SSO Server publishes it's OAuth 2.0 and OpenID Connect 1.0 endpoint addresses and other capabilities and features in a metadata document.

Metadata allows applications to dynamically discover endpoints and features.

The following lists metadata parameters published by SSO Server

Name	Description
	OAuth 2.0 parameters
issuer	Issuer identifier
authorization_endpoint	Authorization endpoint
token_endpoint	Token endpoint
jwks_uri	Issuer's public keys as JSON Web Key Set
revocation_endpoint	Revocation endpoint
introspection_endpoint	Introspection endpoint
scopes_supported = [ "openid", "userinfo" ]	Scope values supported In addition client_id values of registered clients are allowed as scope values
response_types_supported = [ "code" ]
grant_types_supported = [ "authorization_code", "password", "refresh_token", "urn:ietf:params:oauth:grant-type:saml2-bearer", "http://globalsign.com/iam/sso/oauth2/grant-type/sms-mt-otp", "http://globalsign.com/iam/sso/oauth2/grant-type/smtp-otp" ]
token_endpoint_auth_methods_supported = [ "client_secret_post", "client_secret_basic", "client_secret_jwt", "private_key_jwt", "none"]	See Client authentication - SSO
token_endpoint_auth_signing_alg_values_supported = [ "RS256", "HS256" ]	JWS algorithm identifiers RSA is used with asymmetric keys, HMAC is used with symmetric keys
revocation_endpoint_auth_methods_supported	same as token_endpoint_auth_methods_supported
revocation_endpoint_auth_signing_alg_values_supported	same as token_endpoint_auth_signing_alg_values_supported
introspection_endpoint_auth_methods_supported	same as token_endpoint_auth_methods_supported
introspection_endpoint_auth_signing_alg_values_supported	same as token_endpoint_auth_signing_alg_values_supported
code_challenge_methods_support = [ "S256", "plain" ]	Supported code_challenge_methods for OAuth2.0 PKCE. See RFC 7636 - Proof Key for Code Exchange by OAuth Public Clients.
	OpenID Connect 1.0 parameters
userinfo_endpoint	UserInfo endpoint
subject_types_supported = [ "public" ]
id_token_signing_alg_values_supported	same as token_endpoint_auth_signing_alg_values_supported
id_token_encryption_alg_values_supported	JWE algorithm identifiers Encryption key management algorithms Interop setting "EncryptAES256" controls if 256bit algorithms are available
id_token_encryption_enc_values_supported	JWE algorithm identifiers Content encryption algorithms
userinfo_signing_alg_values_supported	same as id_token_signing_alg_values_supported
userinfo_encryption_alg_values_supported	same as id_token_encryption_alg_values_supported
userinfo_encryption_enc_values_supported	same as id_token_encryption_enc_values_supported
request_object_signing_alg_values_supported	same as id_token_signing_alg_values_supported
request_object_encryption_alg_values_supported	same as id_token_encryption_alg_values_supported
request_object_encryption_enc_values_supported	same as id_token_signing_alg_values_supported

OAuth 2.0 parameters

OpenID Connect 1.0 parameters

References

Browser not supported