This topic applies to WebSphere Application Server Liberty V8.5.5.9 and earlier. For the latest Liberty topics, see the WebSphere Application Server Liberty documentation.
OpenId Authentication (openId)
A variety of custom properties are available for OpenId authentication.
Attribute name | Data type | Default value | Description |
---|---|---|---|
authFilterRef | A reference to top level authFilter element (string). | Specifies the authentication filter reference. | |
authenticationMode |
|
checkid_setup | Specifies the OpenID provider authentication mode either checkid_immediate or checkid_setup. checkid_setup is the default authentication mode.
|
hashAlgorithm |
|
SHA256 | Specifies the hash algorithm that is used to sign and encrypt the OpenID provider response parameters.
|
hostNameVerificationEnabled | boolean | true | Specifies whether enable host name verification or not. |
httpsRequired | boolean | true | Require SSL communication between the OpenID relying party and provider service. |
mapIdentityToRegistryUser | boolean | false | Specifies whether to map identity to registry user. The user registry is not used to create the user subject. |
providerIdentifier | string | Specifies a default OpenID provider URL where users get the Open IDs. | |
realmIdentifier | string | Specifies the attribute for the OpenID provider name. | |
sslRef | A reference to top level ssl element (string). | Specifies an ID of the SSL configuration is used to connect to the OpenID provider. | |
useClientIdentity | boolean | false | Specifies whether to use the client OpenID identity to create a user subject. If set to true, only the OpenID client identity is used. If set to false and the first element of userInfoRef is found, we use it to create a user subject. Otherwise, we use the OpenID identity to create a user subject. |
userInfoRef | List of references to top level userInfo elements (comma-separated string). | Specifies a list of userInfo references separated by commas for the OpenID provider to include in the response. |
- authFilter
Description: Specifies the authentication filter reference.Required: falseData type: - authFilter > host
Description: A unique configuration ID.Required: falseData type: Attribute name Data type Default value Description id string A unique configuration ID. matchType - equals
- contains
- notContain
contains Specifies the match type. - equals
- Equals
- contains
- Contains
- notContain
- Not contain
name string Specifies the name.
- authFilter > remoteAddress
Description: A unique configuration ID.Required: falseData type: Attribute name Data type Default value Description id string A unique configuration ID. ip string Specifies the IP address. matchType - lessThan
- equals
- greaterThan
- contains
- notContain
contains Specifies the match type. - lessThan
- Less than
- equals
- Equals
- greaterThan
- Greater than
- contains
- Contains
- notContain
- Not contain
- authFilter > requestUrl
Description: A unique configuration ID.Required: falseData type: Attribute name Data type Default value Description id string A unique configuration ID. matchType - equals
- contains
- notContain
contains Specifies the match type. - equals
- Equals
- contains
- Contains
- notContain
- Not contain
urlPattern string Specifies the URL pattern.
- authFilter > userAgent
Description: A unique configuration ID.Required: falseData type: Attribute name Data type Default value Description agent string Specifies the user agent id string A unique configuration ID. matchType - equals
- contains
- notContain
contains Specifies the match type. - equals
- Equals
- contains
- Contains
- notContain
- Not contain
- authFilter > webApp
Description: A unique configuration ID.Required: falseData type: Attribute name Data type Default value Description id string A unique configuration ID. matchType - equals
- contains
- notContain
contains Specifies the match type. - equals
- Equals
- contains
- Contains
- notContain
- Not contain
name string Specifies the name.
- userInfo
Description: Specifies a list of userInfo references separated by commas for the OpenID provider to include in the response.Required: falseData type: Attribute name Data type Default value Description alias string email Specifies an alias name. count int Minimum: 1
1 Specifies how much userInfo is included in the response of the openID provider. id string A unique configuration ID. required boolean true Specifies whether user information is required or not. uriType string http://axschema.org/contact/email Specifies a URI type.