[oauth-introspection] stanza

The OAuth Introspection capability is configured using the [oauth-introspection] stanza.

The following stanza entries are used to configure the ability for WebSEAL to authenticate an OAuth token using an OAuth introspection endpoint.

The OAuth introspection configuration can be customised for individual junctions by adding configuration entries to a stanza name which is qualified with the junction identifier (i.e. [oauth-introspection:{jct-id}]). The junction identifier refers to the junction point for a standard junction (including the leading '/'), or the virtual host label for a virtual host junction.

• oauth-introspection-auth
  Enable authentication using an OAuth introspection endpoint.
• introspection-endpoint
  Use the introspection-endpoint to define the introspection endpoint.
• proxy
  Use this entry to set the proxy used to reach the introspection endpoint.
• client-id
  Use the client identifier to specify the client which will be used when authenticating to the introspection endpoint.
• client-id-hdr
  Use the client identifier header to specify the name of the HTTP header to be used when authenticating to the introspection endpoint.
• client-secret
  Use the client-secret to authenticate to the introspection endpoint.
• token-type-hint
  A hint about the type of token that is submitted for introspection.
• mapped-identity
  Use this entry to set a formatted string used to construct the IBM Security Verify Access principal name from elements of the introspection response.
• external-user
  Use this entry to set Whether the mapped identity should correspond to a known ISAM identity.
• introspection-response-attributes
  Use this entry to control which attributes from the response are added as attributes to the credential.
• auth-method
  The introspection request can be authenticated using Basic Authentication or Forms.
• continue-on-auth-failure
  Use the continue-on-auth-failure stanza entry to define Whether to continue processing the request if authentication fails.
• multivalue-scope
  Use the multivalue-scope stanza entry to specify whether the OAuth scopes are stored as multi-value credential attributes.

Parent topic: Stanza reference