Status | ||||
---|---|---|---|---|
|
...
OpenID Connect is an open standard identity layer on top of the OAuth 2.0 protocol, it allows third-party applications to verify the identity of the end-user and to obtain basic user profile information. The Verba system only utilizes the Login ID of the authenticated user.
Verba supports the Authorization Code Flow:
...
Configuration
Item | Description | |
---|---|---|
Verba User Attribute | The user attribute used for matching the user | |
Verba User Attribute Matching | Defines the matching for the user attribute | The token can be sent either by a request header or an HTTP parameter |
Request Header prefix | The authorization scheme This prefix will be cut by the Verba server from the request header value | |
Request parameter | The token can be sent either by a request header or an HTTP parameter This configuration specifies the HTTP request parameter that will contain the token | |
Audience Regex | Optional, if defined the system will disregard tokens that do not have the matching "aud" attribute | |
Expiration Timezone | The timezone for the token expiration | |
Prevent Token Reuse | Checking prevents reuse of the token | |
Mandatory Token Fields | Defines mandatory token fieldsClient ID | The Verba web interface will use this Client ID to request the ID Token |
Client Secret | The Verba web interface will use this Client Secret to request the ID Token | |
Authentication Request URL | The Authorization Server URL | |
Authentication Request - response_type parameter | Usually should be set to "code" | |
Authentication Request - scope parameter | Usually should be set to "openid" | |
Authentication Request - login hint parameter name | Login Hint parameter name that will be passed to the Authorization Server (optional) | |
Token Request URL | The Token Request URL | |
Token Request - grant_type parameter | Usually should be set to "authorization_code" | |
Token Request - Authentication | The authentication method of the Token Request (BASIC or POST body parameters) | |
ID Token Attribute | Which ID Token Attribute should be used to look up the Verba user (usually "sub") | |
Verify the state parameter | Should the "state" parameter be passed and verified in the response? | |
Verify the nonce claim | Should the "nonce" parameter be passed and verified in the token? | |
Authorization Endpoint HTTPS Certificate | Only set if the Authorization Endpoint's HTTPS Certificate is not trusted by Java running the Verba web application |