfo is included in the response of the openID provider.

id

string

A unique configuration ID.

required

boolean

true

Specifies whether user information is required or not.

uriType

string

http://axschema.org/contact/email

Specifies a URI type.