This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Configuring OpenID Connect Authorization Server

Configurations for the OpenID Connect Authorization server are done at the identity.xml file which can be found in the path <PRODUCT_HOME>/repository/conf/identity.xml.

Look for the OpenIDConnect configuration element.

Lets go through the important configuration sub elements.

  • IDTokenSubjectClaim - This is the claim used as the subject of the IDToken. You can use different claims such as http://wso2.org/claims/emailaddress, urn:scim:schemas:core:1.0:id or http://axschema.org/namePerson/first.
     
  • IDTokenIssuerID - The value of TokenIssuerID of the IDToken. This should be changed according to the deployment values.
     
  • IDTokenExpiration - The expiration value of the IDToken in seconds.
     
  • IDTokenCustomClaimsCallBackHandler - This can be used to return extra custom claims with the IDToken. You can implement a claims call back handler to push the custom claims to the IDToken. This class needs to implement the interface CustomClaimsCallbackHandler. You can find the default implementation here as a reference.
     
  • UserInfoEndpointClaimDialect - Defines which claim dialect should be returned from the User Endpoint. By default it uses the WSO2 claim dialect. You can configure other claim dialects such as urn:scim:schemas:core:1.0 for SCIM, http://schema.openid.net/2007/05/claims for OpenID Simple Registration and http://axschema.org for OpenID Attribute Exchange.
     
  • UserInfoEndpointClaimRetriever - Defines the class which builds the claims for the User Info Endpoint's response. This class needs to implement the interface UserInfoClaimRetriever. The default implementation can be found here as a reference.