This documentation is for WSO2 Identity Server 5.1.0 . View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


With OAuth as its base, OpenID Connect allows many types of clients such as web-based clients, mobile clients and javascript clients to verify the users with an authorization server-based authentication.

Excerpt Include
Federated Authentication
Federated Authentication

  1. Expand the OAuth2/OpenID Connect Configuration form.

  2. Fill in the following fields where relevant.

    FieldDescriptionSample value
    Enable OAuth2/OpenIDConnectSelecting this option enables OAuth2/OpenID Connect to be used as an authenticator for users provisioned to the Identity Server.Selected
    DefaultSelecting the Default checkbox signifies that the OAuth2/OpenID Connect credentials are the main/default form of authentication. This removes the selection made for any other Default checkboxes for other authenticators.Selected
    Authentication Endpoint URLThis is the authentication URL for OAuth/OpenID Connect. This is a standard OAuth URL. This is the URL to which authentication requests are sent.https://localhost:9443/oauth2/authorize/
    Token Endpoint URLThis is the token endpoint URL. This is a standard OAuth URL.https://localhost:9443/oauth2/token/
    Client IdThe username of the web application. The Client Id and Client Secret are necessary as they will be used for authentication at the Authentication Endpoint and Token Endpoint.1421263438188909
    Client SecretThe password of the web application. Click the Show button to view the value you enter.12ffb4dfb2fed67a00846b42126991f8
    Callback URLThis is the URL to which the browser should be redirected after the authentication is successful. It should have this format: https://(host-name):(port)/acs.https://localhost:9443/commonauth
    OpenID Connect User ID LocationSelect whether the User ID is found in the 'sub' attribute that is sent with the OpenID Connect request or if it is found among claims.User ID found in 'sub' attribute
    Additional Query ParametersThis is necessary if you are connecting to another Identity Server or application. Sometimes extra parameters are required by this IS or application so these can be specified here.paramName1=value1