This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, go to https://wso2.com/documentation/.

Configuring OpenID

Owned by Former user (Deleted)
Last updated: May 09, 2016 by Former user (Deleted)
2 min read

OpenID is a widely used authentication mechanism and it is used by well known OpenID providers. OpenID is a protocol that describes how the end users can be authenticated in a decentralized manner (it is not governed by a single entity). With OpenID, the end user does not need to provide their credentials such as password or other sensitive information to be authenticated for services providers. The OpenID user can decide how much information to be shared with the particular service provider.

To navigate to the federated authenticators configuration section, do the following.

  1. Sign in. Enter your username and password to log on to the Management Console
  2. Navigate to the Main menu to access the Identity menu. Click Add under Identity Providers.
    For more information, see Configuring an Identity Provider.  

  3. Fill in the details in the Basic Information section. 

You can configure the following federated authenticators by expanding the Federated Authenticators section followed by the required subsections.

  1. Expand the OpenID Configuration section.

  2. Fill in the following fields where relevant.

    FieldDescriptionSample value
    Enable OpenIDSelecting this option will enable OpenId to be used as an authenticator for users provisioned to the Identity Server.Selected
    DefaultSelecting the Default checkbox signifies that OpenID is the main/default form of authentication. This removes the selection made for any other Default checkboxes for other authenticators.Selected
    OpenID Server URL

    Specify the OpenID Server URL. This URL indicates where to send the OpenID requests. The OpenID Server URL can normally be discovered from the OpenID URL by using a HTTP GET request and obtaining the HTML page. However, in this case it is not possible as this is a federation scenario where we are sending the authentication request onward to an OpenID server. Hence this value will depend on the directed identity.

    As long as the federated IdP is WSO2 Identity Server, the URL should follow this format: https://(host-name):(port)/openid.

    		https://localhost:9443/openid/
    OpenID User ID LocationThis indicates how to find the user ID in the response received. Here you can select whether the user ID is found in the 'claimed_id' or if it is found among claims. If the user ID is found among the claims, it can override the User ID Claim URI configuration in the identity provider claim mapping section. The 'claimed_id', on the other hand, is an attribute in the OpenID response.User ID found among claims
    Additional Query ParametersThis is necessary if you are connecting to another Identity Server or application and if extra parameters are required by this IS or application. These can be specified here. These will be sent along with the OpenID request.paramName1=value1
Related Topics
  • Identity Federation is part of the process of configuring an identity provider. For more information on how to configure an identity provider, see Configuring an Identity Provider.