Provider metadata reference - SSO
SSO Server publishes it's OAuth 2.0 and OpenID Connect 1.0 endpoint addresses and other capabilities and features in a metadata document.
Metadata allows applications to dynamically discover endpoints and features.
The following lists metadata parameters published by SSO Server
| Name | Description |
|---|---|
OAuth 2.0 parameters | |
| issuer | Issuer identifier |
| authorization_endpoint | Authorization endpoint |
| token_endpoint | Token endpoint |
| jwks_uri | Issuer's public keys as JSON Web Key Set |
| revocation_endpoint | Revocation endpoint |
| introspection_endpoint | Introspection endpoint |
scopes_supported = [ "openid", "userinfo" ] | Scope values supported In addition client_id values of registered clients are allowed as scope values |
| response_types_supported = [ "code" ] | |
grant_types_supported = [ "authorization_code", "password", "refresh_token", "urn:ietf:params:oauth:grant-type:saml2-bearer", "http://globalsign.com/iam/sso/oauth2/grant-type/sms-mt-otp", "http://globalsign.com/iam/sso/oauth2/grant-type/smtp-otp" ] | |
token_endpoint_auth_methods_supported = [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt", "none"] | See Client credentials - SSO |
token_endpoint_auth_signing_alg_values_supported = [ "RS256", "HS256" ] | JWS algorithm identifiers RSA is used with asymmetric keys, HMAC is used with symmetric keys |
| revocation_endpoint_auth_methods_supported | same as token_endpoint_auth_methods_supported |
| revocation_endpoint_auth_signing_alg_values_supported | same as token_endpoint_auth_signing_alg_values_supported |
| introspection_endpoint_auth_methods_supported | same as token_endpoint_auth_methods_supported |
| introspection_endpoint_auth_signing_alg_values_supported | same as token_endpoint_auth_signing_alg_values_supported |
code_challenge_methods_support = [ "S256", "plain" ] | Supported code_challenge_methods for OAuth2.0 PKCE. See RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients. |
OpenID Connect 1.0 parameters | |
| userinfo_endpoint | UserInfo endpoint |
| subject_types_supported = [ "public" ] | |
| id_token_signing_alg_values_supported | same as token_endpoint_auth_signing_alg_values_supported |
| id_token_encryption_alg_values_supported | JWE algorithm identifiers Encryption key management algorithms Interop setting "EncryptAES256" controls if 256bit algorithms are available |
| id_token_encryption_enc_values_supported | JWE algorithm identifiers Content encryption algorithms |
| userinfo_signing_alg_values_supported | same as id_token_signing_alg_values_supported |
userinfo_encryption_alg_values_supported | same as id_token_encryption_alg_values_supported |
| userinfo_encryption_enc_values_supported | same as id_token_encryption_enc_values_supported |
| request_object_signing_alg_values_supported | same as id_token_signing_alg_values_supported |
| request_object_encryption_alg_values_supported | same as id_token_encryption_alg_values_supported |
| request_object_encryption_enc_values_supported | same as id_token_signing_alg_values_supported |