Oracle Unified Directory - Oauth Identity Provider

Oauth Identity Provider

The Oauth Identity Provider This represents an OAuth based Identity Provider configuration.

This represents an OAuth based Identity Provider configuration.

The Oauth Identity Provider component inherits from the Identity Provider

The following components have a direct AGGREGATION relation FROM Oauth Identity Provider :

A description of each property follows.

Basic Properties:	Advanced Properties:
↓ custom-claim-to-id-mapper	↓ java-class
↓ enabled
↓ identity-mapper
↓ oauth-provider
↓ oauth-resource-server
↓ oauth-scope
↓ oauth-token-issuer
↓ oauth-token-x5t-algorithm
↓ token-introspection-endpoint

custom-claim-to-id-mapper

Description	Specifies the name of the custom claim in the Access Token to be used to map to a valid user entry in OUD via the identity-mapper. Specifies the name of the custom claim in the Access Token to be used to map to a valid user entry in OUD via the identity-mapper. This is an optional parameter and when not provided, "sub" in the token claim is automatically mapped.
Default Value	None
Allowed Values	A String
Multi-valued	No
Required	No
Admin Action Required	None
Advanced Property	No
Read-only	No

enabled

Description	Indicates whether the Identity Provider is enabled.
Default Value	None
Allowed Values	true false
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

identity-mapper

Description	Specifies the DN of Identity Mapper. This Identity Mapper is used to map a claim in the Access token to a valid user entry in OUD. By default, the subject claim is mapped. If any other claim needs to be mapped, then the claim name should be configured in custom-claim-to-id-mapper.
Default Value	None
Allowed Values	The DN of any Identity Mapper. The referenced identity mapper must be enabled when the Oauth Identity Provider is enabled.
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

oauth-provider

Description	Specifies the name of the OAuth 2.0 Identity Provider. Specifies the name of the OAuth 2.0 compliant Identity Provider. Currently we only support OAM. The value of this will default to oam.
Default Value	oam
Allowed Values	A String
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

oauth-resource-server

Description	Specifies the OAuth resource server URI of this Directory Server. Contains the URI String value , and it should be same as the primary audience value provided while configuring the OUD as Resource server.
Default Value	None
Allowed Values	A String
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

oauth-scope

Description	Specifies the OAuth token scope. Scope provide a way to more specifically define a set of resources and operations that an access token allows. It should be a subset of the scopes provided while configuring the OUD as resource server in the OAuth Identity Provider.
Default Value	None
Allowed Values	A String
Multi-valued	Yes
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

oauth-token-issuer

Description	Specifies the OAuth token issuer URL. Specifies the OAuth token issuer URL. This should be the same URL which is set in the 'iss' attribute of the Access token issued by the Identity Provider. For OAM, the OpenIDConnect Discovery Endpoint can be executed to get the OAM OAuth token issuer value. For example, http://host4:7777/oauth2
Default Value	None
Allowed Values	A String
Multi-valued	No
Required	Yes
Admin Action Required	None
Advanced Property	No
Read-only	No

oauth-token-x5t-algorithm

Description	Specifies the algorithm used to generate the thumbprint of Identity Provider's X.509 certificate. Specifies the algorithm used to generate the thumbprint of Identity Provider's X.509 certificate. Note that the access token header should include the thumbprint generated using the same algorithm. The default value is SHA1, which assumes that access token header has "x5t" property with value set as the certificate's SHA1 thumbprint. However, if the access token issued by Identity provider doesn't contain "x5t" property, and instead has only "x5t#256" property, then the value here should be "SHA-256".
Default Value	None
Allowed Values	A String
Multi-valued	No
Required	No
Admin Action Required	None
Advanced Property	No
Read-only	No

token-introspection-endpoint

Description	Specifies the OAuth token introspection endpoint URL. Specifies the OAuth token introspection endpoint URL. When configured, the OAuth Server is queried to check the validity of the JWT Token. For OAM, the OpenIDConnect Discovery Endpoint can be executed to get the OAM OAuth token introspection endpoint. For example, http://host4:7777/oauth2/rest/token/introspect This has to be a POST Operation.
Default Value	None
Allowed Values	A String
Multi-valued	No
Required	No
Admin Action Required	None
Advanced Property	No
Read-only	No

java-class

Description	Specifies the fully-qualified name of the Java class that provides the Oauth Identity Provider implementation.
Default Value	com.oracle.rest.OauthIdentityProvider
Allowed Values	A java class that implements or extends the class(es) : org.opends.server.api.IdentityProvider
Multi-valued	No
Required	Yes
Admin Action Required	The Oauth Identity Provider must be disabled and re-enabled for changes to this setting to take effect
Advanced Property	Yes
Read-only	No