This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring OpenID
OpenID is a widely used authentication mechanism and it is used by well known OpenID providers. OpenID is a protocol that describes how the end users can be authenticated in a decentralized manner (it is not governed by a single entity). With OpenID, the end user does not need to provide their credentials such as password or other sensitive information to be authenticated for services providers. The OpenID user can decide how much information to be shared with the particular service provider.
To navigate to the federated authenticators configuration section, do the following. Fill in the details in the Basic Information section. You can configure the following federated authenticators by expanding the Federated Authenticators section followed by the required subsections.
For more information, see Configuring an Identity Provider.
- Expand the OpenID Configuration section.
Fill in the following fields where relevant.
Field Description Sample value Enable OpenID Selecting this option will enable OpenId to be used as an authenticator for users provisioned to the Identity Server. Selected Default Selecting the Default checkbox signifies that OpenID is the main/default form of authentication. This removes the selection made for any other Default checkboxes for other authenticators. Selected OpenID Server URL Specify the OpenID Server URL. This URL indicates where to send the OpenID requests. The OpenID Server URL can normally be discovered from the OpenID URL by using a HTTP GET request and obtaining the HTML page. However, in this case it is not possible as this is a federation scenario where we are sending the authentication request onward to an OpenID server. Hence this value will depend on the directed identity.
As long as the federated IdP is WSO2 Identity Server, the URL should follow this format:
https://(host-name):(port)/openid
.https://localhost:9443/openid/ OpenID User ID Location This indicates how to find the user ID in the response received. Here you can select whether the user ID is found in the 'claimed_id' or if it is found among claims. If the user ID is found among the claims, it can override the User ID Claim URI configuration in the identity provider claim mapping section. The 'claimed_id', on the other hand, is an attribute in the OpenID response. User ID found among claims Additional Query Parameters This is necessary if you are connecting to another Identity Server or application and if extra parameters are required by this IS or application. These can be specified here. These will be sent along with the OpenID request. paramName1=value1
- Identity Federation is part of the process of configuring an identity provider. For more information on how to configure an identity provider, see Configuring an Identity Provider.