Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Status
colourGreen
titleAvailable in 9.7.6 and later

...

OpenID Connect is an open standard identity layer on top of the OAuth 2.0 protocol, it allows third-party applications to verify the identity of the end-user and to obtain basic user profile information. The Verba system only utilizes the Login ID of the authenticated user.

Verba supports the Authorization Code Flow:

...

Configuration


Request HeaderDefines mandatory token fields
Tokens that do not contain the fields marked as mandatory will be discarded
Item Description
Verba User AttributeThe user attribute used for matching the user
Verba User Attribute MatchingDefines the matching for the user attribute

The token can be sent either by a request header or an HTTP parameter
This configuration specifies the HTTP request header that will contain the token
The default value is "Authorization"

Request Header prefixThe authorization scheme
This prefix will be cut by the Verba server from the request header value
Request parameterThe token can be sent either by a request header or an HTTP parameter
This configuration specifies the HTTP request parameter that will contain the token
Audience RegexOptional, if defined the system will disregard tokens that do not have the matching "aud" attribute

Expiration Timezone

The timezone for the token expiration

Prevent Token ReuseChecking prevents reuse of the token
Mandatory Token FieldsClient ID
The Verba web interface will use this Client ID to request the ID Token
Client Secret
The Verba web interface will use this Client Secret to request the ID Token
Authentication Request URL

The Authorization Server URL

Authentication Request - response_type parameterUsually should be set to "code"
Authentication Request - scope parameterUsually should be set to "openid"
Authentication Request - login hint parameter name
Login Hint parameter name that will be passed to the Authorization Server (optional)

Token Request URL

The Token Request URL

Token Request - grant_type parameterUsually should be set to "authorization_code"
Token Request - AuthenticationThe authentication method of the Token Request (BASIC or POST body parameters)
ID Token AttributeWhich ID Token Attribute should be used to look up the Verba user (usually "sub")
Verify the state parameter

Should the "state" parameter be passed and verified in the response?
All modern OpenID Connect providers should support the state parameter

Verify the nonce claim

Should the "nonce" parameter be passed and verified in the token?
All modern OpenID Connect providers should support the state parameter

Authorization Endpoint HTTPS CertificateOnly set if the Authorization Endpoint's HTTPS Certificate is not trusted by Java running the Verba web application