/
Configuring OpenID Connect Authorization Server
This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring OpenID Connect Authorization Server
- Former user (Deleted)
Owned by Former user (Deleted)
Jan 11, 2018
This topic guides you through configuring the OpenID Connect Authorization Server by modifying the identity.xml file found in the <PRODUCT_HOME>/repository/conf/identity/ directory.
The <OpenIDConnect> element contains the sub elements which can be configured accordingly as explained below.
<OpenIDConnect>
<IDTokenBuilder>org.wso2.carbon.identity.openidconnect.DefaultIDTokenBuilder</IDTokenBuilder>
<!--
Default value for IDTokenIssuerID, is OAuth2TokenEPUrl.
If that doesn't satisfy uncomment the following config and explicitly configure the value
-->
<IDTokenIssuerID>${carbon.protocol}://${carbon.host}:${carbon.management.port}/oauth2/token</IDTokenIssuerID>
<IDTokenCustomClaimsCallBackHandler>org.wso2.carbon.identity.openidconnect.SAMLAssertionClaimsCallback</IDTokenCustomClaimsCallBackHandler>
<IDTokenExpiration>3600</IDTokenExpiration>
<UserInfoEndpointClaimRetriever>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoUserStoreClaimRetriever</UserInfoEndpointClaimRetriever>
<UserInfoEndpointRequestValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInforRequestDefaultValidator</UserInfoEndpointRequestValidator>
<UserInfoEndpointAccessTokenValidator>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoISAccessTokenValidator</UserInfoEndpointAccessTokenValidator>
<UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJSONResponseBuilder</UserInfoEndpointResponseBuilder>
<SkipUserConsent>false</SkipUserConsent>
<!-- Sign the ID Token with Service Provider Tenant Private Key-->
<SignJWTWithSPKey>false</SignJWTWithSPKey>
</OpenIDConnect>
The following sub elements are the important configurations for configuring the OpenID Connect Authorization Server.
| Element | Description |
|---|---|
<IDTokenIssuerID> | The value of TokenIssuerID of the IDToken. This should be changed according to the deployment values. |
<IDTokenExpiration> | The expiration value of the IDToken in seconds. |
<IDTokenCustomClaimsCallBackHandler> | This can be used to return extra custom claims with the IDToken. You can implement a claims call back handler to push the custom claims to the IDToken. This class needs to implement the interface CustomClaimsCallbackHandler. You can find the default implementation here as a reference. |
<UserInfoEndpointClaimRetriever> | Defines the class which builds the claims for the User Info Endpoint's response. This class needs to implement the interface UserInfoClaimRetriever. The default implementation can be found here as a reference. |
<UserInfoEndpointResponseBuilder> | The value that is set to get JWT response from user info endpoint. Change the value as follows: <UserInfoEndpointResponseBuilder>org.wso2.carbon.identity.oauth.endpoint.user.impl.UserInfoJWTResponse</UserInfoEndpointResponseBuilder> |
, multiple selections available,
Related content
OpenID Connect Hybrid Flow
OpenID Connect Hybrid Flow
More like this
OpenID Connect Hybrid Flow
OpenID Connect Hybrid Flow
More like this
OpenID Connect Hybrid Flow
OpenID Connect Hybrid Flow
More like this
OpenID Connect Hybrid Flow
OpenID Connect Hybrid Flow
More like this
Enterprise Integration Patterns with WSO2 Micro Integrator
Enterprise Integration Patterns with WSO2 Micro Integrator
More like this
Deploying Consumer Data Standards Administration API v1.28.0
Deploying Consumer Data Standards Administration API v1.28.0
More like this