Skip to Content
DocsIdentity LinkBasic Parameters

Basic Parameters

Global Parameters

  • PRIVATE_KEY: private pem key string; private key.
  • PUBLIC_KEY: public pem key string; public key.
  • CERTIFICATE: signed certificate string;
  • SESSION_DURATION (optional): ISO-8601 string default 1 hour; duration of the Identity Provider proxy session (e.g., PT10M -> 10min); stateful updates the duration with each client interaction.
  • SESSION_COOKIE_SETTINGS (optional): string default httpOnly; secure; semicolon-separated values, the last cookie setting must not end with ;.
  • SESSION_COOKIE_DOMAIN_LEVEL (optional): u8 default 2; how many parts of the domain to include in the cookie starting from the right. If 0, the domain remains unchanged. Example: (“www.example.com”, 0) -> www.example.com, (“www.example.com”, 2) -> .example.com, (“app.example.com”, 2) -> .example.com, (“www.app.example.com”, 6) -> .www.app.example.com, (“www.example.com”, 3) -> .www.example.com.
  • SESSION_COOKIE_NAME (optional): string.
  • BASE64_CUSTOM_LOGO_DARK (optional): base64-encoded string; logo used for dark mode.
  • BASE64_CUSTOM_LOGO_LIGHT (optional): base64-encoded string; logo used for light mode.
  • SKIP_IDP_CHOICE_IF_ONE (optional): boolean default false; skips the Identity Provider choice if only one is available: this will prevent the user from needing to click the “login via acme.org” button.
  • COLOR (optional): string in RGB format; the base color used to generate all shades.
  • COLOR_SCHEME (optional): string; light, dark, or auto; color scheme applied to the client.
  • BASE64_ICON (optional): base64-encoded string; favicon.
  • LOGIN_PATH (optional): string default login; login path; set https://domain/login in the Identity Provider.
  • CALLBACK_PATH (optional): string default callback; callback path (where the Identity Provider redirects to the Relying Party); set https://domain/callback in the Identity Provider.
  • TRACE (optional): boolean default false; debug log.
  • TRUST_SELF_SIGNED_CERT (optional): boolean default false; SSL property of the HTTP client.
  • ADDITIONAL_REDIRECT_HEADERS_n (optional): string where n is a positive natural number; additional headers added during redirection to LOGIN_PATH.
  • STYLE (optional): string in CSS format; a stylesheet applied to LOGIN_PATH and CALLBACK_PATH.
  • CALLBACK_TEXT (optional): string; h1 text for the callback.
  • CALLBACK_ERROR (optional): string; callback error.
  • CALLBACK_TITLE (optional): string; HTML head tag title for the callback.
  • CALLBACK_EXPLANATION (optional): string; description of the callback.
  • LOGIN_TITLE (optional): string; HTML head tag title for the login.
  • LOGIN_TEXT (optional): string; h1 text for the login.
  • LOGIN_EXPLANATION (optional): string; description of the login.
  • LOGIN_ERROR (optional): string; login error.
  • CONTINUE_BUTTON (optional): string; continue button text.
  • CANCEL_BUTTON (optional): string; cancel button text.
  • GROUP_ENABLE_n (optional): boolean; enable/disable group.
  • GROUP_n (optional): string csv; list of Identity Providers to be grouped together, E.g.: “1,2,4-8” i.e., Identity Providers number 1,2,4,5,6,7,8 where these numbers represent the value n of the parameter name (see Identity Provider Parameters).
  • GROUP_TEXT_n (optional): string; group name (placeholder of the select).
  • GROUP_IMAGE_BASE64_n (optional): string encoded base64; icon to the left of the group.
  • LANG (optional): string; lang attribute of the html tag (E.g.: en).
  • META_DESCRIPTION (optional): string; meta description contained in the head tag.
  • CLAIMS_TRANSFORMER (optional): csv; transforms jwt response keys. Must be composed as follows: key1=key2 where key1 is the key you want to change and key2 is the key you want to get (transforms key1 to key2). Eg: key1=key2,key3=key4.
  • CLAIMS_TO_HEADER (optional): map specific claims from an ID token or user info into HTTP headers. E.g.: X-User=email extracts email claim value and sets an header like this X-User: user@acme.org
⚠️

Parameters beginning with GROUP_ have the value n which simply identifies the group and not the Identity Providers.

Identity Provider Parameters

Parameters for the Identity Provider where n is a positive natural number:

  • BUTTON_TEXT_n: string; text displayed inside the button; e.g., login via acme.org.
  • AUTHENTICATION_PROTOCOL_n: string; values and specific parameters:
  • BUTTON_FILLED_n (optional): boolean default true; filled button style.
  • USERINFO_APPROVAL_n (optional): boolean default false; user approval for sharing Identity Provider information with the backend application.
  • BUTTON_IMAGE_BASE64_n (optional): base64-encoded string; icon on the left side of the button.
  • CLAIMS_CSV_n (optional): csv; filter for claims in the Identity Provider metadata.
  • CLAIMS_TRANSFORMER_n (optional): csv; transforms jwt response keys. Must be composed as follows: key1=key2 where key1 is the key you want to change and key2 is the key you want to get (transforms key1 to key2). Eg: key1=key2,key3=key4.
Last updated on
IntroductionCIE