OpenID Connect Relying Party
OpenID Connect (OIDC) is an authentication protocol built on top of OAuth 2.0 that allows applications (called Relying Parties) to verify a user’s identity and obtain profile information in a secure, standardized way.
Parameters for the Identity Provider where n is a positive natural number:
- ISSUER_n:
url; location of the OpenID Connect well-known file; e.g., https://www.acme.org/.well-known/openid-configuration . - CLIENT_ID_n:
string; a public identifier for the application. Created during client registration on the server. - CLIENT_SECRET_n:
string; a secret key known only to the client and the authorization server. Created during client registration on the server. - OIDC_USERINFO_ENDPOINT_n (optional) (OpenID Connect and OpenID Federation only):
booleandefaultfalse; merges user information from the userinfo endpoint with the JWT access token. - OIDC_SKIP_ISSUER_VERIFICATION_n (optional) (OpenID Connect only):
booleandefaultfalse; typically used for cross-tenant authentication, allows skipping issuer verification that initiated authentication. During the callback phase, the Identity Provider will pass the issuer of each cross-tenant user. - OIDC_REPLACE_IN_ENTITY_CONFIGURATION_n (optional) (OpenID Connect only):
stringwith syntaxtoReplaceWord=newWord; used for replacing words in the entity configuration across tenants (e.g., Microsoft Entra,{tenantid}=5c756555-a890-459f-9f63-7738015a32e2). - OIDC_SCOPES_CSV_n (optional) (OpenID Connect and OpenID Federation only):
csv; filter forscopesin the Identity Provider metadata.
Last updated on