Configuring OpenID Connect Application Federation Settings
This section describes how to configure OpenID Connect application federation settings.
- Click "Application" and then "Application Management."
Click "Edit" for OpenID Connect Application.
Click "Federation."
Enter each item and then click "Update."
Term Description Discovery endpoint Obtains information on the OpenID provider.
[ Reference ]
When Display Customization is enabled, use the following as the URL for Authorization endpoint.
- https://www.auth.iij.jp/op/authorization?tenant_hint=<Subdomain name of the URL that enables Display Customization>
Client ID Client ID for applications Client Secret Client Secret for applications Default scopes To skip the authorization screen during logins, select the appropriate scopes.
If all scopes associated with RP authentication requests are included in the default scopes, the authorization screen will be skipped.
* Authorization is the method by which users authorize their personal data to be provided to applications. Because the default scopes are designed with the assumption that administrators manage user data, the authorization screen can be skipped.
Application top page URL
Enter the URL that should be accessed when a user clicks on the corresponding icon in My Applications. Redirect URLs
Enter the URL(s) allowed by the redirect_uri parameter in authorization requests.
* To configure multiple redirect URLs, click "+ Add Redirect URL" to add another input field for an additional URL.
* The https schema must be specified to use Implicit Flow. We recommend that you use https schema if using Authorization Code Flow.
[ Reference ]
The OpenID Connect ID provider information required for a federation with external services is displayed on the “Federation” tab.
Provided Attribute Information
The following table describes the attribute information provided by this service.
Field name | Example | Description | scope |
---|---|---|---|
sub | 52dfd81... | Unique user identifier | openid |
name | IIJ Taro | Name | profile |
family_name | IIJ | Last name | profile |
given_name | Taro | First name | profile |
family_name_kana | アイアイジェイ | Last name in katakana | profile |
given_name_kana | タロウ | First name in katakana | profile |
preferred_username | iij-taro@example.jp | User ID | profile |
locale | ja-JP | Language | profile |
updated_at | 1459436400 | Unix Epoch value that represents the time of the last attribute information update | profile |
iij-taro@example.jp | Notification email address | ||
config_code | asiida-000000000000A | Config code for this service | iid_contract |
service_code | iid00000000 | Service code for this service | iid_contract |
iid_roles | ["admin"] | User privileges | iid_roles |