This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
  • Created by Former user, last modified by Former user on Jan 12, 2016
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Configurations for the OpenID Connect Authorization server are done at the identity.xml file which can be found in the path <PRODUCT_HOME>/repository/conf/identity/identity.xml.

Look for the OpenIDConnect configuration element.

<OpenIDConnect>
            <IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
            <!--
                Default value for IDTokenIssuerID, is OAuth2TokenEPUrl.
                If that doesn't satisfy uncomment the following config and explicitly configure the value
            -->
            <IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
            <IDTokenSubjectClaim>http://wso2.org/claims/givenname</IDTokenSubjectClaim>
            <IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
            <IDTokenExpiration>3600</IDTokenExpiration>
            <UserInfoEndpointClaimDialect>http://wso2.org/claims</UserInfoEndpointClaimDialect>
            <UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
            <UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
            <UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
            <UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
            <SkipUserConsent>false</SkipUserConsent>
        </OpenIDConnect>

 

Lets go through the important configuration sub elements.

  • IDTokenSubjectClaim - This is the claim used as the subject of the IDToken. You can use different claims such as http://wso2.org/claims/emailaddress, urn:scim:schemas:core:1.0:id or http://axschema.org/namePerson/first.
     
  • IDTokenIssuerID - The value of TokenIssuerID of the IDToken. This should be changed according to the deployment values.
     
  • IDTokenExpiration - The expiration value of the IDToken in seconds.
     
  • IDTokenCustomClaimsCallBackHandler - This can be used to return extra custom claims with the IDToken. You can implement a claims call back handler to push the custom claims to the IDToken. This class needs to implement the interface CustomClaimsCallbackHandler. You can find the default implementation here as a reference.
     
  • UserInfoEndpointClaimDialect - Defines which claim dialect should be returned from the User Endpoint. You can configure claim dialects such as urn:scim:schemas:core:1.0 for SCIM, http://schema.openid.net/2007/05/claims for OpenID Simple Registration and http://axschema.org for OpenID Attribute Exchange.
     
  • UserInfoEndpointClaimRetriever - Defines the class which builds the claims for the User Info Endpoint's response. This class needs to implement the interface UserInfoClaimRetriever. The default implementation can be found here as a reference.
  • No labels