Global Resource Properties (OpenID Connect 1.0)

Connection Settings

Connection settings for a Global Resource can be managed in the property setting dialog for each adapter, in the "Global Resource Settings" in Control Panel.

Basic settings

Item name	Required/Optional	Use of variables	Description	Remarks
Name	Required	Not available	Enter the name of the setting for the connecting destination.

Required settings

Item name	Required/Optional	Use of variables	Description	Remarks
Client ID	Required	Only environment variables are available	Enter the client ID.
Client secret	Required	Only environment variables are available	Enter the client secret.
Redirect URI	Required	Only environment variables are available	Enter the redirect URI.	Specify the redirect URI registered to the service provider. You need to register the following URI with the service provider. http://<The host name or IP address of the OS on which DataSpiderServer runs>:<Port number>/dataspider/openidconnect_1_0
OpenID Configuration URL	Required	Only environment variables are available	Enter the OpenID configuration URL.	Example: https://openid_provider_host/.well-known/openid-configuration
Issuer	Required	Only environment variables are available	Enter the issuer.
Authorization endpoint	Required	Only environment variables are available	Enter the authorization endpoint.
Token endpoint	Required	Only environment variables are available	Enter the token endpoint.
JWKS URI	Required	Only environment variables are available	Enter the JWKS URI.
Scope	Required	-	Specify scopes. Each column can be operated with the following buttons. [Add]: Adds a column. [Up]: Moves up the order of selected column by one. [Down]: Moves down the order of selected column by one. [Delete]: Deletes a column.
Scope/Value	Required	Only environment variables are available	Enter or select a Scope.
Client authentication method	Required	Not required	Enter client authentication method in token request.
Refresh token	Required	Not available	The refresh token issued by [Issue token] will be displayed.
Valid period of access token	Optional	Only environment variables are available	Enter the valid period of access token in seconds. The valid period of access token retrieved by [Issue token] will be displayed.	When entered, refreshes the token if the entered seconds passed over from the point of time when token was issued. If omitted, refreshes the token when 401 error occurred.

Property action

Item name	Description	Remarks
Input from discovery	Gets OpenID Provider information and reflects it in the screen.	Gets OpenID Provider information from the URL entered in [OpenID Configuration URL] and reflects it in the following property items. [Issuer] [Authorization endpoint] [Token endpoint] [JWKS URI] [Value] of [Scope] [Client authentication method] If [OpenID Configuration URL] is not specified, it is disabled.
Issue token	Start the "Authorization Code Setup" dialog. When you perform the settings after retrieving the authentication code, [Refresh token] will be issued and the [Valid period of access token] will be retrieved.	When all the following property items are specified, it is enabled. [Client ID] [Client secret] [Redirect URI] [OpenID Configuration URL] [Issuer] [Authorization endpoint] [Token endpoint] [JWKS URI] [Scope] [Client authentication method]

Detail settings

Item name	Required/Optional	Use of variables	Description
Additional parameters	Optional	-	Specify parameters to add in authorization request. Each column can be operated with the following buttons. [Add]: Adds a column. [Up]: Moves up the order of selected column by one. [Down]: Moves down the order of selected column by one. [Delete]: Deletes a column.
Additional parameters/Key	Required	Only environment variables are available	Enter the parameter key.
Additional parameters/Value	Required	Only environment variables are available	Enter the parameter value.

Component Pool Setting

Component pool is not supported.

Security

Security setting is available from "Global Resource Settings" in control panel.

Specification Limits

Supported authorization flow is Authorization Code Flow.

Public key to verify the ID Token is gotten from JWKS URI.

Supported ID Token alg is RS256.

Supported [Client authentication method] are client_secret_basic and client_secret_post.

State parameter verification in authorization request is not supported.

ID Token nonce parameter verification is not supported.

Main Exceptions

Exception name	Cause	Solution
InvalidPropertyConfigurationException <Property name> is not specified.	[<Property name>] is not specified.	Specify [<Property name>].
java.net.URISyntaxException	The URL is in invalid form.	Check the URL setting.
java.net.UnknownHostException <host name>	Host name is invalid.	Check the host name specified in URL setting.
AuthorizationException <Detailed information...>	Failed in authentication/authorization.	Check the detailed information of the exception. Check [Client ID], [Client secret], [Redirect URI], [Authorization endpoint], [Token endpoint], or [Scope]. Allow the appropriate authority in the authorization screen.
ProviderConfigurationException <Detailed information...>	Failed to receive from discovery.	Check the detailed information of the exception. Check [OpenID Configuration URL].
TokenException Token could not be gotten.<Detailed information...>	Failed to do Token Request.	Check the detailed information of the exception. Check [Token endpoint] or [Scope].
TokenException Token could not be updated.<Detailed information...>	Failed to refresh request.	Check the detailed information of the exception. Re-execute [Issue token].
IdTokenException <Detailed information...>	ID token received from token endpoint is invalid.	Check the detailed information of the exception. Check the setting information in OpenID Provider.