Authentication with OpenID Connect Relying Party
An OIDC relying party is an OAuth client plus an identity management layer. To log a user into WebSEAL we invoke relying party connections to IBM Security Verify Access. The ISAM implementation includes:
- Basic relying party functions
- Initiation delegate
- Reentry delegate
- Context object
The relying party uses the following Access features:
- Secure Token Service (STSUU)
- ISAM credentials (iv-cred)
- JSON Web Token (JWT)
- Identity Mapping
- HTTP callout
- Attribute Mapping
The ISAM relying party supports the following OIDC features:
- The OIDC Authorization code, OIDC implicit, and OIDC Hybrid flows.
- 256, 384, and 512-bit SHA signing algorithms for the types HS, RS, and ES.
- Use of response_mode=form post.
- The relying party always sends a state and nonce for implicit flows.
- Encrypted ID tokens.
- Consumption of OIDC Provider (OP) metadata at run time, for easy configuration.
See:
- OpenID Connect concepts
- OAuth 2.0 and OIDC workflows
- OAuth 2.0 endpoints
- Relying party endpoints for authentication
- Relying party authentication flow
- Relying party authentication metadata
- Relying Party identity mapping
- Relying party advanced configuration
- Relying Party attribute types
- Use of STSUU for the Relying Party
Parent topic: OpenID Connect Relying Party federations