Create an OIDC provider
Before you begin
- You must have administrative permission to complete this task.
- Log in to the IBM® Security Verify administration console as an Administrator. For more information, see Accessing IBM Security Verify.
About this task
Procedure
- Select Integrations > OIDC providers.
- Click Create OIDC provider. The purpose is preset for identity proofing. For information about Identity proofing, see Managing identity proofing.
- Click Next..
- In the Name and Contact section in the OIDC providers page, enter
the following values.
- Enter the OIDC provider name for your new OIDC provider.
- Optional: Enter the Contact name.
- Optional: Enter the Contact email
- Click Next..
- In the Connection details section in the OIDC providers page,
enter the following values.
- Enter the Client ID.
- Enter the Client secret.
- Enter the Issuer.
- Enter the Metadata URL.
- Optional: Provide a well-known URL.
- Enter the Authorization URL.
- Enter the Token URL.
- Optional: Enter the JWKS URI.
- Optional: Enter the Scopes. Note: Opined must be selected when choosing other scopes.
- Select the code challenge method, either plain or S256.
- Optional: Provide a JWS algorithm.
- Authorization code is preset as the Grant type.
- Click the checkboxes of your preferred Responds types.
- Select the Token endpoint authentication method.
- Select the Authorize HTTP method.
- Select the Response mode
- Optional: Click the checkbox to disable the Use PKCE.
- Click Create. The OIDC provider opens in edit mode.
- Make any changes to the OIDC provider fields .
- In the Outgoing transform section of the
Resources section, compute the attribute value by using a custom
rule. The following are examples of supported attributes in outgoing transforms.Authorization
Tokenrequest Map<String, Object> claims Map<String, List<String>> login_hint String custom_parameters Map<String, List<String>> custom_header_parameters Map<String, Object> subject String Current supported parameters are returned in a JSON - context: output := {} .... - return: jsonToString(context.output)
client_assertion Map<String, Object> custom_parameters Map<String, List<String>> custom_header_parameters Map<String, Object> subject String Current supported parameters are returned in a JSON - context: output := {} .... - return: jsonToString(context.output)
- In the Incoming transform section of the
Resources page, compute the attribute value by using a custom rule. Authorizaiton
- Transforms the data that gets sent in response to the authorization request.
- Transforms the response from the token request.
- Pulls data from the ID token and inserts it into the user context.
- Current supported parameters.
decision String Current supported parameters be returned in a JSON - context: output := {} .... - return: jsonToString(context.output)
- Click Create.