Use of STSUU for the Relying Party
Relying Party identity mapping and advanced configuration can use Secure Token Service Universal User (STSUU) modules to obtain needed data.
Get an authorize response from the request to /authorize (authorization code)
If we have the following STSUU variable as XML:
<stsuuser:ContextAttributes> ... <stsuuser:Attribute name="code" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>d44df5efb1008969e26ce702ff0989e57448b809..8329</stsuuser:Value> </stsuuser:Attribute> .... </stsuuser:ContextAttributes>Then we could use the following JavaScript code:
// Get the authorization code. Sourced from the context attributes.
var azn_code = stsuu.getContextAttributes().getAttributeValueByNameAndType("code", "urn:ibm:SAM:oidc:rp:authorize:rsp:param");The code returns the value:
d44df5efb1008969e26ce702ff0989e57448b809..8329
Get a token response parameter (access token)
If we have the following STSUU variable as XML:
<stsuuser:ContextAttributes> ... <stsuuser:Attribute name="access_token" type="urn:ibm:SAM:oidc:rp:token:rsp:param"> <stsuuser:Value>ya29.Gl39BHO35g7mBjJKkQNi0mS0rVeEvpxt9nLRfoOW0noKtvz4gUUiP3tz6-TqJKgi62yXaHDs1NZV5DI </stsuuser:Value> </stsuuser:Attribute> .... </stsuuser:ContextAttributes>Then we could use the following JavaScript code:
// For example, getting the authorization code. Take note that it is sourced from the context attributes.
var access_token = stsuu.getContextAttributes().getAttributeValueByNameAndType("access_token", "urn:ibm:SAM:oidc:rp:token:rsp:param");The code returns the value:
ya29.Gl39BHO35g7mBjJKkQNi0mS0rVeEvpxt9nLRfoOW0noKtvz4gUUiP3tz6-TqJKgi62yXaHDs1NZV5DI
Get a parameter from the id_token from /authorize
If we have the following STSUU variable as XML:
<stsuuser:AttributeList> ... <stsuuser:Attribute name="email" type="urn:id_token:attribute:implicit"> <stsuuser:Value>testuser@example.com</stsuuser:Value> </stsuuser:Attribute> ... </stsuuser:AttributeList>Then we could use the following JavaScript code:
// For example, getting the authorization code. Take note that its sourced from the context attributes.
// Take note the attribute list is used, not the context attributes.
var email = stsuu.getAttributeContainer().getAttributeValueByNameAndType("email","urn:id_token:attribute:implicit");The code returns the value:
testuser@example.com
Get a parameter from the id_token from /token
If we have the following STSUU variable as XML:
<stsuuser:AttributeList> ... <stsuuser:Attribute name="email" type="urn:id_token:attribute:implicit"> <stsuuser:Value>testuser2@example.com</stsuuser:Value> </stsuuser:Attribute> ... </stsuuser:AttributeList>Then we could use the following JavaScript code:
// For example, getting the authorization code. Take note that its sourced from the context attributes.
// Take note the attribute list is used, not the context attributes.
var email = stsuu.getAttributeContainer().getAttributeValueByNameAndType("email","urn:id_token:attribute:token");The code returns the value:
testuser2@example.com
Get a parameter that came from /userinfo
If we have the following STSUU variable as XML:
<stsuuser:AttributeList> ... <stsuuser:Attribute name="name" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>Test User</stsuuser:Value> </stsuuser:Attribute> ... </stsuuser:AttributeList>Then we could use the following JavaScript code:
// For example, getting the users 'name', this comes from the attribute list,
// as thats where userinfo response parameters go.
var name = stsuu.getAttributeContainer().getAttributeValueByNameAndType("name","urn:ibm:SAM:oidc:rp:userinfo:rsp:param");The code returns the value:
Test User
A complete STSUU of an authorization code
<?xml version="1.0" encoding="UTF-8"?> <stsuuser:STSUniversalUser xmlns:stsuuser="urn:ibm:names:ITFIM:1.0:stsuuser"> <stsuuser:Principal/> <stsuuser:AttributeList> <stsuuser:Attribute name="family_name" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>User</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="email" type="urn:id_token:attribute:token"> <stsuuser:Value>testuser@example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="family_name" type="urn:id_token:attribute:token"> <stsuuser:Value>User</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="email_verified" type="urn:id_token:attribute:token"> <stsuuser:Value>true</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="exp" type="urn:id_token:attribute:token"> <stsuuser:Value>1510105195</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="name" type="urn:id_token:attribute:token"> <stsuuser:Value>Test User</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="email_verified" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>true</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="picture" type="urn:id_token:attribute:token"> <stsuuser:Value>https://lh6.example.com/-xfh8mrdMtRk/AAAAAAAAAAI/AAAAAAAAAAA/ ANQ0kf7mUOsYQEP0mNtQgWDQRrSy9hvVnA/s96-c/photo.jpg</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="aud" type="urn:id_token:attribute:token"> <stsuuser:Value>269072228812-th7t9u11fnk6but52c7u6rfhkqrkldha.example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="name" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>Test User</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="email" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>testuser@example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="iat" type="urn:id_token:attribute:token"> <stsuuser:Value>1510101595</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="given_name" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>Test</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="locale" type="urn:id_token:attribute:token"> <stsuuser:Value>en</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="given_name" type="urn:id_token:attribute:token"> <stsuuser:Value>Test</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="iss" type="urn:id_token:attribute:token"> <stsuuser:Value>https://example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="sub" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>111172479139097978803</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="at_hash" type="urn:id_token:attribute:token"> <stsuuser:Value>4kiED05hW5JX45rFxFAqmQ</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="azp" type="urn:id_token:attribute:token"> <stsuuser:Value>269072228812-th7t9u11fnk6but52c7u6rfhkqrkldha.example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="locale" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>en</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="picture" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>https://lh3.example.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg </stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="sub" type="urn:id_token:attribute:token"> <stsuuser:Value>111172479139097978803</stsuuser:Value> </stsuuser:Attribute> </stsuuser:AttributeList> <stsuuser:RequestSecurityToken> <stsuuser:Attribute name="Issuer" type="http://schemas.xmlsoap.org/ws/2005/02/trust"> <stsuuser:Value>https://accounts.example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="AppliesTo" type="http://schemas.xmlsoap.org/ws/2004/09/policy"> <stsuuser:Value>https://www.mysp.mycompany.com/goog/sps/oidc/rp/test:ivc:metaRP</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="Forwardable" type="com:tivoli:am:fim:sts:RST"> <stsuuser:Value>true</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="RenewingOk" type="com:tivoli:am:fim:sts:RST"> <stsuuser:Value>false</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="RenewingAllow" type="com:tivoli:am:fim:sts:RST"> <stsuuser:Value>true</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="AllowPostDating" type="com:tivoli:am:fim:sts:RST"> <stsuuser:Value>false</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="KeySize" type="com:tivoli:am:fim:sts:RST"> <stsuuser:Value>0</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="RequestType" type="com:tivoli:am:fim:sts:RST"> <stsuuser:Value>http://schemas.xmlsoap.org/ws/2005/02/trust/Validate</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="Base" type="urn:ibm:names:ITFIM:1.0:stsuuser"> <stsuuser:Value> <stsuuser:STSUniversalUser> <stsuuser:Principal/> <stsuuser:AttributeList> <stsuuser:Attribute name="family_name" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>User</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="email" type="urn:id_token:attribute:token"> <stsuuser:Value>testuser@examplecom</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="family_name" type="urn:id_token:attribute:token"> <stsuuser:Value>User</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="email_verified" type="urn:id_token:attribute:token"> <stsuuser:Value>true</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="exp" type="urn:id_token:attribute:token"> <stsuuser:Value>1510105195</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="name" type="urn:id_token:attribute:token"> <stsuuser:Value>Test User</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="email_verified" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>true</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="picture" type="urn:id_token:attribute:token"> <stsuuser:Value>https://lh6.example.com/-xfh8mrdMtRk/AAAAAAAAAAI/AAAAAAAAAAA/ ANQ0kf7mUOsYQEP0mNtQgWDQRrSy9hvVnA/s96-c/photo.jpg</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="aud" type="urn:id_token:attribute:token"> <stsuuser:Value>269072228812-th7t9u11fnk6but52c7u6rfhkqrkldha.example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="name" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>Test User</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="email" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>testuser@example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="iat" type="urn:id_token:attribute:token"> <stsuuser:Value>1510101595</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="given_name" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>Test</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="locale" type="urn:id_token:attribute:token"> <stsuuser:Value>en</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="given_name" type="urn:id_token:attribute:token"> <stsuuser:Value>Test</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="iss" type="urn:id_token:attribute:token"> <stsuuser:Value>https://accounts.example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="sub" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>111172479139097978803</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="at_hash" type="urn:id_token:attribute:token"> <stsuuser:Value>4kiED05hW5JX45rFxFAqmQ</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="azp" type="urn:id_token:attribute:token"> <stsuuser:Value>269072228812-th7t9u11fnk6but52c7u6rfhkqrkldha.example.com</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="locale" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>en</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="picture" type="urn:ibm:SAM:oidc:rp:userinfo:rsp:param"> <stsuuser:Value>https://lh3.example.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg </stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="sub" type="urn:id_token:attribute:token"> <stsuuser:Value>111172479139097978803</stsuuser:Value> </stsuuser:Attribute> </stsuuser:AttributeList> <stsuuser:RequestSecurityToken/> <stsuuser:ContextAttributes> <stsuuser:Attribute name="prompt" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>none</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="authuser" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>0</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="id_token" type="urn:ibm:SAM:oidc:rp:token:rsp:param"> <stsuuser:Value>eyJhbGciOiJSUzI1NiIsImtpZCI6ImExMmMzYTYxMDkxOTMzMDgzMDA3OTkyNWRmOWM5NWFkODUyNzQ1ODAifQ. eyJhenAiOiIyNjkwNzIyMjg4MTItdGg3dDl1MTFmbms2YnV0NTJjN3U2cmZoa3Fya2xkaGEuYXBwcy5nb29nbGV1c2VyY29udGVudC5 jb20iLCJhdWQiOiIyNjkwNzIyMjg4MTItdGg3dDl1MTFmbms2YnV0NTJjN3U2cmZoa3Fya2xkaGEuYXBwcy5nb29nbGV1c2VyY29udGV udC5jb20iLCJzdWIiOiIxMTExNzI0NzkxMzkwOTc5Nzg4MDMiLCJlbWFpbCI6ImxtZi5vaWRjLnRlc3RAZ21haWwuY29tIiwiZW1haWx fdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiI0a2lFRDA1aFc1Slg0NXJGeEZBcW1RIiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29 nbGUuY29tIiwiaWF0IjoxNTEwMTAxNTk1LCJleHAiOjE1MTAxMDUxOTUsIm5hbWUiOiJUZXN0IFVzZXIiLCJwaWN0dXJlIjoiaHR0cHM 6Ly9saDYuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy14Zmg4bXJkTXRSay9BQUFBQUFBQUFBSS9BQUFBQUFBQUFBQS9BTlEwa2Y3bVVPc1l RRVAwbU50UWdXRFFSclN5OWh2Vm5BL3M5Ni1jL3Bob3RvLmpwZyIsImdpdmVuX25hbWUiOiJUZXN0IiwiZmFtaWx5X25hbWUiOiJVc2V yIiwibG9jYWxlIjoiZW4ifQ.L-tUdSUTHwkmj6VjOFgoGXnAnFEGe179x1ZiIReWc6t6rN7RvQrTlIxLhs3z_P-Ec-fAQg1UGwXsU545 Z4TNkif4UDT2JkDPIxaY746oAGZyKZcUm7Lxw6n1tOzp3c8tYRaVty-R8840rI1ALUExOYv72BRlTyQG7o7FZjs_D1lMnGvPe6fwzPmT -ShjhjYu2joZmsJ07uPUFPLBWDhMwN7hUcPnbqWQpypJmKN7EQBKpJImz8vMkAVVxNSJpeU09dNICLh5MkNEsoIcKCDsYK4o1N_SaRLYh xYIhUgbT_-l4f5fvRv5W1AQwn-v4L220gF9vYrb1rYktvMV9fFYGQ</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="token_type" type="urn:ibm:SAM:oidc:rp:token:rsp:param"> <stsuuser:Value>Bearer</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="signature" type="urn:id_token:attribute:token"> <stsuuser:Value>L-tUdSUTHwkmj6VjOFgoGXnAnFEGe179x1ZiIReWc6t6rN7RvQrTlIxLhs3z_P-Ec-fAQg1UGwXsU545Z4TNkif 4UDT2JkDPIxaY746oAGZyKZcUm7Lxw6n1tOzp3c8tYRaVty-R8840rI1ALUExOYv72BRlTyQG7o7FZjs_D1lMnGvPe6fwzPmT-ShjhjY u2joZmsJ07uPUFPLBWDhMwN7hUcPnbqWQpypJmKN7EQBKpJImz8vMkAVVxNSJpeU09dNICLh5MkNEsoIcKCDsYK4o1N_SaRLYhxYIhUgb T_-l4f5fvRv5W1AQwn-v4L220gF9vYrb1rYktvMV9fFYGQ</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="session_state" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>d44df5efb1008969e26ce702ff0989e57448b809..8329</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="expires_in" type="urn:ibm:SAM:oidc:rp:token:rsp:param"> <stsuuser:Value>3600</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="response_type" type="urn:ibm:SAM:oidc:rp:meta"> <stsuuser:Value>code</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="nonce" type="urn:ibm:SAM:oidc:rp:meta"/> <stsuuser:Attribute name="access_token" type="urn:ibm:SAM:oidc:rp:token:rsp:param"> <stsuuser:Value>ya29.Gl39BHO35g7mBjJKkQNi0rM2CSeW_x0GF_LgWdX0udmIa0HzD-yyzfKikfRYWU_JK_E-im S0rVeEvpxt9nLRfoOW0noKtvz4gUUiP3tz6-TqJKgi62yXaHDs1NZV5DI</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="header" type="urn:id_token:attribute:token"> <stsuuser:Value>{"alg":"RS256","kid":"a12c3a610919330830079925df9c95ad85274580"}</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="state" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>8lj0Nv0Wzm</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="code" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>4/t5uPKRAieP6r9AbclAhzwK6gLUC8vmuULWDm1viYmMg</stsuuser:Value> </stsuuser:Attribute> </stsuuser:ContextAttributes> <stsuuser:AdditionalAttributeStatement/> </stsuuser:STSUniversalUser> </stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="Delegatable" type="com:tivoli:am:fim:sts:RST"> <stsuuser:Value>false</stsuuser:Value> </stsuuser:Attribute> </stsuuser:RequestSecurityToken> <stsuuser:ContextAttributes> <stsuuser:Attribute name="prompt" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>none</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="authuser" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>0</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="id_token" type="urn:ibm:SAM:oidc:rp:token:rsp:param"> <stsuuser:Value>eyJhbGciOiJSUzI1NiIsImtpZCI6ImExMmMzYTYxMDkxOTMzMDgzMDA3OTkyNWRmOWM5NWFkODUyNzQ1ODAifQ. eyJhenAiOiIyNjkwNzIyMjg4MTItdGg3dDl1MTFmbms2YnV0NTJjN3U2cmZoa3Fya2xkaGEuYXBwcy5nb29nbGV1c2VyY29udGVudC5 jb20iLCJhdWQiOiIyNjkwNzIyMjg4MTItdGg3dDl1MTFmbms2YnV0NTJjN3U2cmZoa3Fya2xkaGEuYXBwcy5nb29nbGV1c2VyY29udGV udC5jb20iLCJzdWIiOiIxMTExNzI0NzkxMzkwOTc5Nzg4MDMiLCJlbWFpbCI6ImxtZi5vaWRjLnRlc3RAZ21haWwuY29tIiwiZW1haWx fdmVyaWZpZWQiOnRydWUsImF0X2hhc2giOiI0a2lFRDA1aFc1Slg0NXJGeEZBcW1RIiwiaXNzIjoiaHR0cHM6Ly9hY2NvdW50cy5nb29n bGUuY29tIiwiaWF0IjoxNTEwMTAxNTk1LCJleHAiOjE1MTAxMDUxOTUsIm5hbWUiOiJUZXN0IFVzZXIiLCJwaWN0dXJlIjoiaHR0cHM6L y9saDYuZ29vZ2xldXNlcmNvbnRlbnQuY29tLy14Zmg4bXJkTXRSay9BQUFBQUFBQUFBSS9BQUFBQUFBQUFBQS9BTlEwa2Y3bVVPc1lRRV AwbU50UWdXRFFSclN5OWh2Vm5BL3M5Ni1jL3Bob3RvLmpwZyIsImdpdmVuX25hbWUiOiJUZXN0IiwiZmFtaWx5X25hbWUiOiJVc2VyIiwi bG9jYWxlIjoiZW4ifQ.L-tUdSUTHwkmj6VjOFgoGXnAnFEGe179x1ZiIReWc6t6rN7RvQrTlIxLhs3z_P-Ec-fAQg1UGwXsU545Z4TNkif 4UDT2JkDPIxaY746oAGZyKZcUm7Lxw6n1tOzp3c8tYRaVty-R8840rI1ALUExOYv72BRlTyQG7o7FZjs_D1lMnGvPe6fwzPmT-ShjhjYu2 joZmsJ07uPUFPLBWDhMwN7hUcPnbqWQpypJmKN7EQBKpJImz8vMkAVVxNSJpeU09dNICLh5MkNEsoIcKCDsYK4o1N_SaRLYhxYIhUgbT_- l4f5fvRv5W1AQwn-v4L220gF9vYrb1rYktvMV9fFYGQ</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="token_type" type="urn:ibm:SAM:oidc:rp:token:rsp:param"> <stsuuser:Value>Bearer</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="session_state" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>d44df5efb1008969e26ce702ff0989e57448b809..8329</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="expires_in" type="urn:ibm:SAM:oidc:rp:token:rsp:param"> <stsuuser:Value>3600</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="response_type" type="urn:ibm:SAM:oidc:rp:meta"> <stsuuser:Value>code</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="nonce" type="urn:ibm:SAM:oidc:rp:meta"/> <stsuuser:Attribute name="access_token" type="urn:ibm:SAM:oidc:rp:token:rsp:param"> <stsuuser:Value>ya29.Gl39BHO35g7mBjJKkQNi0rM2CSeW_x0GF_LgWdX0udmIa0HzD-yyzfKikfRYWU_JK_E-imS0rVeEvpxt9nLRfoOW0 noKtvz4gUUiP3tz6-TqJKgi62yXaHDs1NZV5DI</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="header" type="urn:id_token:attribute:token"> <stsuuser:Value>{"alg":"RS256","kid":"a12c3a610919330830079925df9c95ad85274580"}</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="state" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>8lj0Nv0Wzm</stsuuser:Value> </stsuuser:Attribute> <stsuuser:Attribute name="code" type="urn:ibm:SAM:oidc:rp:authorize:rsp:param"> <stsuuser:Value>4/t5uPKRAieP6r9AbclAhzwK6gLUC8vmuULWDm1viYmMg</stsuuser:Value> </stsuuser:Attribute> </stsuuser:ContextAttributes> <stsuuser:AdditionalAttributeStatement id=""/> </stsuuser:STSUniversalUser>
Parent topic: Authentication with OpenID Connect Relying Party