Configuring OpenID Connect Application Federation Settings

This section describes how to configure OpenID Connect application federation settings.

  1. Click "Application" and then "Application Management."


  2. Click "Edit" for OpenID Connect Application.

  3. Click "Federation."

  4. Enter each item and then click "Update."

    TermDescription
    Discovery endpoint

    Obtains information on the OpenID provider.

    [ Reference ]

    When Display Customization is enabled, use the following as the URL for Authorization endpoint.

    • https://www.auth.iij.jp/op/authorization?tenant_hint=<Subdomain name of the URL that enables Display Customization>

    Client IDClient ID for applications
    Client SecretClient Secret for applications
    Default scopes

    To skip the authorization screen during logins, select the appropriate scopes.

    If all scopes associated with RP authentication requests are included in the default scopes, the authorization screen will be skipped.

    * Authorization is the method by which users authorize their personal data to be provided to applications. Because the default scopes are designed with the assumption that administrators manage user data, the authorization screen can be skipped.

    Application top page URL

    Enter the URL that should be accessed when a user clicks on the corresponding icon in My Applications.

    Redirect URLs

    Enter the URL(s) allowed by the redirect_uri parameter in authorization requests.

    * To configure multiple redirect URLs, click "+ Add Redirect URL" to add another input field for an additional URL.

    * The https schema must be specified to use Implicit Flow. We recommend that you use https schema if using Authorization Code Flow.

    [ Reference ]

    The OpenID Connect ID provider information required for a federation with external services is displayed on the “Federation” tab.

Provided Attribute Information

The following table describes the attribute information provided by this service.

Field nameExampleDescriptionscope
sub52dfd81...Unique user identifieropenid
nameIIJ TaroNameprofile
family_nameIIJLast nameprofile
given_nameTaroFirst nameprofile
family_name_kanaアイアイジェイLast name in katakanaprofile
given_name_kanaタロウFirst name in katakanaprofile
preferred_usernameiij-taro@example.jpUser IDprofile
localeja-JPLanguageprofile
updated_at1459436400Unix Epoch value that represents the time of the last attribute information updateprofile
emailiij-taro@example.jpNotification email addressemail
config_codeasiida-000000000000AConfig code for this serviceiid_contract
service_codeiid00000000Service code for this serviceiid_contract
iid_roles["admin"]User privilegesiid_roles