OIDCIdentityProviderConfigRequest (iland cloud Java SDK 1.0.45 API)

All Known Implementing Classes:

ImmutableOIDCIdentityProviderConfigRequest
```
public interface OIDCIdentityProviderConfigRequest
```
OIDC Identity Provider Configuration Request.

Author:

Nick Kasprzak

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`Optional<Boolean>`	`acceptsPromptNoneForwardFromClient()` This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider.
`Optional<Integer>`	`allowedClockSkew()` Clock skew in seconds that is tolerated when validating identity "provider tokens.
`String`	`authorizationUrl()` The Authorization URL.
`Optional<Boolean>`	`backchannelSupported()` Does the external IDP support backchannel logout.
`OIDCClientAuth`	`clientAuth()` The client authentication method (cfr.
`String`	`clientId()` The client or client identifier registered within the identity provider.
`String`	`clientSecret()` The client or client secret registered within the identity provider.
`Optional<String>`	`defaultScope()` The scopes to be sent when asking for authorization.
`Optional<Boolean>`	`disableUserInfo()` Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.
`boolean`	`enabled()` Whether or not the identity provider is enabled.
`boolean`	`enforceSso()` Whether to enforce single sign on for all users.
`Optional<String>`	`forwardParameters()` Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint.
`Optional<String>`	`issuer()` The issuer identifier for the issuer of the response.
`Optional<String>`	`jwksUrl()` URL where identity provider keys in JWK format are stored.
`Optional<Boolean>`	`loginHint()` Pass login_hint to identity provider.
`Optional<String>`	`logoutUrl()` Logout url.
`Optional<OIDCPrompt>`	`prompt()` Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
`Optional<String>`	`publicKeySignatureVerifierKey()` The public key in PEM format that must be used to verify external IDP signatures.
`Optional<String>`	`publicKeySignatureVerifierKeyId()` Explicit ID of the validating public key given above if the key ID.
`String`	`tokenUrl()` The Token URL.
`Optional<Boolean>`	`uiLocales()` Pass the current locale to the identity provider as a ui_locales parameter.
`Optional<Boolean>`	`useJwksUrl()` If the switch is on, identity provider public keys will be downloaded from given JWKS URL.
`Optional<String>`	`userInfoUrl()` End session endpoint to use to logout user from external IDP.
`Optional<Boolean>`	`validateSignature()` Enable/disable signature validation of external IDP signatures.

- Method Detail
  - enforceSso
```
boolean enforceSso()
```
    Whether to enforce single sign on for all users. If enabled then local AD users of this company are forced to sign in through the identity provider.
  - enabled
```
boolean enabled()
```
    Whether or not the identity provider is enabled.
  - authorizationUrl
```
String authorizationUrl()
```
    The Authorization URL.
  - loginHint
```
Optional<Boolean> loginHint()
```
    Pass login_hint to identity provider.
  - logoutUrl
```
Optional<String> logoutUrl()
```
    Logout url.
  - uiLocales
```
Optional<Boolean> uiLocales()
```
    Pass the current locale to the identity provider as a ui_locales parameter.
  - tokenUrl
```
String tokenUrl()
```
    The Token URL.
  - userInfoUrl
```
Optional<String> userInfoUrl()
```
    End session endpoint to use to logout user from external IDP.
  - backchannelSupported
```
Optional<Boolean> backchannelSupported()
```
    Does the external IDP support backchannel logout.
  - disableUserInfo
```
Optional<Boolean> disableUserInfo()
```
    Disable usage of User Info service to obtain additional user information? Default is to use this OIDC service.
  - clientId
```
String clientId()
```
    The client or client identifier registered within the identity provider.
  - clientSecret
```
String clientSecret()
```
    The client or client secret registered within the identity provider.
  - clientAuth
```
OIDCClientAuth clientAuth()
```
    The client authentication method (cfr. https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication). In case of JWT signed with private key, the realm private key is used.
  - issuer
```
Optional<String> issuer()
```
    The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
  - defaultScope
```
Optional<String> defaultScope()
```
    The scopes to be sent when asking for authorization. It can be a space-separated list of scopes. Defaults to 'openid'.
  - prompt
```
Optional<OIDCPrompt> prompt()
```
    Specifies whether the Authorization Server prompts the End-User for reauthentication and consent.
  - acceptsPromptNoneForwardFromClient
```
Optional<Boolean> acceptsPromptNoneForwardFromClient()
```
    This is just used together with Identity Provider Authenticator or when kc_idp_hint points to this identity provider. In case that client sends a request with prompt=none and user is not yet authenticated, the error will not be directly returned to client, but the request with prompt=none will be forwarded to this identity provider.
  - validateSignature
```
Optional<Boolean> validateSignature()
```
    Enable/disable signature validation of external IDP signatures.
  - useJwksUrl
```
Optional<Boolean> useJwksUrl()
```
    If the switch is on, identity provider public keys will be downloaded from given JWKS URL. This allows great flexibility because new keys will be always re-downloaded() again when identity provider generates new keypair. If the switch is off, public key (or certificate) from the Keycloak DB is used, so when the identity provider keypair changes, you always need to import the new key to the Keycloak DB as well.
  - jwksUrl
```
Optional<String> jwksUrl()
```
    URL where identity provider keys in JWK format are stored. See JWK specification for more details. If you use external Keycloak identity provider, you can use URL like 'http://broker-keycloak:8180/auth/realms/test/protocol/openid-connect/certs' assuming your brokered Keycloak is running on 'http://broker-keycloak:8180' and its realm is 'test'.
  - publicKeySignatureVerifierKey
```
Optional<String> publicKeySignatureVerifierKey()
```
    The public key in PEM format that must be used to verify external IDP signatures.
  - publicKeySignatureVerifierKeyId
```
Optional<String> publicKeySignatureVerifierKeyId()
```
    Explicit ID of the validating public key given above if the key ID. Leave blank if the key above should be used always, regardless of key ID specified by external IDP; set it if the key should only be used for verifying if the key ID from external IDP matches.
  - allowedClockSkew
```
Optional<Integer> allowedClockSkew()
```
    Clock skew in seconds that is tolerated when validating identity "provider tokens. Default value is zero.
  - forwardParameters
```
Optional<String> forwardParameters()
```
    Non OpenID Connect/OAuth standard query parameters to be forwarded to external IDP from the initial application request to Authorization Endpoint. Multiple parameters can be entered, separated by comma (,).

Interface OIDCIdentityProviderConfigRequest

Method Summary

Method Detail

enforceSso

enabled

authorizationUrl

loginHint

logoutUrl

uiLocales

tokenUrl

userInfoUrl

backchannelSupported

disableUserInfo

clientId

clientSecret

clientAuth

issuer

defaultScope

prompt

acceptsPromptNoneForwardFromClient

validateSignature

useJwksUrl

jwksUrl

publicKeySignatureVerifierKey

publicKeySignatureVerifierKeyId

allowedClockSkew

forwardParameters