Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2.0

...

MetadataEndpoint
OAuth2 and OpenID Connect Metadata

/uas/.well-known/openid-configuration

JWKS Web Keys

/uas/oauth2/metadata.jwks

Metadata Request

The main OAuth2 metadata endpoint contains all of the relevant server endpoints, supported profiles and links to public key material used for validation of signed data.

...

The same metadata is also available at the address /uas/oauth2/metadata.json.  The address /uas/.well-known/openid-configuration is configuration is preferred for interoperability.

Code Block
languagexmlthemeRDark
titleSample metadata request
GET https://sso.example.com/uas/.well-known/openid-configuration

...

  • tokeninfo_endpoint (deprecated, will be removed in SSO 8) introspection_endpoint provides the same functionality and should be used.

Code Block
languagexml
themeRDark
titleSample metadata response
HTTP/1.1 200 OK 
Content-Type: application/json

{
  "issuer": "https://sso.example.com/uas",
  "authorization_endpoint": "https://sso.example.com/uas/oauth2/authorization",
  "token_endpoint": "https://sso.example.com/uas/oauth2/token",
  "userinfo_endpoint": "https://sso.example.com/uas/oauth2/userinfo",
  "jwks_uri": "https://sso.example.com/uas/oauth2/metadata.jwks",
  "tokeninfo_endpoint": "https://sso.example.com/uas/oauth2/introspection",
  "introspection_endpoint": "https://sso.example.com/uas/oauth2/introspection",
  "revocation_endpoint": "https://sso.example.com/uas/oauth2/revocation",
  "response_types_supported": [
    "code"
  ],
  "grant_types_supported": [
    "authorization_code",
    "password",
    "refresh_token",
    "urn:ietf:params:oauth:grant-type:saml2-bearer",
    "http://globalsign.com/iam/sso/oauth2/grant-type/sms-mt-otp",
    "http://globalsign.com/iam/sso/oauth2/grant-type/smtp-otp"
  ],
  "subject_types_supported": [
    "public"
  ],
  "request_object_signing_alg_values_supported": [
    "RS256",
    "HS256"
  ],
  "request_object_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5",
    "A128KW",
    "A256KW"
  ],
  "request_object_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512"
  ],
  "id_token_signing_alg_values_supported": [
    "RS256",
    "HS256"
  ],
  "id_token_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5",
    "A128KW",
    "A256KW"
  ],
  "id_token_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512"
  ],
  "userinfo_signing_alg_values_supported": [
    "RS256",
    "HS256"
  ],
  "userinfo_encryption_alg_values_supported": [
    "RSA-OAEP",
    "RSA-OAEP-256",
    "RSA1_5",
    "A128KW",
    "A256KW"
  ],
  "userinfo_encryption_enc_values_supported": [
    "A128CBC-HS256",
    "A256CBC-HS512"
  ],
  "token_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "token_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "HS256"
  ],
  "introspection_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "introspection_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "HS256"
  ],
  "revocation_endpoint_auth_methods_supported": [
    "client_secret_post",
    "client_secret_basic",
    "client_secret_jwt",
    "private_key_jwt"
  ],
  "revocation_endpoint_auth_signing_alg_values_supported": [
    "RS256",
    "HS256"
  ],
  "scopes_supported": [
    "openid",
    "userinfo"
  ]
}

...

GET /uas/oauth2/metadata.jwks

Code Block
languagexml
themeRDark
titleSample jwks request
GET https://sso.example.com/uas/oauth2/metadata.json

...

The issuer key in a X.509 certificate envelope. Available if compatibility flag MetadataCertificate is enabled in SSO Server.

Code Block
languagexmlthemeRDark
titleSample jwks response
HTTP/1.1 200 OK Content-Type: application/jwk-set+json
\{"keys": \[\{"kty": "RSA","use": "sig","n": "AK-iEcWcXv2VVnv...", "e": "AQAB"\}\]\}

...