OAuth Single Sign-On Web Services
Overview
Universal Controller supports the following RESTful-based web services for OAuth Single Sign-On Settings, which are listed alphabetically on this page.
Formatting specifications for each web service, including details about parameter requirements, are provided.
Read OAuth Single Sign-On Settings
Description | |
---|---|
URI | http://host_name/uc/resources/oauthsettings |
HTTP Method | GET |
Description | Read the OAuth Single Sign-On Settings. |
Example URI | http://localhost:8080/uc/resources/oauthsettings |
Authentication | Required |
Produces Content-Type | application/xml, application/json |
Consumes Content-Type | N/A |
Example Responses |
|
Read OAuth Single Sign-On Settings: XML and JSON Responses
XML | JSON |
---|---|
Update OAuth Single Sign-On Settings
Description | |
---|---|
URI | http://host_name/uc/resources/oauthsettings |
HTTP Method | PUT |
Description | Update the OAuth Single Sign-On Settings. |
Example URI | http://localhost:8080/uc/resources/oauthsettings |
Authentication | Required |
Produces Content-Type | text/plain |
Consumes Content-Type | application/xml, application/json |
Example Responses |
|
Update OAuth Single Sign-On Settings: XML and JSON Requests
XML | JSON |
---|---|
Update OAuth Single Sign-On Settings: Payload Properties
Property | UI Field Name | Description | Specifications | Required |
---|---|---|---|---|
| OAuth Single Sign-On | If true, turns on OAuth Single Sign-On. If false, turns off OAuth Single Sign-On. | Boolean; Valid values: true/false. Default is false. | N |
| User Provisioning | Turn on or off the provisioning of users through Access or ID Token attributes. Select the application access method(s) you want User Provisioning to be applied. | Valid values (case-insensitive):
XML <userProvisioning/> <userProvisioning> <userProvisioningOption>Web Browser Access</userProvisioningOption> <userProvisioningOption>Web Service Access</userProvisioningOption> </userProvisioning> JSON "userProvisioning": [] "userProvisioning": [ "Web Browser Access", "Web Service Access" ] | N |
| Issuer URI | Universal Controller uses the Issuer URI for discovery of the OpenID Connect / OAuth 2.0 protocol endpoints for authenticating users. One of the following must be a supported endpoint for the authorization server, referred to as a Provider Configuration endpoint or a Authorization Server Metadata endpoint.
| Must be a valid URL beginning with http://, or https:// and contain no spaces. | Y (if |
| Client Id | Client identifier for the Universal Controller Web Application required for OAuth flows. | Y (if | |
| Client Secret | Client secret used for client authentication with the authorization server. | The | Y (if |
| Scopes | Specify a comma-delimited list of OAuth scopes. If left unspecified will default to "openid". | XML <scopes> <scope>profile</scope> <scope>openid</scope> <scope>email</scope> </scopes> JSON "scopes": [ "profile", "openid", "email" ] | N |
| User Id (Username) Claim Name | Specifies the name of a specific claim / attribute to identify the Universal Controller User Id (Username). If left unspecified will default to the Subject identifier (sub). | N | |
| Proof Key for Code Exchange (PKCE) | Authorization Code grant type requires PKCE as additional verification. | Boolean; Valid values: true/false. Default is false. | N |
| Cluster Node Base Redirect URLs | Cluster Node Base Redirect URLs are used to construct the sign-in redirection endpoint for each Cluster Node and are specified as a URL with protocol, server, port, and context path
If not specified, defaults to values from the request using the It is recommended that you specify the The fully qualified sign-in redirection endpoint for each Cluster Node will be:
Each Cluster Node's fully qualified sign-in redirection endpoint must be added to your registered application in the authorization server. | XML <clusterBaseRedirectUrls> <clusterBaseRedirectUrl> <baseRedirectUrl>http://example.com:8080/uc</baseRedirectUrl> <clusterNode>node1:8080-uc</clusterNode> </clusterBaseRedirectUrl> <clusterBaseRedirectUrl> <baseRedirectUrl>http://example.com:8080/uc</baseRedirectUrl> <clusterNode>node2:8080-uc</clusterNode> </clusterBaseRedirectUrl> </clusterBaseRedirectUrls> JSON "clusterBaseRedirectUrls": [ { "baseRedirectUrl": "http://example.com:8080/uc", "clusterNode": "node1:8080-uc" }, { "baseRedirectUrl": "http://example.com:8080/uc", "clusterNode": "node2:8080-uc" } ]
| N |
| OAuth Bearer Token Validation | Choose the type of OAuth2 Bearer Token authentication supported for Universal Controller Web Service API endpoints. If None, then only Basic and Personal Access Token authentication are supported. | Valid values (case-insensitive):
| N |
| Introspection URI | The introspection endpoint URI. | Must be a valid URL beginning with http://, or https:// and contain no spaces. | Y (if |
| JWK Set URI | Specifies a JSON Web Key (JWK) endpoint that contains public keys used for Access and ID Token verification. If left unspecified, Universal Controller will use the Issuer URI to query the Provider Configuration or Authorization Server Metadata endpoint for the JWK Set URI. | Must be a valid URL beginning with http://, or https:// and contain no spaces. | N |
| Audience Claim Value | Specification of the expected audience claim value so the Universal Controller can validate the Token audience (aud) matches. | N | |
| First Name | The Name of an attribute from the Access or ID Token containing the user's First Name. | Y (if | |
| Middle Name | The Name of an attribute from the Access or ID Token containing the user's Middle Name. | N | |
| Last Name | The Name of an attribute from the Access or ID Token containing the user's Last Name. | N | |
| The Name of an attribute from the Access or ID Token containing the user's Email. | N | ||
| Title | The Name of an attribute from the Access or ID Token containing the user's Title. | N | |
| Department | The Name of an attribute from the Access or ID Token containing the user's Department. | N | |
| Manager | The Name of an attribute from the Access or ID Token containing the user's Manager Name. | N | |
| Business Phone | The Name of an attribute from the Access or ID Token containing the user's Business Phone. | N | |
| Mobile Phone | The Name of an attribute from the Access or ID Token containing the user's Mobile Phone. | N | |
| Home Phone | The Name of an attribute from the Access or ID Token containing the user's Home Phone. | N | |
| Active | The Name of an attribute from the Access or ID Token containing the user's Active condition. | N | |
| Groups | The Name of a multi-valued attribute from the Access or ID Token containing the Group Names the user is a member of. | N |