This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.
Configuring OpenID Connect Authorization Server
Configurations for the OpenID Connect Authorization server are done at the identity.xml file which can be found in the path <PRODUCT_HOME>/repository/conf/identity.xml
.
Look for the OpenIDConnect
configuration element.
Lets go through the important configuration sub elements.
IDTokenSubjectClaim
- This is the claim used as the subject of theIDToken
. You can use different claims such ashttp://wso2.org/claims/emailaddress
,urn:scim:schemas:core:1.0:id
orhttp://axschema.org/namePerson/first
.
ÂIDTokenIssuerID
- The value ofTokenIssuerID
of theIDToken
. This should be changed according to the deployment values.
ÂIDTokenExpiration
- The expiration value of theIDToken
in seconds.
ÂIDTokenCustomClaimsCallBackHandler
- This can be used to return extra custom claims with theIDToken
. You can implement a claims call back handler to push the custom claims to theIDToken
. This class needs to implement the interfaceCustomClaimsCallbackHandler
. You can find the default implementation here as a reference.
ÂUserInfoEndpointClaimDialect
- Defines which claim dialect should be returned from the User Endpoint. By default it uses the WSO2 claim dialect. You can configure other claim dialects such asurn:scim:schemas:core:1.0
for SCIM,http://schema.openid.net/2007/05/claims
for OpenID Simple Registration andhttp://axschema.org
for OpenID Attribute Exchange.
ÂUserInfoEndpointClaimRetriever
- Defines the class which builds the claims for the User Info Endpoint's response. This class needs to implement the interfaceUserInfoClaimRetriever
. The default implementation can be found here as a reference.