Metadata Request
http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
GET /uas/.well-known/openid-configuration
The metadata is mirrored in /uas/oauth2/metadata.json
Sample metadata request
GET https://sso.example.com/uas/.well-known/openid-configuration
Metadata Response
http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse
http://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
Parameters
- issuer
- authorization_endpoint
- token_endpoint
- userinfo_endpoint
- jwks_uri
- introspection_endpoint
- revocation_endpoint
- response_types_supported
- grant_types_supported
- subject_types_supported
- id_token_signing_alg_values_supported
- token_endpoint_auth_methods_supported
- scopes_supported
Deprecated parameters
- tokeninfo_endpoint (deprecated, will be removed in SSO 8)
Sample metadata response
HTTP/1.1 200 OK Content-Type: application/json \{ "issuer":"https://sso.example.com/uas", "authorization_endpoint":"https://sso.example.com/uas/oauth2/authorization", "token_endpoint":"https://sso.example.com/uas/oauth2/token", "userinfo_endpoint":"https://sso.example.com/uas/oauth2/userinfo", "jwks_uri":"https://sso.example.com/uas/oauth2/metadata.jwks", "introspection_endpoint":"https://sso.example.com/uas/oauth2/introspection", "revocation_endpoint": "https://sso.example.com/uas/oauth2/revocation", "response_types_supported":\["code"\], "grant_types_supported":\["authorization_code","password","refresh_token"\], "subject_types_supported":\["public"\], "id_token_signing_alg_values_supported":\["RS256"\], "token_endpoint_auth_methods_supported":\["client_secret_post","client_secret_basic"\], "scopes_supported":\["openid","userinfo"\] \}
JSON Web Key Set Request
GET /uas/oauth2/metadata.jwks
Sample jwks request
GET https://sso.example.com/uas/oauth2/metadata.json
JSON Web Key Set Response
https://tools.ietf.org/html/rfc7517
Parameters
- keys
JSON Array with one or more JSON Web Keys
- kty
The value "RSA"
- use
The value "sig"
- n, e
RSA public key parameters
Optional
- x5c
The issuer key in a X.509 certificate envelope. Available if compatibility flag MetadataCertificate is enabled in SSO Server.
Sample jwks response
HTTP/1.1 200 OK Content-Type: application/jwk-set+json \{"keys": \[\{"kty": "RSA","use": "sig","n": "AK-iEcWcXv2VVnv...", "e": "AQAB"\}\]\}