OpenID Connect Provider

This feature enables web applications to integrate OpenID Connect Server 1.0 for authenticating users instead of, or in addition to, the configured user registry.

Enable this feature

To enable the OpenID Connect Provider feature, add the following element declaration inside the featureManager element in the server.xml file:

<feature>openidConnectServer-1.0</feature>

Developing a feature that depends on this feature

If we are developing a feature that depends on the OpenID Connect Provider feature, include the following item in the Subsystem-Content header in the feature manifest file for the new feature:

com.ibm.websphere.appserver.openidConnectServer-1.0; type="osgi.subsystem.feature"

Features that this feature enables

• OAuth

• Java Servlets 3.0

Feature configuration elements

We can use the following elements in the server.xml file to configure the OpenID Connect Provider feature:

• openidConnectProvider

  • claimToUserRegistryMap

    • property

  • discovery

    • claimsSupported

    • grantTypesSupported

    • idTokenSigningAlgValuesSupported

    • responseModesSupported

    • responseTypesSupported

    • scopesSupported

    • tokenEndpointAuthMethodsSupported

  • oauthProvider

    • autoAuthorizeClient

    • databaseStore

      • dataSource

        • connectionManager

        • containerAuthData

        • jdbcDriver

          • library

            • file

            • fileset

            • folder

        • properties

        • properties.datadirect.sqlserver

        • properties.db2.i.native

        • properties.db2.i.toolbox

        • properties.db2.jcc

        • properties.derby.client

        • properties.derby.embedded

        • properties.informix

        • properties.informix.jcc

        • properties.microsoft.sqlserver

        • properties.oracle

        • properties.sybase

        • recoveryAuthData

    • grantType

    • jwtGrantType

    • library

      • file

      • fileset

      • folder

    • localStore

      • client

        • functionalUserGroupIds

        • grantTypes

        • postLogoutRedirectUris

        • redirect

        • responseTypes

    • mediatorClassname

  • scopeToClaimMap

    • property

openidConnectProvider

OpenID Connect server provider

Attribute name	Data type	Default value	Description
id	string		A unique configuration ID.
idTokenLifetime	A period of time with second precision	2h	Time that ID token is valid (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
issuerIdentifier	string		Specify an issuer identifier for the issuer of the response.
keyAliasName	string		Key alias name to locate the private key for signing with an asymmetric algorithm.
keyStoreRef	string	opKeyStore	A keystore containing the private key necessary for signing with an asymmetric algorithm.
oauthProviderRef	A reference to top level oauthProvider element (string).		A reference to the ID of an OAuth provider.
sessionManaged	boolean	false	Indicate by true or false whether session management is supported. Default is false.
signatureAlgorithm	HS256 none RS256	HS256	Specify the signature algorithm that will be used to sign the ID token. HS256 HMAC using SHA-256 hash none No signature RS256 RSASSA-PKCS-v1_5 using SHA-256 hash
trustStoreRef	string		A keystore containing the public key necessary for verifying a signature of the JWT token.

openidConnectProvider > claimToUserRegistryMap

Description: Specify the user registry key for the claim.

Required: false

Data type:

Attribute name	Data type	Default value	Description
address	string	postalAddress	Specify the user registry key that will be retrieved for the address claim.
email	string	mail	Specify the user registry key that will be retrieved for the email claim.
given_name	string	givenName	Specify the user registry key that will be retrieved for the given_name claim.
name	string	displayName	Specify the user registry key that will be retrieved for the name claim.
phone_number	string	telephoneNumber	Specify the user registry key that will be retrieved for the phone_number claim.
picture	string	photoURL	Specify the user registry key that will be retrieved for the picture claim.

openidConnectProvider > claimToUserRegistryMap > property

Description: Specify a property in addition to the parent element properties

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	string		Name of the property
value	string		Specify the value of the property

openidConnectProvider > discovery

Description: Discovery is based on OpenID Connect and Jazz Authorization Server Profile.

Required: false

Data type:

Attribute name	Data type	Default value	Description
claimsParameterSupported	boolean	false	Indicate by true or false whether claims parameter is supported.
requestParameterSupported	boolean	false	Indicate by true or false whether request parameter is supported.
requestUriParameterSupported	boolean	false	Indicate by true or false whether request URI parameter is supported.
requireRequestUriRegistration	boolean	false	Indicate by true or false whether require request URI registration is supported.

openidConnectProvider > discovery > claimsSupported

Description: Specify by comma the list of claims that will be supported.

Required: false

Data type: string

openidConnectProvider > discovery > grantTypesSupported

Description: Specify by comma the list of the grant types that will be used.

Required: false

Data type:

openidConnectProvider > discovery > idTokenSigningAlgValuesSupported

Description: Specify the signature algorithm that will be used to sign the ID token.

Required: false

Data type:

openidConnectProvider > discovery > responseModesSupported

Description: Specify by comma the list of the response modes that will be used.

Required: false

Data type:

openidConnectProvider > discovery > responseTypesSupported

Description: Specify by comma the list of the response types that will be supported by the OP.

Required: false

Data type:

openidConnectProvider > discovery > scopesSupported

Description: Specify by comma the list of scopes that will be supported.

Required: false

Data type: string

openidConnectProvider > discovery > tokenEndpointAuthMethodsSupported

Description: Specify by comma the list of the token endpoint authentication methods that will be used.

Required: false

Data type:

openidConnectProvider > oauthProvider

Description: A reference to the ID of an OAuth provider.

Required: false

Data type:

Attribute name	Data type	Default value	Description
accessTokenLength	long	40	Length of the generated OAuth access token. The equivalent provider parameter in the full application server profile is oauth20.access.token.length.
accessTokenLifetime	A period of time with second precision	7200	Time that access token is valid (seconds). The equivalent provider parameter in the full application server profile is oauth20.token.lifetime.seconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
allowPublicClients	boolean	false	A value of false disables the access of public clients as detailed in the OAuth specification. The equivalent provider parameter in the full application server profile is oauth20.allow.public.clients.
authorizationCodeLength	long	30	Length of the generated authorization code. The equivalent provider parameter in the full application server profile is oauth20.code.length.
authorizationCodeLifetime	A period of time with second precision	60	Authorization code lifetime (seconds). The equivalent provider parameter in the full application server profile is oauth20.code.lifetime.seconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
authorizationErrorTemplate	string		URL of a custom authorization error page template. The equivalent provider parameter in the full application server profile is oauth20.authorization.error.template.
authorizationFormTemplate	string	template.html	URL of a custom authorization page template. The equivalent provider parameter in the full application server profile is oauth20.authorization.form.template.
authorizationGrantLifetime	A period of time with second precision	604800	Authorization grant lifetime (seconds). The equivalent provider parameter in the full application server profile is oauth20.max.authorization.grant.lifetime.seconds. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
autoAuthorize	boolean	false	To use auto authorization, append the autoAuthorize parameter to requests with a value of true. The equivalent provider parameter in the full application server profile is oauth20.autoauthorize.param.
autoAuthorizeParam	string	autoauthz	To use auto authorization, append the autoAuthorize parameter to requests with a value of true. The equivalent provider parameter in the full application server profile is oauth20.autoauthorize.param.
certAuthentication	boolean	false	Enable the authentication of client certificate in the https request.
characterEncoding	string		Set request character encoding to this value. The equivalent provider parameter in the full application server profile is characterEncoding.
clientTokenCacheSize	long		Maximum number of entries in the client token cache.
clientURISubstitutions	string		Optional value to replace client URI strings for dynamic hostnames. The equivalent provider parameter in the full application server profile is oauth20.client.uri.substitutions.
consentCacheEntryLifetime	A period of time with second precision	1800	Time that an entry in the consent cache is valid (seconds). Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
consentCacheSize	long Minimum: 0	1000	Maximum number of entries allowed in the consent cache.
coverageMapSessionMaxAge	A period of time with second precision	600	The max-age value (seconds) for the cache-control header of the coverage map service. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
customLoginURL	string	login.jsp	URL of a custom login page. The equivalent provider parameter in the full application server profile is oauth20.authorization.loginURL.
filter	string		URI filter selects requests to be authorized by this provider. The equivalent provider parameter in the full application server profile is Filter.
httpsRequired	boolean	true	SSL communication between the OAuth client and provider is required.
includeTokenInSubject	boolean	true	If the value is true, add the com.ibm.wsspi.security.oauth20.token.WSOAuth20Token as a private credential. The equivalent provider parameter in the full application server profile is includeToken.
issueRefreshToken	boolean	true	A value of false disables generation and the use of refresh tokens. The equivalent provider parameter in the full application server profile is oauth20.issue.refresh.token.
libraryRef	A reference to top level library element (string).		Reference to shared library containing the mediator plugin class.
oauthOnly	boolean	true	If the value is true, then requests matching the filter must have an access token or they will be failed. If false, then matching requests will be checked for other authentication data if no access token is present. The equivalent provider parameter in the full application server profile is oauthOnly.
refreshTokenLength	long	50	Length of generated refresh token. The equivalent provider parameter in the full application server profile is oauth20.refresh.token.length.
userClientTokenLimit	long		Token limit for each user and client combination.

openidConnectProvider > oauthProvider > autoAuthorizeClient

Description: Name of a client that is allowed to use auto authorization. The equivalent provider parameter in the full application server profile is oauth20.autoauthorize.clients.

Required: false

Data type: string

openidConnectProvider > oauthProvider > databaseStore

Description: Clients are defined and tokens are cached in the database.

Required: false

Data type:

Attribute name	Data type	Default value	Description
cleanupExpiredTokenInterval	A period of time with second precision	3600	Expired token cleanup interval (seconds). The equivalent provider parameter in the full application server profile is oauthjdbc.CleanupInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
dataSourceRef	A reference to top level dataSource element (string).		Reference to the data source for the store.
password	Reversably encoded password (string)		Password used to access the database.
user	string		User

openidConnectProvider > oauthProvider > databaseStore > dataSource

Description: Reference to the data source for the store.

Required: false

Data type:

Attribute name	Data type	Default value	Description
beginTranForResultSetScrollingAPIs	boolean	true	Attempt transaction enlistment when result set scrolling interfaces are used.
beginTranForVendorAPIs	boolean	true	Attempt transaction enlistment when vendor interfaces are used.
commitOrRollbackOnCleanup	commit rollback		Determines how to clean up connections that might be in a database unit of work (AutoCommit=false) when the connection is closed or returned to the pool. commit Clean up the connection by committing. rollback Clean up the connection by rolling back.
connectionManagerRef	A reference to top level connectionManager element (string).		Connection manager for a data source.
connectionSharing	MatchOriginalRequest MatchCurrentState	MatchOriginalRequest	Specifies how connections are matched for sharing. MatchOriginalRequest When sharing connections, match based on the original connection request. MatchCurrentState When sharing connections, match based on the current state of the connection.
containerAuthDataRef	A reference to top level authData element (string).		Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER.
isolationLevel	TRANSACTION_REPEATABLE_READ TRANSACTION_READ_COMMITTED TRANSACTION_SERIALIZABLE TRANSACTION_READ_UNCOMMITTED TRANSACTION_SNAPSHOT		Default transaction isolation level. TRANSACTION_REPEATABLE_READ Dirty reads and non-repeatable reads are prevented; phantom reads can occur. TRANSACTION_READ_COMMITTED Dirty reads are prevented; non-repeatable reads and phantom reads can occur. TRANSACTION_SERIALIZABLE Dirty reads, non-repeatable reads and phantom reads are prevented. TRANSACTION_READ_UNCOMMITTED Dirty reads, non-repeatable reads and phantom reads can occur. TRANSACTION_SNAPSHOT Snapshot isolation for Microsoft SQL Server JDBC Driver and DataDirect Connect for JDBC driver.
jdbcDriverRef	A reference to top level jdbcDriver element (string).		JDBC driver for a data source.
jndiName	string		JNDI name for a data source.
queryTimeout	A period of time with second precision		Default query timeout for SQL statements. In a JTA transaction, syncQueryTimeoutWithTransactionTimeout can override this default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
recoveryAuthDataRef	A reference to top level authData element (string).		Authentication data for transaction recovery.
statementCacheSize	int Minimum: 0	10	Maximum number of cached statements per connection.
supplementalJDBCTrace	boolean		Supplements the JDBC driver trace that is logged when JDBC driver trace is enabled in bootstrap.properties. JDBC driver trace specifications include: com.ibm.ws.database.logwriter, com.ibm.ws.db2.logwriter, com.ibm.ws.derby.logwriter, com.ibm.ws.informix.logwriter, com.ibm.ws.oracle.logwriter, com.ibm.ws.sqlserver.logwriter, com.ibm.ws.sybase.logwriter.
syncQueryTimeoutWithTransactionTimeout	boolean	false	Use the time remaining (if any) in a JTA transaction as the default query timeout for SQL statements.
transactional	boolean	true	Enable participation in transactions managed by the application server.
type	javax.sql.DataSource javax.sql.XADataSource javax.sql.ConnectionPoolDataSource		Type of data source. javax.sql.DataSource javax.sql.DataSource javax.sql.XADataSource javax.sql.XADataSource javax.sql.ConnectionPoolDataSource javax.sql.ConnectionPoolDataSource

openidConnectProvider > oauthProvider > databaseStore > dataSource > connectionManager

Description: Connection manager for a data source.

Required: false

Data type:

Attribute name	Data type	Default value	Description
agedTimeout	A period of time with second precision	-1	Amount of time before a physical connection can be discarded by pool maintenance. A value of -1 disables this timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
connectionTimeout	A period of time with second precision	30s	Amount of time after which a connection request times out. A value of -1 disables this timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maxConnectionsPerThread	int Minimum: 0		Limits the number of open connections on each thread.
maxIdleTime	A period of time with second precision	30m	Amount of time after which an unused or idle connection can be discarded during pool maintenance, if doing so does not reduce the pool below the minimum size. A value of -1 disables this timeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maxPoolSize	int Minimum: 0	50	Maximum number of physical connections for a pool. A value of 0 means unlimited.
minPoolSize	int Minimum: 0		Minimum number of physical connections to maintain in the pool. The pool is not pre-populated. Aged timeout can override the minimum.
numConnectionsPerThreadLocal	int Minimum: 0		Caches the specified number of connections for each thread.
purgePolicy	ValidateAllConnections FailingConnectionOnly EntirePool	EntirePool	Specifies which connections to destroy when a stale connection is detected in a pool. ValidateAllConnections When a stale connection is detected, connections are tested and those found to be bad are closed. FailingConnectionOnly When a stale connection is detected, only the connection which was found to be bad is closed. EntirePool When a stale connection is detected, all connections in the pool are marked stale, and when no longer in use, are closed.
reapTime	A period of time with second precision	3m	Amount of time between runs of the pool maintenance thread. A value of -1 disables pool maintenance. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.

openidConnectProvider > oauthProvider > databaseStore > dataSource > containerAuthData

Description: Default authentication data for container managed authentication that applies when bindings do not specify an authentication-alias for a resource reference with res-auth=CONTAINER.

Required: false

Data type:

Attribute name	Data type	Default value	Description
password	Reversably encoded password (string)		Password of the user to use when connecting to the EIS. Stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option.
user	string		Name of the user to use when connecting to the EIS.

openidConnectProvider > oauthProvider > databaseStore > dataSource > jdbcDriver

Description: JDBC driver for a data source.

Required: false

Data type:

Attribute name	Data type	Default value	Description
javax.sql.ConnectionPoolDataSource	string		JDBC driver implementation of javax.sql.ConnectionPoolDataSource.
javax.sql.DataSource	string		JDBC driver implementation of javax.sql.DataSource.
javax.sql.XADataSource	string		JDBC driver implementation of javax.sql.XADataSource.
libraryRef	A reference to top level library element (string).		Identifies JDBC driver JARs and native files.

openidConnectProvider > oauthProvider > databaseStore > dataSource > jdbcDriver > library

Description: Identifies JDBC driver JARs and native files.

Required: false

Data type:

Attribute name	Data type	Default value	Description
apiTypeVisibility	string	spec,ibm-api,api	The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party.
description	string		Description of shared library for administrators
filesetRef	List of references to top level fileset elements (comma-separated string).		Id of referenced Fileset
name	string		Name of shared library for administrators

openidConnectProvider > oauthProvider > databaseStore > dataSource > jdbcDriver > library > file

Description: Id of referenced File

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	Path to a file		Fully qualified filename

openidConnectProvider > oauthProvider > databaseStore > dataSource > jdbcDriver > library > fileset

Description: Id of referenced Fileset

Required: false

Data type:

Attribute name	Data type	Default value	Description
caseSensitive	boolean	true	Boolean to indicate whether or not the search should be case sensitive (default: true).
dir	Path to a directory	${server.config.dir}	The base directory to search for files.
excludes	string		The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded.
includes	string	*	The comma or space separated list of file name patterns to include in the search results (default: *).
scanInterval	A period of time with millisecond precision	0	Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

openidConnectProvider > oauthProvider > databaseStore > dataSource > jdbcDriver > library > folder

Description: Id of referenced folder

Required: false

Data type:

Attribute name	Data type	Default value	Description
dir	Path to a directory		Directory or folder to be included in the library classpath for locating resource files

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties

Description: List of JDBC vendor properties for the data source. For example, databaseName="dbname" serverName="localhost" portNumber="50000".

Required: false

Data type:

Attribute name	Data type	Default value	Description
URL	string		URL for connecting to the database.
databaseName	string		JDBC driver property: databaseName.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int		Port on which to obtain database connections.
serverName	string		Server where the database is running.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.datadirect.sqlserver

Description: Data source properties for the DataDirect Connect for JDBC driver for Microsoft SQL Server.

Required: false

Data type:

Attribute name	Data type	Default value	Description
JDBCBehavior	1 0	0	JDBC driver property: JDBCBehavior. Values are: 0 (JDBC 4.0) or 1 (JDBC 3.0). 1 JDBC 3.0 0 JDBC 4.0
XATransactionGroup	string		JDBC driver property: XATransactionGroup.
XMLDescribeType	longvarbinary longvarchar		JDBC driver property: XMLDescribeType. longvarbinary longvarbinary longvarchar longvarchar
accountingInfo	string		JDBC driver property: accountingInfo.
alternateServers	string		JDBC driver property: alternateServers.
alwaysReportTriggerResults	boolean		JDBC driver property: alwaysReportTriggerResults.
applicationName	string		JDBC driver property: applicationName.
authenticationMethod	ntlm userIdPassword kerberos auto		JDBC driver property: authenticationMethod. ntlm ntlm userIdPassword userIdPassword kerberos kerberos auto auto
bulkLoadBatchSize	long		JDBC driver property: bulkLoadBatchSize.
bulkLoadOptions	long		JDBC driver property: bulkLoadOptions.
clientHostName	string		JDBC driver property: clientHostName.
clientUser	string		JDBC driver property: clientUser.
codePageOverride	string		JDBC driver property: codePageOverride.
connectionRetryCount	int		JDBC driver property: connectionRetryCount.
connectionRetryDelay	A period of time with second precision		JDBC driver property: connectionRetryDelay. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
convertNull	int		JDBC driver property: convertNull.
databaseName	string		JDBC driver property: databaseName.
dateTimeInputParameterType	dateTime dateTimeOffset auto		JDBC driver property: dateTimeInputParameterType. dateTime dateTime dateTimeOffset dateTimeOffset auto auto
dateTimeOutputParameterType	dateTime dateTimeOffset auto		JDBC driver property: dateTimeOutputParameterType. dateTime dateTime dateTimeOffset dateTimeOffset auto auto
describeInputParameters	describeIfString noDescribe describeIfDateTime describeAll		JDBC driver property: describeInputParameters. describeIfString describeIfString noDescribe noDescribe describeIfDateTime describeIfDateTime describeAll describeAll
describeOutputParameters	describeIfString noDescribe describeIfDateTime describeAll		JDBC driver property: describeOutputParameters. describeIfString describeIfString noDescribe noDescribe describeIfDateTime describeIfDateTime describeAll describeAll
enableBulkLoad	boolean		JDBC driver property: enableBulkLoad.
enableCancelTimeout	boolean		JDBC driver property: enableCancelTimeout.
encryptionMethod	loginSSL requestSSL SSL noEncryption		JDBC driver property: encryptionMethod. loginSSL loginSSL requestSSL requestSSL SSL SSL noEncryption noEncryption
failoverGranularity	disableIntegrityCheck atomicWithRepositioning nonAtomic atomic		JDBC driver property: failoverGranularity. disableIntegrityCheck disableIntegrityCheck atomicWithRepositioning atomicWithRepositioning nonAtomic nonAtomic atomic atomic
failoverMode	connect select extended		JDBC driver property: failoverMode. connect connect select select extended extended
failoverPreconnect	boolean		JDBC driver property: failoverPreconnect.
hostNameInCertificate	string		JDBC driver property: hostNameInCertificate.
initializationString	string		JDBC driver property: initializationString.
insensitiveResultSetBufferSize	int		JDBC driver property: insensitiveResultSetBufferSize.
javaDoubleToString	boolean		JDBC driver property: javaDoubleToString.
loadBalancing	boolean		JDBC driver property: loadBalancing.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
longDataCacheSize	int Minimum: -1		JDBC driver property: longDataCacheSize.
netAddress	string		JDBC driver property: netAddress.
packetSize	int Minimum: -1 Maximum: 128		JDBC driver property: packetSize.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1433	Port on which to obtain database connections.
queryTimeout	A period of time with second precision		JDBC driver property: queryTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
resultsetMetaDataOptions	int		JDBC driver property: resultsetMetaDataOptions.
selectMethod	direct cursor		JDBC driver property: selectMethod. direct direct cursor cursor
serverName	string	localhost	Server where the database is running.
snapshotSerializable	boolean		JDBC driver property: snapshotSerializable.
spyAttributes	string		JDBC driver property: spyAttributes.
stringInputParameterType	varchar nvarchar	varchar	JDBC driver property: stringInputParameterType. varchar varchar nvarchar nvarchar
stringOutputParameterType	varchar nvarchar	varchar	JDBC driver property: stringOutputParameterType. varchar varchar nvarchar nvarchar
suppressConnectionWarnings	boolean		JDBC driver property: suppressConnectionWarnings.
transactionMode	explicit implicit		JDBC driver property: transactionMode. explicit explicit implicit implicit
truncateFractionalSeconds	boolean		JDBC driver property: truncateFractionalSeconds.
trustStore	string		JDBC driver property: trustStore.
trustStorePassword	Reversably encoded password (string)		JDBC driver property: trustStorePassword.
useServerSideUpdatableCursors	boolean		JDBC driver property: useServerSideUpdatableCursors.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
validateServerCertificate	boolean		JDBC driver property: validateServerCertificate.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.db2.i.native

Description: Data source properties for the IBM DB2 for i Native JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access	read only all read call	all	JDBC driver property: access. read only read only all all read call read call
autoCommit	boolean	true	JDBC driver property: autoCommit.
batchStyle	2.1 2.0	2.0	JDBC driver property: batchStyle. 2.1 2.1 2.0 2.0
behaviorOverride	int		JDBC driver property: behaviorOverride.
blockSize	512 128 0 32 64 16 8 256	32	JDBC driver property: blockSize. 512 512 128 128 0 0 32 32 64 64 16 16 8 8 256 256
cursorHold	boolean	false	JDBC driver property: cursorHold.
cursorSensitivity	asensitive sensitive	asensitive	JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). asensitive asensitive sensitive sensitive
dataTruncation	string	true	JDBC driver property: dataTruncation.
databaseName	string	*LOCAL	JDBC driver property: databaseName.
dateFormat	dmy iso eur ymd julian jis usa mdy		JDBC driver property: dateFormat. dmy dmy iso iso eur eur ymd ymd julian julian jis jis usa usa mdy mdy
dateSeparator	\, b . / -		JDBC driver property: dateSeparator. \, The comma character (,). b The character b . The period character (.). / The forward slash character (/). - The dash character (-).
decimalSeparator	\, .		JDBC driver property: decimalSeparator. \, The comma character (,). . The period character (.).
directMap	boolean	true	JDBC driver property: directMap.
doEscapeProcessing	boolean	true	JDBC driver property: doEscapeProcessing.
fullErrors	boolean		JDBC driver property: fullErrors.
libraries	string		JDBC driver property: libraries.
lobThreshold	int Maximum: 500000	0	JDBC driver property: lobThreshold.
lockTimeout	A period of time with second precision	0	JDBC driver property: lockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maximumPrecision	31 63	31	JDBC driver property: maximumPrecision. 31 31 63 63
maximumScale	int Minimum: 0 Maximum: 63	31	JDBC driver property: maximumScale.
minimumDivideScale	int Minimum: 0 Maximum: 9	0	JDBC driver property: minimumDivideScale.
networkProtocol	int		JDBC driver property: networkProtocol.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int		Port on which to obtain database connections.
prefetch	boolean	true	JDBC driver property: prefetch.
queryOptimizeGoal	2 1	2	JDBC driver property: queryOptimizeGoal. Values are: 1 (*FIRSTIO) or 2 (*ALLIO). 2 *ALLIO 1 *FIRSTIO
reuseObjects	boolean	true	JDBC driver property: reuseObjects.
serverName	string		Server where the database is running.
serverTraceCategories	int	0	JDBC driver property: serverTraceCategories.
systemNaming	boolean	false	JDBC driver property: systemNaming.
timeFormat	iso eur jis usa hms		JDBC driver property: timeFormat. iso iso eur eur jis jis usa usa hms hms
timeSeparator	\, b : .		JDBC driver property: timeSeparator. \, The comma character (,). b The character b : The colon character (:). . The period character (.).
trace	boolean		JDBC driver property: trace.
transactionTimeout	A period of time with second precision	0	JDBC driver property: transactionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
translateBinary	boolean	false	JDBC driver property: translateBinary.
translateHex	binary character	character	JDBC driver property: translateHex. binary binary character character
useBlockInsert	boolean	false	JDBC driver property: useBlockInsert.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.db2.i.toolbox

Description: Data source properties for the IBM DB2 for i Toolbox JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
access	read only all read call	all	JDBC driver property: access. read only read only all all read call read call
behaviorOverride	int		JDBC driver property: behaviorOverride.
bidiImplicitReordering	boolean	true	JDBC driver property: bidiImplicitReordering.
bidiNumericOrdering	boolean	false	JDBC driver property: bidiNumericOrdering.
bidiStringType	int		JDBC driver property: bidiStringType.
bigDecimal	boolean	true	JDBC driver property: bigDecimal.
blockCriteria	2 1 0	2	JDBC driver property: blockCriteria. Values are: 0 (no record blocking), 1 (block if FOR FETCH ONLY is specified), 2 (block if FOR UPDATE is specified). 2 2 1 1 0 0
blockSize	512 128 0 32 64 16 8 256	32	JDBC driver property: blockSize. 512 512 128 128 0 0 32 32 64 64 16 16 8 8 256 256
cursorHold	boolean	false	JDBC driver property: cursorHold.
cursorSensitivity	asensitive sensitive insensitive	asensitive	JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). asensitive asensitive sensitive sensitive insensitive insensitive
dataCompression	boolean	true	JDBC driver property: dataCompression.
dataTruncation	boolean	true	JDBC driver property: dataTruncation.
databaseName	string		JDBC driver property: databaseName.
dateFormat	dmy iso eur ymd julian jis usa mdy		JDBC driver property: dateFormat. dmy dmy iso iso eur eur ymd ymd julian julian jis jis usa usa mdy mdy
dateSeparator	\, . / -		JDBC driver property: dateSeparator. The space character ( ). \, The comma character (,). . The period character (.). / The forward slash character (/). - The dash character (-).
decimalSeparator	\, .		JDBC driver property: decimalSeparator. \, The comma character (,). . The period character (.).
driver	toolbox native	toolbox	JDBC driver property: driver. toolbox toolbox native native
errors	full basic	basic	JDBC driver property: errors. full full basic basic
extendedDynamic	boolean	false	JDBC driver property: extendedDynamic.
extendedMetaData	boolean	false	JDBC driver property: extendedMetaData.
fullOpen	boolean	false	JDBC driver property: fullOpen.
holdInputLocators	boolean	true	JDBC driver property: holdInputLocators.
holdStatements	boolean	false	JDBC driver property: holdStatements.
isolationLevelSwitchingSupport	boolean	false	JDBC driver property: isolationLevelSwitchingSupport.
keepAlive	boolean		JDBC driver property: keepAlive.
lazyClose	boolean	false	JDBC driver property: lazyClose.
libraries	string		JDBC driver property: libraries.
lobThreshold	int Minimum: 0 Maximum: 16777216	0	JDBC driver property: lobThreshold.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maximumPrecision	31 63	31	JDBC driver property: maximumPrecision. 31 31 63 64
maximumScale	int Minimum: 0 Maximum: 63	31	JDBC driver property: maximumScale.
metaDataSource	int Minimum: 0 Maximum: 1	1	JDBC driver property: metaDataSource.
minimumDivideScale	int Minimum: 0 Maximum: 9	0	JDBC driver property: minimumDivideScale.
naming	system sql	sql	JDBC driver property: naming. system system sql sql
package	string		JDBC driver property: package.
packageAdd	boolean	true	JDBC driver property: packageAdd.
packageCCSID	13488 1200	13488	JDBC driver property: packageCCSID. Values are: 1200 (UCS-2) or 13488 (UTF-16). 13488 13488 (UTF-16) 1200 1200 (UCS-2)
packageCache	boolean	false	JDBC driver property: packageCache.
packageCriteria	default select	default	JDBC driver property: packageCriteria. default default select select
packageError	exception none warning	warning	JDBC driver property: packageError. exception exception none none warning warning
packageLibrary	string	QGPL	JDBC driver property: packageLibrary.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
prefetch	boolean	true	JDBC driver property: prefetch.
prompt	boolean	false	JDBC driver property: prompt.
proxyServer	string		JDBC driver property: proxyServer.
qaqqiniLibrary	string		JDBC driver property: qaqqiniLibrary.
queryOptimizeGoal	int Minimum: 0 Maximum: 2	0	JDBC driver property: queryOptimizeGoal. Values are: 1 (*FIRSTIO) or 2 (*ALLIO).
receiveBufferSize	int Minimum: 1		JDBC driver property: receiveBufferSize.
remarks	system sql	system	JDBC driver property: remarks. system system sql sql
rollbackCursorHold	boolean	false	JDBC driver property: rollbackCursorHold.
savePasswordWhenSerialized	boolean	false	JDBC driver property: savePasswordWhenSerialized.
secondaryUrl	string		JDBC driver property: secondaryUrl.
secure	boolean	false	JDBC driver property: secure.
sendBufferSize	int Minimum: 1		JDBC driver property: sendBufferSize.
serverName	string		Server where the database is running.
serverTraceCategories	int	0	JDBC driver property: serverTraceCategories.
soLinger	A period of time with second precision		JDBC driver property: soLinger. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
soTimeout	A period of time with millisecond precision		JDBC driver property: soTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
sort	hex table language	hex	JDBC driver property: sort. hex hex table table language language
sortLanguage	string		JDBC driver property: sortLanguage.
sortTable	string		JDBC driver property: sortTable.
sortWeight	unqiue shared		JDBC driver property: sortWeight. unqiue unique shared shared
tcpNoDelay	boolean		JDBC driver property: tcpNoDelay.
threadUsed	boolean	true	JDBC driver property: threadUsed.
timeFormat	iso eur jis usa hms		JDBC driver property: timeFormat. iso iso eur eur jis jis usa usa hms hms
timeSeparator	\, : .		JDBC driver property: timeSeparator. The space character ( ). \, The comma character (,). : The colon character (:). . The period character (.).
toolboxTrace	diagnostic information conversion error thread proxy none datastream pcml all jdbc warning		JDBC driver property: toolboxTrace. diagnostic diagnostic information information conversion conversion error error thread thread proxy proxy none none datastream datastream pcml pcml all all jdbc jdbc warning warning
trace	boolean		JDBC driver property: trace.
translateBinary	boolean	false	JDBC driver property: translateBinary.
translateBoolean	boolean	true	JDBC driver property: translateBoolean.
translateHex	binary character	character	JDBC driver property: translateHex. binary binary character character
trueAutoCommit	boolean	false	JDBC driver property: trueAutoCommit.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
xaLooselyCoupledSupport	int Minimum: 0 Maximum: 1	0	JDBC driver property: xaLooselyCoupledSupport.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.db2.jcc

Description: Data source properties for the IBM Data Server Driver for JDBC and SQLJ for DB2.

Required: false

Data type:

Attribute name	Data type	Default value	Description
activateDatabase	int		JDBC driver property: activateDatabase.
alternateGroupDatabaseName	string		JDBC driver property: alternateGroupDatabaseName.
alternateGroupPortNumber	string		JDBC driver property: alternateGroupPortNumber.
alternateGroupServerName	string		JDBC driver property: alternateGroupServerName.
blockingReadConnectionTimeout	A period of time with second precision		JDBC driver property: blockingReadConnectionTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
clientAccountingInformation	string		JDBC driver property: clientAccountingInformation.
clientApplicationInformation	string		JDBC driver property: clientApplicationInformation.
clientRerouteServerListJNDIName	string		JDBC driver property: clientRerouteServerListJNDIName.
clientUser	string		JDBC driver property: clientUser.
clientWorkstation	string		JDBC driver property: clientWorkstation.
connectionCloseWithInFlightTransaction	2 1		JDBC driver property: connectionCloseWithInFlightTransaction. 2 CONNECTION_CLOSE_WITH_ROLLBACK 1 CONNECTION_CLOSE_WITH_EXCEPTION
currentAlternateGroupEntry	int		JDBC driver property: currentAlternateGroupEntry.
currentFunctionPath	string		JDBC driver property: currentFunctionPath.
currentLocaleLcCtype	string		JDBC driver property: currentLocaleLcCtype.
currentLockTimeout	A period of time with second precision		JDBC driver property: currentLockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
currentPackagePath	string		JDBC driver property: currentPackagePath.
currentPackageSet	string		JDBC driver property: currentPackageSet.
currentSQLID	string		JDBC driver property: currentSQLID.
currentSchema	string		JDBC driver property: currentSchema.
cursorSensitivity	2 1 0		JDBC driver property: cursorSensitivity. Values are: 0 (TYPE_SCROLL_SENSITIVE_STATIC), 1 (TYPE_SCROLL_SENSITIVE_DYNAMIC), 2 (TYPE_SCROLL_ASENSITIVE). 2 TYPE_SCROLL_ASENSITIVE 1 TYPE_SCROLL_SENSITIVE_DYNAMIC 0 TYPE_SCROLL_SENSITIVE_STATIC
databaseName	string		JDBC driver property: databaseName.
deferPrepares	boolean	true	JDBC driver property: deferPrepares.
driverType	2 4	4	JDBC driver property: driverType. 2 Type 2 JDBC driver. 4 Type 4 JDBC driver.
enableAlternateGroupSeamlessACR	boolean		JDBC driver property: enableAlternateGroupSeamlessACR.
enableClientAffinitiesList	2 1		JDBC driver property: enableClientAffinitiesList. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
enableExtendedDescribe	2 1		JDBC driver property: enableExtendedDescribe. 2 NO 1 YES
enableExtendedIndicators	2 1		JDBC driver property: enableExtendedIndicators. 2 NO 1 YES
enableNamedParameterMarkers	2 1		JDBC driver property: enableNamedParameterMarkers. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
enableSeamlessFailover	2 1		JDBC driver property: enableSeamlessFailover. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
enableSysplexWLB	boolean		JDBC driver property: enableSysplexWLB.
fetchSize	int		JDBC driver property: fetchSize.
fullyMaterializeInputStreams	boolean		JDBC driver property: fullyMaterializeInputStreams.
fullyMaterializeInputStreamsOnBatchExecution	2 1		JDBC driver property: fullyMaterializeInputStreamsOnBatchExecution. 2 NO 1 YES
fullyMaterializeLobData	boolean		JDBC driver property: fullyMaterializeLobData.
implicitRollbackOption	2 1 0		JDBC driver property: implicitRollbackOption. 2 IMPLICIT_ROLLBACK_OPTION_CLOSE_CONNECTION 1 IMPLICIT_ROLLBACK_OPTION_NOT_CLOSE_CONNECTION 0 IMPLICIT_ROLLBACK_OPTION_NOT_SET
interruptProcessingMode	2 1 0		JDBC driver property: interruptProcessingMode. 2 INTERRUPT_PROCESSING_MODE_CLOSE_SOCKET 1 INTERRUPT_PROCESSING_MODE_STATEMENT_CANCEL 0 INTERRUPT_PROCESSING_MODE_DISABLED
keepAliveTimeOut	A period of time with second precision		JDBC driver property: keepAliveTimeOut. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
keepDynamic	int		JDBC driver property: keepDynamic.
kerberosServerPrincipal	string		JDBC driver property: kerberosServerPrincipal.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
maxConnCachedParamBufferSize	int		JDBC driver property: maxConnCachedParamBufferSize.
maxRetriesForClientReroute	int		JDBC driver property: maxRetriesForClientReroute.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	50000	Port on which to obtain database connections.
profileName	string		JDBC driver property: profileName.
queryCloseImplicit	2 1		JDBC driver property: queryCloseImplicit. Values are: 1 (QUERY_CLOSE_IMPLICIT_YES) or 2 (QUERY_CLOSE_IMPLICIT_NO). 2 QUERY_CLOSE_IMPLICIT_NO 1 QUERY_CLOSE_IMPLICIT_YES
queryDataSize	int Minimum: 4096 Maximum: 65535		JDBC driver property: queryDataSize.
queryTimeoutInterruptProcessingMode	2 1		JDBC driver property: queryTimeoutInterruptProcessingMode. 2 INTERRUPT_PROCESSING_MODE_CLOSE_SOCKET 1 INTERRUPT_PROCESSING_MODE_STATEMENT_CANCEL
readOnly	boolean		JDBC driver property: readOnly.
recordTemporalHistory	2 1		JDBC driver property: recordTemporalHistory. 2 NO 1 YES
resultSetHoldability	2 1		JDBC driver property: resultSetHoldability. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). 2 CLOSE_CURSORS_AT_COMMIT 1 HOLD_CURSORS_OVER_COMMIT
resultSetHoldabilityForCatalogQueries	2 1		JDBC driver property: resultSetHoldabilityForCatalogQueries. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). 2 CLOSE_CURSORS_AT_COMMIT 1 HOLD_CURSORS_OVER_COMMIT
retrieveMessagesFromServerOnGetMessage	boolean	true	JDBC driver property: retrieveMessagesFromServerOnGetMessage.
retryIntervalForClientReroute	A period of time with second precision		JDBC driver property: retryIntervalForClientReroute. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
securityMechanism	3 7 4 15 9 16 13 11 12		JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY), 11 (KERBEROS_SECURITY), 12 (ENCRYPTED_USER_AND_DATA_SECURITY"), (ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY"), 15 (PLUGIN_SECURITY), 16 (ENCRYPTED_USER_ONLY_SECURITY). 3 CLEAR_TEXT_PASSWORD_SECURITY 7 ENCRYPTED_PASSWORD_SECURITY 4 USER_ONLY_SECURITY 15 PLUGIN_SECURITY 9 ENCRYPTED_USER_AND_PASSWORD_SECURITY 16 ENCRYPTED_USER_ONLY_SECURITY 13 ENCRYPTED_USER_PASSWORD_AND_DATA_SECURITY 11 KERBEROS_SECURITY 12 ENCRYPTED_USER_AND_DATA_SECURITY
sendDataAsIs	boolean		JDBC driver property: sendDataAsIs.
serverName	string	localhost	Server where the database is running.
sessionTimeZone	string		JDBC driver property: sessionTimeZone.
sqljCloseStmtsWithOpenResultSet	boolean		JDBC driver property: sqljCloseStmtsWithOpenResultSet.
sqljEnableClassLoaderSpecificProfiles	boolean		JDBC driver property: sqljEnableClassLoaderSpecificProfiles.
sslConnection	boolean		JDBC driver property: sslConnection.
streamBufferSize	int		JDBC driver property: streamBufferSize.
stripTrailingZerosForDecimalNumbers	2 1		JDBC driver property: stripTrailingZerosForDecimalNumbers. 2 NO 1 YES
sysSchema	string		JDBC driver property: sysSchema.
timerLevelForQueryTimeOut	2 1 -1		JDBC driver property: timerLevelForQueryTimeOut. 2 QUERYTIMEOUT_CONNECTION_LEVEL 1 QUERYTIMEOUT_STATEMENT_LEVEL -1 QUERYTIMEOUT_DISABLED
traceDirectory	string		JDBC driver property: traceDirectory.
traceFile	string		JDBC driver property: traceFile.
traceFileAppend	boolean		JDBC driver property: traceFileAppend.
traceFileCount	int		JDBC driver property: traceFileCount.
traceFileSize	int		JDBC driver property: traceFileSize.
traceLevel	int	0	Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_SQLJ=1024, TRACE_META_CALLS=8192, TRACE_DATASOURCE_CALLS=16384, TRACE_LARGE_OBJECT_CALLS=32768, TRACE_SYSTEM_MONITOR=131072, TRACE_TRACEPOINTS=262144, TRACE_ALL=-1.
traceOption	1 0		JDBC driver property: traceOption 1 1 0 0
translateForBitData	2 1		JDBC driver property: translateForBitData. 2 SERVER_ENCODING_REPRESENTATION 1 HEX_REPRESENTATION
updateCountForBatch	2 1		JDBC driver property: updateCountForBatch. 2 TOTAL_UPDATE_COUNT 1 NO_UPDATE_COUNT
useCachedCursor	boolean		JDBC driver property: useCachedCursor.
useIdentityValLocalForAutoGeneratedKeys	boolean		JDBC driver property: useIdentityValLocalForAutoGeneratedKeys.
useJDBC41DefinitionForGetColumns	2 1		JDBC driver property: useJDBC41DefinitionForGetColumns. 2 NO 1 YES
useJDBC4ColumnNameAndLabelSemantics	2 1		JDBC driver property: useJDBC4ColumnNameAndLabelSemantics. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
useTransactionRedirect	boolean		JDBC driver property: useTransactionRedirect.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
xaNetworkOptimization	boolean		JDBC driver property: xaNetworkOptimization.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.derby.client

Description: Data source properties for Derby Network Client JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
connectionAttributes	string		JDBC driver property: connectionAttributes.
createDatabase	false create		JDBC driver property: createDatabase. false Do not automatically create the database. create When the first connection is established, automatically create the database if it doesn't exist.
databaseName	string		JDBC driver property: databaseName.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1527	Port on which to obtain database connections.
retrieveMessageText	boolean	true	JDBC driver property: retrieveMessageText.
securityMechanism	3 7 4 9 8	3	JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 8 (STRONG_PASSWORD_SUBSTITUTE_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY). 3 CLEAR_TEXT_PASSWORD_SECURITY 7 ENCRYPTED_PASSWORD_SECURITY 4 USER_ONLY_SECURITY 9 ENCRYPTED_USER_AND_PASSWORD_SECURITY 8 STRONG_PASSWORD_SUBSTITUTE_SECURITY
serverName	string	localhost	Server where the database is running.
shutdownDatabase	false shutdown		JDBC driver property: shutdownDatabase. false Do not shut down the database. shutdown Shut down the database when a connection is attempted.
ssl	basic off peerAuthentication		JDBC driver property: ssl. basic basic off off peerAuthentication peerAuthentication
traceDirectory	string		JDBC driver property: traceDirectory.
traceFile	string		JDBC driver property: traceFile.
traceFileAppend	boolean		JDBC driver property: traceFileAppend.
traceLevel	int		Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_XA_CALLS=2048, TRACE_ALL=-1.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.derby.embedded

Description: Data source properties for Derby Embedded JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
connectionAttributes	string		JDBC driver property: connectionAttributes.
createDatabase	false create		JDBC driver property: createDatabase. false Do not automatically create the database. create When the first connection is established, automatically create the database if it doesn't exist.
databaseName	string		JDBC driver property: databaseName.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
shutdownDatabase	false shutdown		JDBC driver property: shutdownDatabase. false Do not shut down the database. shutdown Shut down the database when a connection is attempted.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.informix

Description: Data source properties for the Informix JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
databaseName	string		JDBC driver property: databaseName.
ifxCLIENT_LOCALE	string		JDBC driver property: ifxCLIENT_LOCALE.
ifxCPMAgeLimit	A period of time with second precision		JDBC driver property: ifxCPMAgeLimit. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
ifxCPMInitPoolSize	int		JDBC driver property: ifxCPMInitPoolSize.
ifxCPMMaxConnections	int		JDBC driver property: ifxCPMMaxConnections.
ifxCPMMaxPoolSize	int		JDBC driver property: ifxCPMMaxPoolSize.
ifxCPMMinAgeLimit	A period of time with second precision		JDBC driver property: ifxCPMMinAgeLimit. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
ifxCPMMinPoolSize	int		JDBC driver property: ifxCPMMinPoolSize.
ifxCPMServiceInterval	A period of time with millisecond precision		JDBC driver property: ifxCPMServiceInterval. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
ifxDBANSIWARN	boolean		JDBC driver property: ifxDBANSIWARN.
ifxDBCENTURY	string		JDBC driver property: ifxDBCENTURY.
ifxDBDATE	string		JDBC driver property: ifxDBDATE.
ifxDBSPACETEMP	string		JDBC driver property: ifxDBSPACETEMP.
ifxDBTEMP	string		JDBC driver property: ifxDBTEMP.
ifxDBTIME	string		JDBC driver property: ifxDBTIME.
ifxDBUPSPACE	string		JDBC driver property: ifxDBUPSPACE.
ifxDB_LOCALE	string		JDBC driver property: ifxDB_LOCALE.
ifxDELIMIDENT	boolean		JDBC driver property: ifxDELIMIDENT.
ifxENABLE_TYPE_CACHE	boolean		JDBC driver property: ifxENABLE_TYPE_CACHE.
ifxFET_BUF_SIZE	int		JDBC driver property: ifxFET_BUF_SIZE.
ifxGL_DATE	string		JDBC driver property: ifxGL_DATE.
ifxGL_DATETIME	string		JDBC driver property: ifxGL_DATETIME.
ifxIFXHOST	string	localhost	JDBC driver property: ifxIFXHOST.
ifxIFX_AUTOFREE	boolean		JDBC driver property: ifxIFX_AUTOFREE.
ifxIFX_DIRECTIVES	string		JDBC driver property: ifxIFX_DIRECTIVES.
ifxIFX_LOCK_MODE_WAIT	A period of time with second precision	2s	JDBC driver property: ifxIFX_LOCK_MODE_WAIT. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
ifxIFX_SOC_TIMEOUT	A period of time with millisecond precision		JDBC driver property: ifxIFX_SOC_TIMEOUT. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
ifxIFX_USEPUT	boolean		JDBC driver property: ifxIFX_USEPUT.
ifxIFX_USE_STRENC	boolean		JDBC driver property: ifxIFX_USE_STRENC.
ifxIFX_XASPEC	string	y	JDBC driver property: ifxIFX_XASPEC.
ifxINFORMIXCONRETRY	int		JDBC driver property: ifxINFORMIXCONRETRY.
ifxINFORMIXCONTIME	A period of time with second precision		JDBC driver property: ifxINFORMIXCONTIME. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
ifxINFORMIXOPCACHE	string		JDBC driver property: ifxINFORMIXOPCACHE.
ifxINFORMIXSTACKSIZE	int		JDBC driver property: ifxINFORMIXSTACKSIZE.
ifxJDBCTEMP	string		JDBC driver property: ifxJDBCTEMP.
ifxLDAP_IFXBASE	string		JDBC driver property: ifxLDAP_IFXBASE.
ifxLDAP_PASSWD	string		JDBC driver property: ifxLDAP_PASSWD.
ifxLDAP_URL	string		JDBC driver property: ifxLDAP_URL.
ifxLDAP_USER	string		JDBC driver property: ifxLDAP_USER.
ifxLOBCACHE	int		JDBC driver property: ifxLOBCACHE.
ifxNEWCODESET	string		JDBC driver property: ifxNEWCODESET.
ifxNEWLOCALE	string		JDBC driver property: ifxNEWLOCALE.
ifxNODEFDAC	string		JDBC driver property: ifxNODEFDAC.
ifxOPTCOMPIND	string		JDBC driver property: ifxOPTCOMPIND.
ifxOPTOFC	string		JDBC driver property: ifxOPTOFC.
ifxOPT_GOAL	string		JDBC driver property: ifxOPT_GOAL.
ifxPATH	string		JDBC driver property: ifxPATH.
ifxPDQPRIORITY	string		JDBC driver property: ifxPDQPRIORITY.
ifxPLCONFIG	string		JDBC driver property: ifxPLCONFIG.
ifxPLOAD_LO_PATH	string		JDBC driver property: ifxPLOAD_LO_PATH.
ifxPROTOCOLTRACE	int		JDBC driver property: ifxPROTOCOLTRACE.
ifxPROTOCOLTRACEFILE	string		JDBC driver property: ifxPROTOCOLTRACEFILE.
ifxPROXY	string		JDBC driver property: ifxPROXY.
ifxPSORT_DBTEMP	string		JDBC driver property: ifxPSORT_DBTEMP.
ifxPSORT_NPROCS	boolean		JDBC driver property: ifxPSORT_NPROCS.
ifxSECURITY	string		JDBC driver property: ifxSECURITY.
ifxSQLH_FILE	string		JDBC driver property: ifxSQLH_FILE.
ifxSQLH_LOC	string		JDBC driver property: ifxSQLH_LOC.
ifxSQLH_TYPE	string		JDBC driver property: ifxSQLH_TYPE.
ifxSSLCONNECTION	string		JDBC driver property: ifxSSLCONNECTION.
ifxSTMT_CACHE	string		JDBC driver property: ifxSTMT_CACHE.
ifxTRACE	int		JDBC driver property: ifxTRACE.
ifxTRACEFILE	string		JDBC driver property: ifxTRACEFILE.
ifxTRUSTED_CONTEXT	string		JDBC driver property: ifxTRUSTED_CONTEXT.
ifxUSEV5SERVER	boolean		JDBC driver property: ifxUSEV5SERVER.
ifxUSE_DTENV	boolean		JDBC driver property: ifxUSE_DTENV.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1526	Port on which to obtain database connections.
roleName	string		JDBC driver property: roleName.
serverName	string		Server where the database is running.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.informix.jcc

Description: Data source properties for the IBM Data Server Driver for JDBC and SQLJ for Informix.

Required: false

Data type:

Attribute name	Data type	Default value	Description
DBANSIWARN	boolean		JDBC driver property: DBANSIWARN.
DBDATE	string		JDBC driver property: DBDATE.
DBPATH	string		JDBC driver property: DBPATH.
DBSPACETEMP	string		JDBC driver property: DBSPACETEMP.
DBTEMP	string		JDBC driver property: DBTEMP.
DBUPSPACE	string		JDBC driver property: DBUPSPACE.
DELIMIDENT	boolean		JDBC driver property: DELIMIDENT.
IFX_DIRECTIVES	ON OFF		JDBC driver property: IFX_DIRECTIVES. ON ON OFF OFF
IFX_EXTDIRECTIVES	ON OFF		JDBC driver property: IFX_EXTDIRECTIVES. ON ON OFF OFF
IFX_UPDDESC	string		JDBC driver property: IFX_UPDDESC.
IFX_XASTDCOMPLIANCE_XAEND	1 0		JDBC driver property: IFX_XASTDCOMPLIANCE_XAEND. 1 1 0 0
INFORMIXOPCACHE	string		JDBC driver property: INFORMIXOPCACHE.
INFORMIXSTACKSIZE	string		JDBC driver property: INFORMIXSTACKSIZE.
NODEFDAC	yes no		JDBC driver property: NODEFDAC. yes yes no no
OPTCOMPIND	2 1 0		JDBC driver property: OPTCOMPIND. 2 2 1 1 0 0
OPTOFC	1 0		JDBC driver property: OPTOFC. 1 1 0 0
PDQPRIORITY	HIGH LOW OFF		JDBC driver property: PDQPRIORITY. HIGH HIGH LOW LOW OFF OFF
PSORT_DBTEMP	string		JDBC driver property: PSORT_DBTEMP.
PSORT_NPROCS	string Maximum: 10		JDBC driver property: PSORT_NPROCS.
STMT_CACHE	1 0		JDBC driver property: STMT_CACHE. 1 1 0 0
currentLockTimeout	A period of time with second precision	2s	JDBC driver property: currentLockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
databaseName	string		JDBC driver property: databaseName.
deferPrepares	boolean		JDBC driver property: deferPrepares.
driverType	int	4	JDBC driver property: driverType.
enableNamedParameterMarkers	int		JDBC driver property: enableNamedParameterMarkers. Values are: 1 (YES) or 2 (NO).
enableSeamlessFailover	int		JDBC driver property: enableSeamlessFailover. Values are: 1 (YES) or 2 (NO).
enableSysplexWLB	boolean		JDBC driver property: enableSysplexWLB.
fetchSize	int		JDBC driver property: fetchSize.
fullyMaterializeLobData	boolean		JDBC driver property: fullyMaterializeLobData.
keepDynamic	int		JDBC driver property: keepDynamic.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1526	Port on which to obtain database connections.
progressiveStreaming	2 1		JDBC driver property: progressiveStreaming. Values are: 1 (YES) or 2 (NO). 2 NO 1 YES
queryDataSize	int Minimum: 4096 Maximum: 10485760		JDBC driver property: queryDataSize.
resultSetHoldability	2 1		JDBC driver property: resultSetHoldability. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). 2 CLOSE_CURSORS_AT_COMMIT 1 HOLD_CURSORS_OVER_COMMIT
resultSetHoldabilityForCatalogQueries	2 1		JDBC driver property: resultSetHoldabilityForCatalogQueries. Values are: 1 (HOLD_CURSORS_OVER_COMMIT) or 2 (CLOSE_CURSORS_AT_COMMIT). 2 CLOSE_CURSORS_AT_COMMIT 1 HOLD_CURSORS_OVER_COMMIT
retrieveMessagesFromServerOnGetMessage	boolean	true	JDBC driver property: retrieveMessagesFromServerOnGetMessage.
securityMechanism	3 7 4 9		JDBC driver property: securityMechanism. Values are: 3 (CLEAR_TEXT_PASSWORD_SECURITY), 4 (USER_ONLY_SECURITY), 7 (ENCRYPTED_PASSWORD_SECURITY), 9 (ENCRYPTED_USER_AND_PASSWORD_SECURITY). 3 CLEAR_TEXT_PASSWORD_SECURITY 7 ENCRYPTED_PASSWORD_SECURITY 4 USER_ONLY_SECURITY 9 ENCRYPTED_USER_AND_PASSWORD_SECURITY
serverName	string	localhost	Server where the database is running.
traceDirectory	string		JDBC driver property: traceDirectory.
traceFile	string		JDBC driver property: traceFile.
traceFileAppend	boolean		JDBC driver property: traceFileAppend.
traceLevel	int		Bitwise combination of the following constant values: TRACE_NONE=0, TRACE_CONNECTION_CALLS=1, TRACE_STATEMENT_CALLS=2, TRACE_RESULT_SET_CALLS=4, TRACE_DRIVER_CONFIGURATION=16, TRACE_CONNECTS=32, TRACE_DRDA_FLOWS=64, TRACE_RESULT_SET_META_DATA=128, TRACE_PARAMETER_META_DATA=256, TRACE_DIAGNOSTICS=512, TRACE_SQLJ=1024, TRACE_META_CALLS=8192, TRACE_DATASOURCE_CALLS=16384, TRACE_LARGE_OBJECT_CALLS=32768, TRACE_SYSTEM_MONITOR=131072, TRACE_TRACEPOINTS=262144, TRACE_ALL=-1.
useJDBC4ColumnNameAndLabelSemantics	int		JDBC driver property: useJDBC4ColumnNameAndLabelSemantics. Values are: 1 (YES) or 2 (NO).
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.microsoft.sqlserver

Description: Data source properties for Microsoft SQL Server JDBC Driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
URL	string		URL for connecting to the database. Example: jdbc:sqlserver://localhost:1433;databaseName=myDB.
applicationIntent	ReadOnly ReadWrite		JDBC driver property: applicationIntent. ReadOnly ReadOnly ReadWrite ReadWrite
applicationName	string		JDBC driver property: applicationName.
authenticationScheme	NativeAuthentication JavaKerberos		JDBC driver property: authenticationScheme. NativeAuthentication NativeAuthentication JavaKerberos JavaKerberos
databaseName	string		JDBC driver property: databaseName.
encrypt	boolean		JDBC driver property: encrypt.
failoverPartner	string		JDBC driver property: failoverPartner.
hostNameInCertificate	string		JDBC driver property: hostNameInCertificate.
instanceName	string		JDBC driver property: instanceName.
integratedSecurity	boolean		JDBC driver property: integratedSecurity.
lastUpdateCount	boolean		JDBC driver property: lastUpdateCount.
lockTimeout	A period of time with millisecond precision		JDBC driver property: lockTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
multiSubnetFailover	boolean		JDBC driver property: multiSubnetFailover.
packetSize	int Minimum: 512 Maximum: 32767		JDBC driver property: packetSize.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1433	Port on which to obtain database connections.
responseBuffering	full adaptive		JDBC driver property: responseBuffering. full full adaptive adaptive
selectMethod	direct cursor		JDBC driver property: selectMethod. direct direct cursor cursor
sendStringParametersAsUnicode	boolean	false	JDBC driver property: sendStringParametersAsUnicode.
sendTimeAsDatetime	boolean		JDBC driver property: sendTimeAsDatetime.
serverName	string	localhost	Server where the database is running.
trustServerCertificate	boolean		JDBC driver property: trustServerCertificate.
trustStore	string		JDBC driver property: trustStore.
trustStorePassword	Reversably encoded password (string)		JDBC driver property: trustStorePassword.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
workstationID	string		JDBC driver property: workstationID.
xopenStates	boolean		JDBC driver property: xopenStates.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.oracle

Description: Data source properties for Oracle JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
ONSConfiguration	string		JDBC driver property: ONSConfiguration.
TNSEntryName	string		JDBC driver property: TNSEntryName.
URL	string		URL for connecting to the database. Examples: jdbc:oracle:thin:@//localhost:1521/sample or jdbc:oracle:oci:@//localhost:1521/sample.
connectionProperties	string		JDBC driver property: connectionProperties.
databaseName	string		JDBC driver property: databaseName.
driverType	oci thin	thin	JDBC driver property: driverType. oci oci thin thin
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
networkProtocol	string		JDBC driver property: networkProtocol.
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	1521	Port on which to obtain database connections.
serverName	string	localhost	Server where the database is running.
serviceName	string		JDBC driver property: serviceName.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.

openidConnectProvider > oauthProvider > databaseStore > dataSource > properties.sybase

Description: Data source properties for Sybase JDBC driver.

Required: false

Data type:

Attribute name	Data type	Default value	Description
SERVER_INITIATED_TRANSACTIONS	false true	false	JDBC driver property: SERVER_INITIATED_TRANSACTIONS. false false true true
connectionProperties	string	SELECT_OPENS_CURSOR=true	JDBC driver property: connectionProperties.
databaseName	string		JDBC driver property: databaseName.
loginTimeout	A period of time with second precision		JDBC driver property: loginTimeout. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
networkProtocol	SSL socket		JDBC driver property: networkProtocol. SSL SSL socket socket
password	Reversably encoded password (string)		It is recommended to use a container managed authentication alias instead of configuring this property.
portNumber	int	5000	Port on which to obtain database connections.
resourceManagerName	string		JDBC driver property: resourceManagerName.
serverName	string	localhost	Server where the database is running.
user	string		It is recommended to use a container managed authentication alias instead of configuring this property.
version	int		JDBC driver property: version.

openidConnectProvider > oauthProvider > databaseStore > dataSource > recoveryAuthData

Description: Authentication data for transaction recovery.

Required: false

Data type:

Attribute name	Data type	Default value	Description
password	Reversably encoded password (string)		Password of the user to use when connecting to the EIS. Stored in clear text or encoded form. It is recommended that you encode the password. To do so, use the securityUtility tool with the encode option.
user	string		Name of the user to use when connecting to the EIS.

openidConnectProvider > oauthProvider > grantType

Description: An access token grant type (as detailed in the OAuth specification) that is allowed for the provider. The equivalent provider parameter in the full application server profile is oauth20.grant.types.allowed.

Required: false

Data type: string

openidConnectProvider > oauthProvider > jwtGrantType

Description: The grant_type for JWT Token handler

Required: false

Data type:

Attribute name	Data type	Default value	Description
clockSkew	A period of time with second precision	300s	The time difference allowed between OpenID Connect Client and OpenID Connect Provider systems when they are not synchronized. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.
iatRequired	boolean	false	The iat claim in a jwt token is required.
maxJtiCacheSize	long Minimum: 1	10000	The maximum size of cache, which keeps jti data of jwt token, to prevent the jti from being reused.
tokenMaxLifetime	A period of time with second precision	7200s	The time indicates the maximum lifetime of an alive jwt token since its issued-at-time. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), or seconds (s). For example, specify 30 seconds as 30s. We can include multiple values in a single entry. For example, 1m30s is equivalent to 90 seconds.

openidConnectProvider > oauthProvider > library

Description: Reference to shared library containing the mediator plugin class.

Required: false

Data type:

Attribute name	Data type	Default value	Description
apiTypeVisibility	string	spec,ibm-api,api	The types of API package this library's class loader will be able to see, as a comma-separated list of any combination of the following: spec, ibm-api, api, third-party.
description	string		Description of shared library for administrators
filesetRef	List of references to top level fileset elements (comma-separated string).		Id of referenced Fileset
name	string		Name of shared library for administrators

openidConnectProvider > oauthProvider > library > file

Description: Id of referenced File

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	Path to a file		Fully qualified filename

openidConnectProvider > oauthProvider > library > fileset

Description: Id of referenced Fileset

Required: false

Data type:

Attribute name	Data type	Default value	Description
caseSensitive	boolean	true	Boolean to indicate whether or not the search should be case sensitive (default: true).
dir	Path to a directory	${server.config.dir}	The base directory to search for files.
excludes	string		The comma or space separated list of file name patterns to exclude from the search results, by default no files are excluded.
includes	string	*	The comma or space separated list of file name patterns to include in the search results (default: *).
scanInterval	A period of time with millisecond precision	0	Scanning interval to check the fileset for changes as a long with a time unit suffix h-hour, m-minute, s-second, ms-millisecond (e.g. 2ms or 5s). Disabled (scanInterval=0) by default. Specify a positive integer followed by a unit of time, which can be hours (h), minutes (m), seconds (s), or milliseconds (ms). For example, specify 500 milliseconds as 500ms. We can include multiple values in a single entry. For example, 1s500ms is equivalent to 1.5 seconds.

openidConnectProvider > oauthProvider > library > folder

Description: Id of referenced folder

Required: false

Data type:

Attribute name	Data type	Default value	Description
dir	Path to a directory		Directory or folder to be included in the library classpath for locating resource files

openidConnectProvider > oauthProvider > localStore

Description: Clients are defined in server.xml and tokens are cached in the server.

Required: false

Data type:

Attribute name	Data type	Default value	Description
tokenStoreSize	long	2000	Token store size

openidConnectProvider > oauthProvider > localStore > client

Description: OAuth client definition. Only clients defined here can access the provider.

Required: false

Data type:

Attribute name	Data type	Default value	Description
applicationType	native web	web	The type of application best describing the client. native native web web
displayname	string		Display name of the client.
enabled	boolean	true	Client is enabled if true, disabled if false.
functionalUserId	string		A user identifier to be associated with access tokens obtained by this client using the client credentials grant type. When this client parameter is specified, the value is returned in the functional_user_id response parameter from the introspect endpoint.
introspectTokens	boolean	false	Boolean value specifying whether the client is allowed to access the introspection endpoint to introspect tokens issued by the authorization server.
name	string		Name of the client (sometimes referred to as the Id).
preAuthorizedScope	string		Space separated list of scope values that the client can use when requesting access tokens that are deemed to have been pre-approved by the resource owner and therefore does not require the resource owner's consent.
scope	string		Specify by spaces the list of scopes of the client.
secret	Reversably encoded password (string)		Secret key of the client.
sessionManaged	boolean	false	Boolean indicating whether the client participates in OpenID session management.
subjectType	public		Subject type requested for response to this client. public public
tokenEndpointAuthMethod	client_secret_post none client_secret_basic	client_secret_basic	The requested authentication method for the token endpoint of the client. client_secret_post client_secret_post none none client_secret_basic client_secret_basic

openidConnectProvider > oauthProvider > localStore > client > functionalUserGroupIds

Description: A list of group ids to be to be associated with access tokens obtained by this client using the client credentials grant type. When this client parameter is specified, the value is returned in the functional_user_groupIds response parameter from the introspect endpoint.

Required: false

Data type: string

openidConnectProvider > oauthProvider > localStore > client > grantTypes

Description: Grant types the client may use.

Required: false

Data type:

openidConnectProvider > oauthProvider > localStore > client > postLogoutRedirectUris

Description: Array of URLs supplied by the RP to which it may request that the end-user's user agent be redirected using the post_logout_redirect_uri parameter after a logout has been performed.

Required: false

Data type: string

openidConnectProvider > oauthProvider > localStore > client > redirect

Description: Array of redirect URIs for use in redirect-based flows such as the authorization code and implicit grant types of the client. The first redirect URI is used as a default, when none is specified in a request.

Required: false

Data type: string

openidConnectProvider > oauthProvider > localStore > client > responseTypes

Description: Response types the client may use.

Required: false

Data type:

openidConnectProvider > oauthProvider > mediatorClassname

Description: Mediator plugin class name. The equivalent provider parameter in the full application server profile is oauth20.mediator.classnames.

Required: false

Data type: string

openidConnectProvider > scopeToClaimMap

Description: Specify the claims for the scope.

Required: false

Data type:

Attribute name	Data type	Default value	Description
address	string	address	Specify a comma-separated list of claims associated with the address scope.
email	string	email, email_verified	Specify a comma-separated list of claims associated with the email scope.
phone	string	phone_number, phone_number_verified	Specify a comma-separated list of claims associated with the phone scope.
profile	string	name, family_name, given_name, middle_name, nickname, preferred_username, profile, picture, website, gender, birthdate, zoneinfo, locale, updated_at	Specify a comma-separated list of claims associated with the profile scope.

openidConnectProvider > scopeToClaimMap > property

Description: Specify a property in addition to the parent element properties

Required: false

Data type:

Attribute name	Data type	Default value	Description
name	string		Name of the property
value	string		Specify the value of the property