Skip to end of metadata
Go to start of metadata

Configurations for the OpenID Connect Authorization server are done at the identity.xml file which can be found in the path <PRODUCT_HOME>/repository/conf/identity.xml.

Look for the OpenIDConnect configuration element.

Lets go through the important configuration sub elements.

  • IDTokenSubjectClaim - This is the claim used as the subject of the IDToken. You can use different claims such as http://wso2.org/claims/emailaddress, urn:scim:schemas:core:1.0:id or http://axschema.org/namePerson/first.
  • IDTokenIssuerID - The value of TokenIssuerID of the IDToken. This should be changed according to the deployment values.
  • IDTokenExpiration - The expiration value of the IDToken in seconds.
  • IDTokenCustomClaimsCallBackHandler - This can be used to return extra custom claims with the IDToken. You can implement a claims call back handler to push the custom claims to the IDToken. This class needs to implement the interface CustomClaimsCallbackHandler. You can find the default implementation here as a reference.
  • UserInfoEndpointClaimDialect - Defines which claim dialect should be returned from the User Endpoint. By default it uses the WSO2 claim dialect. You can configure other claim dialects such as urn:scim:schemas:core:1.0 for SCIM, http://schema.openid.net/2007/05/claims for OpenID Simple Registration and http://axschema.org for OpenID Attribute Exchange.
  • UserInfoEndpointClaimRetriever - Defines the class which builds the claims for the User Info Endpoint's response. This class needs to implement the interface UserInfoClaimRetriever. The default implementation can be found here as a reference.
  • No labels