Relying Party attribute types

Relying Party attribute types

The Relying Party can use specific attribute types during advanced configuration.
In mapping rules, the attribute operation, of type urn:ibm:SAM:oidc:rp:operation runs the mapping rule code for the STSUU operation for the intended entry point. Based on the operation type, attributes of the necessary attribute type are specified, as shown in the following tables.

If operation is authorize, add attributes before the redirect to /authorize.
-->
Attribute type Description Usage

urn:ibm:SAM:oidc:rp:kickoff:param OIDC kickoff request parameters read

urn:ibm:SAM:oidc:rp:authorize:uri The authorization URL read, write

urn:ibm:SAM:oidc:rp:authorize:req:param OIDC /authorize request parameters. Can also be used to include a claims object in the request to /authorize. This claims parameter requests the email claim in the id_token as essential. read, write

If operation is token, add attributes before the request to /token. This operation means a request to /redirect for reentry from the OIDC Provider (OP).
-->
Attribute type Description Usage

urn:ibm:SAM:oidc:rp:authorize:rsp:param Use this type to retrieve any of the parameters that were included in the redirect from the OIDC Provider. read

urn:ibm:SAM:oidc:rp:userinfo:req:param Use this type to add more string query parameters to the request to /userinfo. write

urn:ibm:SAM:oidc:rp:token:req:param Use this type to add more body parameters to the /token request. write

urn:ibm:SAM:oidc:rp:meta Contains metadata values that are relevant to the entire Relying Party flow. For example, it includes the nonce that is presented to /authorize. read

Attribute types that are used for responses from /authorize, /token, and /userinfo.
-->
Attribute type Description Usage

urn:id_token:attribute:implicit If an id_token is returned from /authorize, the id_token claims have this type. read

urn:id_token:attribute:token If an id_token is returned from /token, the id_token claims have this type. read

urn:ibm:SAM:oidc:rp:userinfo:rsp:param If a /userinfo request is made, the response properties have this type. read

urn:ibm:SAM:oidc:rp:token:rsp:param If a request to /token is made, the response parameters have this type. For example, access_token, expires_in, and scope. read

urn:ibm:SAM:oidc:rp:authorize:rsp:paramf The response parameters from /authorize. For example, state. If an implicit flow is run, an access_token or id_token might be present with this type. read

Parent topic: Authentication with OpenID Connect Relying Party

Attribute type	Description	Usage
urn:ibm:SAM:oidc:rp:kickoff:param	OIDC kickoff request parameters	read
urn:ibm:SAM:oidc:rp:authorize:uri	The authorization URL	read, write
urn:ibm:SAM:oidc:rp:authorize:req:param	OIDC /authorize request parameters. Can also be used to include a claims object in the request to /authorize. This claims parameter requests the email claim in the id_token as essential.	read, write

Attribute type	Description	Usage
urn:ibm:SAM:oidc:rp:authorize:rsp:param	Use this type to retrieve any of the parameters that were included in the redirect from the OIDC Provider.	read
urn:ibm:SAM:oidc:rp:userinfo:req:param	Use this type to add more string query parameters to the request to /userinfo.	write
urn:ibm:SAM:oidc:rp:token:req:param	Use this type to add more body parameters to the /token request.	write
urn:ibm:SAM:oidc:rp:meta	Contains metadata values that are relevant to the entire Relying Party flow. For example, it includes the nonce that is presented to /authorize.	read

Attribute type	Description	Usage
urn:id_token:attribute:implicit	If an id_token is returned from /authorize, the id_token claims have this type.	read
urn:id_token:attribute:token	If an id_token is returned from /token, the id_token claims have this type.	read
urn:ibm:SAM:oidc:rp:userinfo:rsp:param	If a /userinfo request is made, the response properties have this type.	read
urn:ibm:SAM:oidc:rp:token:rsp:param	If a request to /token is made, the response parameters have this type. For example, access_token, expires_in, and scope.	read
urn:ibm:SAM:oidc:rp:authorize:rsp:paramf	The response parameters from /authorize. For example, state. If an implicit flow is run, an access_token or id_token might be present with this type.	read