OAuth Introspection

Authentication details are passed to a server for verification by using an OAuth introspection endpoint.

When OAuth Introspection Authentication is enabled, the WebSEAL configuration parameter sessionlifetime timeout, which is controlled by the timeout entry in the [session] stanza of the WebSEAL configuration file, is ignored. The session lifetime is set to the OAuth token expiry time.