This documentation is for WSO2 Identity Server 5.0.0. View documentation for the latest release.
Configuring OpenID Connect Authorization Server - Identity Server 5.0.0 - WSO2 Documentation
Skip to end of metadata
Go to start of metadata

Configurations for the OpenID Connect Authorization server are done at the identity.xml file which can be found in the path <PRODUCT_HOME>/repository/conf/identity.xml.

Look for the OpenIDConnect configuration element.

Lets go through the important configuration sub elements.

  • IDTokenSubjectClaim - This is the claim used as the subject of the IDToken. You can use different claims such as, urn:scim:schemas:core:1.0:id or
  • IDTokenIssuerID - The value of TokenIssuerID of the IDToken. This should be changed according to the deployment values.
  • IDTokenExpiration - The expiration value of the IDToken in seconds.
  • IDTokenCustomClaimsCallBackHandler - This can be used to return extra custom claims with the IDToken. You can implement a claims call back handler to push the custom claims to the IDToken. This class needs to implement the interface CustomClaimsCallbackHandler. You can find the default implementation here as a reference.
  • UserInfoEndpointClaimDialect - Defines which claim dialect should be returned from the User Endpoint. You can configure claim dialects such as urn:scim:schemas:core:1.0 for SCIM, for OpenID Simple Registration and for OpenID Attribute Exchange.
  • UserInfoEndpointClaimRetriever - Defines the class which builds the claims for the User Info Endpoint's response. This class needs to implement the interface UserInfoClaimRetriever. The default implementation can be found here as a reference.
  • No labels