Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Metadata Request

http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest

GET /uas/.well-known/openid-configuration

The metadata is mirrored in /uas/oauth2/metadata.json

Sample metadata request
GET https://sso.example.com/uas/.well-known/openid-configuration

Metadata Response

http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse
http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

Parameters

  • issuer
  • authorization_endpoint
  • token_endpoint
  • userinfo_endpoint
  • jwks_uri
  • introspection_endpoint
  • revocation_endpoint
  • response_types_supported
  • grant_types_supported
  • subject_types_supported
  • id_token_signing_alg_values_supported
  • token_endpoint_auth_methods_supported
  • scopes_supported


Deprecated parameters

  • tokeninfo_endpoint (deprecated, will be removed in SSO 8)
Sample metadata response
HTTP/1.1 200 OK Content-Type: application/json
\{
"issuer":"https://sso.example.com/uas",
"authorization_endpoint":"https://sso.example.com/uas/oauth2/authorization",
"token_endpoint":"https://sso.example.com/uas/oauth2/token",
"userinfo_endpoint":"https://sso.example.com/uas/oauth2/userinfo",
"jwks_uri":"https://sso.example.com/uas/oauth2/metadata.jwks",
"introspection_endpoint":"https://sso.example.com/uas/oauth2/introspection",
"revocation_endpoint": "https://sso.example.com/uas/oauth2/revocation",
"response_types_supported":\["code"\],
"grant_types_supported":\["authorization_code","password","refresh_token"\],
"subject_types_supported":\["public"\],
"id_token_signing_alg_values_supported":\["RS256"\],
"token_endpoint_auth_methods_supported":\["client_secret_post","client_secret_basic"\],
"scopes_supported":\["openid","userinfo"\]
\} 


JSON Web Key Set Request

GET /uas/oauth2/metadata.jwks

Sample jwks request
GET https://sso.example.com/uas/oauth2/metadata.json


JSON Web Key Set Response

https://tools.ietf.org/html/rfc7517

Parameters

  • keys

JSON Array with one or more JSON Web Keys

  • kty

The value "RSA"

  • use

The value "sig"

  • n, e

RSA public key parameters

Optional

  • x5c

The issuer key in a X.509 certificate envelope. Available if compatibility flag MetadataCertificate is enabled in SSO Server.

Sample jwks response
HTTP/1.1 200 OK Content-Type: application/jwk-set+json
\{"keys": \[\{"kty": "RSA","use": "sig","n": "AK-iEcWcXv2VVnv...", "e": "AQAB"\}\]\}



  • No labels