Configurations for the OpenID Connect Authorization server are done at the identity.xml file which can be found in the path <PRODUCT_HOME>/repository/conf/identity/identity.xml
.
Look for the OpenIDConnect
configuration element.
Lets go through the important configuration sub elements.
IDTokenSubjectClaim
- This is the claim used as the subject of theIDToken
. You can use different claims such ashttp://wso2.org/claims/emailaddress
,urn:scim:schemas:core:1.0:id
orhttp://axschema.org/namePerson/first
.
IDTokenIssuerID
- The value ofTokenIssuerID
of theIDToken
. This should be changed according to the deployment values.
IDTokenExpiration
- The expiration value of theIDToken
in seconds.
IDTokenCustomClaimsCallBackHandler
- This can be used to return extra custom claims with theIDToken
. You can implement a claims call back handler to push the custom claims to theIDToken
. This class needs to implement the interfaceCustomClaimsCallbackHandler
. You can find the default implementation here as a reference.
UserInfoEndpointClaimDialect
- Defines which claim dialect should be returned from the User Endpoint. You can configure claim dialects such asurn:scim:schemas:core:1.0
for SCIM,http://schema.openid.net/2007/05/claims
for OpenID Simple Registration andhttp://axschema.org
for OpenID Attribute Exchange.
UserInfoEndpointClaimRetriever
- Defines the class which builds the claims for the User Info Endpoint's response. This class needs to implement the interfaceUserInfoClaimRetriever
. The default implementation can be found here as a reference.