Authentication Data API

Authentication Data API provides REST services that are used to retrieve endpoint parameters provided by the authentication framework or related services. 

These parameters may not be passed in the redirect URL due to one or many of the following reasons. 

• Sensitivity of the values passed.

• Complexity of the values passed.

• Length of the parameters exceeding, or has the possibility of exceeding the allowed limits.

• Compliance to certain business policies.

Configuring Authentication Data API

To make these parameters available via the Authentication Data API, we need to configure the Identity Server as follows.

1. Configure the following parameters in the application-authentication.xml file in <IS_HOME>/repository/conf/identity as per the descriptions provided below.

   <AuthenticationEndpointRedirectParams action="include"  removeOnConsumeFromAPI="true"> <AuthenticationEndpointRedirectParam name="sessionDataKey"/>  </AuthenticationEndpointRedirectParams>

2. Restart the server.

Using the API

The data can be accessible at https://<IS_HOST>:<PORT>/api/identity/auth/v1.1/data/<Type>/<Key>.

• <Type> - This refers to the key type that should be used. The value is AuthRequestKey for pages which directly communicate with the authentication framework using sessionDataKey, and OauthConsentKey for the Oauth consent page which uses sessionDataKeyConsent as the correlation key.

• <Key> - The correlation key whose value is either sessionDataKey or sessionDataKeyConsent.

Authenticating the API

This API can be authenticated by following the steps given here. 

Following are the sample requests and responses using cURL.

Request-1

Response-1

Request-2

Response-2