The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
| Configuration parameter | Description |
|---|---|
| QER\Structures | If the configuration parameter is set, hierarchical roles are supported. |
|
QER\Structures\DynamicGroupCheck |
This configuration parameter controls the generation of calculation tasks for dynamic roles. If the configuration parameter is not set, the subparameters do not apply. |
|
QER\Structures\DynamicGroupCheck\ |
If the parameter is set, a calculation task for modifications to employees or employee level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is planned to run. |
|
QER\Structures\DynamicGroupCheck\ |
If the parameter is set, a calculation task for modifications to employees or employee level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are queued the next time the schedule is run. |
|
QER\Structures\DynamicGroupCheck\ |
If the parameter is set, a calculation task for modifications to workdesks or workdesk level objects is queued immediately in the DBQueue Processor. If the parameter is not set, the calculation tasks are started the next time the schedule is planned to run. |
| QER\Structures\ExcludeStructures | Preprocessor relevant configuration parameter for defining the effectiveness of role memberships. If this parameter is set, mutually excluding roles can be defined. Changes to the parameter require recompiling the database. |
|
QER\Structures\Inherite\Person |
This configuration parameter specifies whether employees can inherit through primary assignments. |
|
QER\Structures\Inherite\Person\FromDepartment |
This configuration parameter specifies whether employees inherit assignments from their primary department (Person.UID_Department). |
|
QER\Structures\Inherite\Person\FromLocality |
This configuration parameter specifies whether employees inherit assignments from their primary location(Person.UID_Locality). |
|
QER\Structures\Inherite\Person\FromProfitCenter |
This configuration parameter specifies whether employees inherit assignments from their primary cost center(Person.UID_ProfitCenter). |
|
QER\Structures\Inherite\Hardware |
This configuration parameter specifies whether devices inherit through primary assignment. |
|
QER\Structures\Inherite\Hardware\FromDepartment |
This configuration parameter specifies whether devices inherit assignments from their primary department (Hardware.UID_Department). |
|
QER\Structures\Inherite\Hardware\FromLocality |
This configuration parameter specifies whether devices inherit assignments from their primary location(Hardware.UID_Locality). |
|
QER\Structures\Inherite\Hardware\FromProfitCenter |
This configuration parameter specifies whether devices inherit assignments from their primary cost center(Hardware.UID_ProfitCenter). |
|
QER\Structures\Inherite\Workdesk |
This configuration parameter specifies whether workdesks can inherit through primary assignments. |
|
QER\Structures\Inherite\Workdesk\FromDepartment |
This configuration parameter specifies whether workdesks inherit assignments from their primary department (Workdesk.UID_Department). |
|
QER\Structures\Inherite\Workdesk\FromLocality |
This configuration parameter specifies whether workdesks inherit assignments from their primary location (Workdesk.UID_Locality). |
|
QER\Structures\Inherite\Workdesk\FromProfitCenter |
This configuration parameter specifies whether workdesks inherit assignments from their primary cost center (Person.UID_ProfitCenter). |
The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
| Configuration parameter | Description |
|---|---|
| QER\Person |
If this configuration parameter is set, employee administration is supported. |
| QER\Person\CentralAccountGlobalUnique |
This configuration parameter specifies how the central user account is mapped. If this configuration parameter is set, the central user account for an employee is formed uniquely in relation to the central user accounts of all employees and the user account names of all permitted target systems. If the configuration parameter is not set, it is only formed uniquely related to the central user accounts of all employees. |
| QER\Person\DefaultMailDomain |
This configuration parameter contains the default mail domain. The value is used to establish an employee's email address. |
|
QER\Person\MasterIdentity |
Preprocessor relevant configuration parameter for controlling the component parts for administrating several identities of one employee. Changes to the parameter require recompiling the database.
If this parameter is set, several logical employees can be handled in the database for one physical employee (for example, an employee has different identities and account characteristics at different branches). |
|
QER\Person\MasterIdentity\UseMasterForAuthentication |
This configuration parameter specifies whether the main identity should be used to log in to One Identity Manager tools through an employee linked authentication module.
If this parameter is set, the main identity is used for employee linked authentication. If the parameter is not set, the subidentity for employee-linked authentication is used. |
| QER\Person\TemporaryDeactivation |
This configuration parameter controls the behavior between employees and user accounts if employees are temporarily inactivated. If the configuration parameter is set, the employee’s user accounts are locked if the employee is permanently or temporarily disabled. If the configuration parameter is not set, the employee’s properties do not have any effect on the associated user accounts. |
| QER\Person\UseCentralPassword |
This configuration parameter specifies whether the employee's central password is used in the user accounts. The employee’s central password is automatically mapped to the employee’s user account in all permitted target systems. This excludes privileged user accounts, which are not updated. |
| QER\Person\UseCentralPassword\PermanentStore |
This configuration parameter controls the storage period for central passwords. If the parameter is set, the employee’s central password is permanently stored. If the parameter is not set, the central password is only used for publishing to existing target system specific user accounts and is subsequently deleted from the One Identity Manager database. |
| SysConfig | If this configuration parameter is set, you can configure general settings for system behavior. |
| SysConfig\Display | If the configuration parameter is set, user interface design is supported. |
| SysConfig\Display\PersonalData | If en employee can be determined using the authentication module, this configuration parameter specifies whether data, requests, attestations, rule violations should be displayed in a category "My Data" in the Manager. |
| SysConfig\Display\SourceDetective | Preprocessor relevant configuration parameter for controlling how the source of an employee's entitlements are displayed. Changes to the parameter require recompiling the database. |
The following configuration parameters are additionally available in One Identity Manager after the module has been installed.
| Configuration parameter | Description |
|---|---|
| Hardware | Preprocessor relevant configuration parameter to control the database model components for device administration. If the parameter is set, the device administration components are available. Changes to the parameter require recompiling the database. |
| Hardware\AssetAccounting | Preprocessor parameter to control the model components for asset accounting. If the parameter is set, asset accounting components are available. Changes to the parameter require recompiling the database. |
| Hardware\Display | This configuration parameter specifies whether how device properties are displayed can be configured. |
| Hardware\Display\CustomHardwareType | This configuration parameter specifies whether new device with the appropriate device model is displayed on the custom form. |
| Hardware\Display\CustomHardwareType\MobilePhone | This configuration parameter contain data for a device type, which represents a mobile phone. |
| Hardware\Display\CustomHardwareType\Monitor |
This configuration parameter contains data for a device type, which represents a monitor. |
| Hardware\Display\CustomHardwareType\PC |
This configuration parameter contains data for a device type, which represents a PC. |
| Hardware\Display\CustomHardwareType\Printer |
This configuration parameter contains data for a device type, which represents a printer. |
| Hardware\Display\CustomHardwareType\Server |
This configuration parameter contains data for a device type, which represents a server. |
|
Hardware\Display\CustomHardwareType\Tablet |
This configuration parameter contains data for a device type, which represents a tablet. |
| Hardware\Display\DisplayResolutions |
This configuration parameter contains a pipe delimited list of all screen resolutions that are available for selection for the device's master data form. |
| Hardware\Display\MachineWithRPL |
This configuration parameter specifies whether data for remote rebooting of workstations and server can be edited. |
| Hardware\Workdesk | If this configuration parameter is set, workdesk administration is supported. |
| Hardware\Workdesk\WorkdeskAuto | This configuration parameter specifies whether a workdesk is automatically created in association with setting up a workstation or server. |
The following authentication modules are available for logging into One Identity Manager in once this module has been installed.
For more detailed information on authentication modules, see the One Identity Manager Configuration Guide.
|
Login Data |
Employee's central user account and password. |
|
Prerequisites |
The system user with permissions exists in the database. The employee exists in the database.
|
|
Set as default |
Yes |
|
Single Sign-On |
No |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
The user interface and the write permissions are loaded through the system user that is directly assigned to the logged in employee. Changes to the data are assigned to the logged in employee. |
|
Login Data |
The authentication module uses the Active Directory login data of user currently logged in on the workstation. |
|
Prerequisites |
The employee exists in the database. The employee is assigned at least one application role. The user account exists in the database and the employee is entered in the user account's master data. |
|
Set as default |
No |
|
Single Sign-On |
Yes |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
One Identity Manager searches for the user account according to the configuration and finds the employee assigned to the user account. If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
A dynamic system user determined from the employee's application roles. The user interface and the write permissions are loaded through this system user. Changes to the data are assigned to the logged in employee. |
Modify the following configuration parameters in the Designer to implement the authentication module.
| Configuration parameter | Meaning |
|---|---|
| QER\Person\OAuthAuthenticator | This configuration parameter specifies whether authentication through single sign-on is supported. |
| QER\Person\GenericAuthenticator\ SearchTable |
This configuration parameter contains the table in the One Identity Manager schema in which user information is stored. The table must contain a foreign key with the name UID_Person, which points to the table Person. Example: ADSAccount |
| QER\Person\GenericAuthenticator\ SearchColumn |
This configuration parameter contains the column from the One Identity Manager table (SearchTable), which is used to search for the user name of the current user. Example: CN |
| QER\Person\GenericAuthenticator\ EnabledBy |
This configuration parameter contains a pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) enabled by the user account for the login. |
| QER\Person\GenericAuthenticator\ DisabledBy |
This configuration parameter contains a pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) disabled by the user account for the login. Example: AccountDisabled |
|
Login Data |
Employee's central user account and password. |
|
Prerequisites |
The employee exists in the database.
The employee is assigned at least one application role. |
|
Set as default |
Yes |
|
Single Sign-On |
No |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
A dynamic system user determined from the employee's application roles. The user interface and the write permissions are loaded through this system user. Changes to the data are assigned to the logged in employee. |
|
Login Data |
Employee's central user account and password. |
|
Prerequisites |
The employee exists in the database.
The configuration data for dynamically determining the system user is defined in the application. Thus, an employee can, for example, be assigned a system user dynamically depending on their department membership. |
|
Set as default |
Yes |
|
Single Sign-On |
No |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
The application configuration data is used to determine a system user, which is automatically assigned to the employee. The user interface and write permissions are loaded through the system user that is dynamically assigned to the logged in employee. Changes to the data are assigned to the logged in employee. |
|
Login Data |
The authentication module uses the Active Directory login data of user currently logged in on the workstation. |
|
Prerequisites |
The system user with permissions exists in the database. The employee exists in the database.
|
|
Set as default |
No |
|
Single Sign-On |
Yes |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
All employee logins saved in the database are found. The employee whose login data matches that of the current user is used for logging in. If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
The user interface and access permissions are loaded through the system user that is directly assigned to the employee found. Data modifications are attributed to the current user account. |
|
Login Data |
The authentication module uses the Active Directory login data of user currently logged in on the workstation. |
|
Prerequisites |
The employee exists in the database.
The employee is assigned at least one application role. |
|
Set as default |
No |
|
Single Sign-On |
Yes |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
All employee logins saved in the database are found. The employee whose login data matches that of the current user is used for logging in. If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
A dynamic system user determined from the employee's application roles. The user interface and the write permissions are loaded through this system user. Data modifications are attributed to the current user account. |
The authorization module supports the authorization code for OAuth 2.0 and OpenID Connect. For more detailed information about the authorization code flow, see, for example, the OAuth Specification or the OpenID Connect Specification.
This authentication module uses a Secure Token Service for logging in. This login procedure can be used with every Secure Token Service which can return an OAuth 2.0 token.
|
Login Data |
Dependent on the authentication method of the secure token service. |
|
Prerequisites |
The system user with permissions exists in the database. The employee exists in the database.
The user account exists in the database and the employee is entered in the user account's master data. |
|
Set as default |
No |
|
Single Sign-On |
No |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
One Identity Manager determines which employee is assigned to the user account. If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
The user interface and access permissions are loaded through the system user that is directly assigned to the employee found. Data modifications are attributed to the current user account. To do this, the claim type whose value is used for labeling data changes must be declared. |
The respective user interface prompts for the authorization code. The configuration parameter "QER\Person\OAuthAuthenticator\LoginEndpoint" is used to open an extra login dialog box for determining the authorization code. The authentication module requires an access token from the token endpoint and the certificate is required to check the security token. In the process, an attempt is made to find the certificate from the web application configuration. If this is not possible, configuration parameters are applied. To find the certificate for testing the token, the certificate stores are queries in the following order:
In addition, the subject or finger print is used to check certificates from the server if they are given and do not exist locally on the server.
In addition, the subject or finger print is used to check certificates from the server if they are given and do not exist locally on the server.
A claim type is required to find the user account from the user information. In addition, it is specified which One Identity Manager schema information should be used to search for the user account.
Authentication through OpenID is built on OAuth. OpenID Connection authentication uses the same mechanisms, but make user claims available either in an ID token or through a UserInfo endpoint. Other configuration settings are required for using OpenID Connect. If the configuration parameter "QER\Person\OAuthAuthenticator\Scope" contains the value "openid", the authentication module uses OpenID Connect.
Modify the following configuration parameters in the Designer to implement the authentication module.
|
Configuration Parameter |
Meaning |
|---|---|
|
QER\Person\OAuthAuthenticator |
This configuration parameter specifies whether authentication is supported through security tokens. |
|
QER\Person\OAuthAuthenticator\ |
The configuration parameter contain the certificate endpoint's Uniform Resource Locator (URL) on the authorization server. Example: https://localhost/RSTS/SigningCertificate |
|
QER\Person\OAuthAuthenticator\ |
The configuration parameter contain the subject of the certificate to use for testing. Either subject or finger print must be set. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the fingerprint of the certificate used to verify the security token. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter specifies whether the client application supports this authentication. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the web application's Uniform Resource Name URN, which supports this authentication. Example: urn:OneIdentityManager/Web |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the native application's Uniform Resource Name URN, which supports this authentication. Example: urn:OneIdentityManager/WinClient |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains a pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) disabled by the user account for the login. Example: AccountDisabled |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains a pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) enabled by the user account for the login. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the certificate issuer's Uniform Resource Name (URN) for verifying the security token. Example: urn:STS/identity |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Locator (URL) of the Secure Token Service login page. Example: http://localhost/rsts/login |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Name (URN) of the resourec to be queried, for example ADFS. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the claim type's Uniform Resource Identifier (URI) found from the login data. Example: name of an entity http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the column from the One Identity Manager table (SearchTable), which is used to search for user data. Equivalent to the claim type (SearchClaim) in the One Identity Manager schema. Example: ObjectGUID |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the table in the One Identity Manager schema in which user information is stored. The table must contain a foreign key with the name UID_Person, which points to the table Person. Example: ADSAccount |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the token endpoint's Uniform Resource Identifier (URL) of the authorization server for returning the access token to the client for logging in. Example: https://localhost/rsts/oauth2/token |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the claim type's Uniform Resource Identifier (URL) used to label change data (XUserInserted, XUserUpdated).. Example: User Principle Name (UPN) http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Identifier (URL) for forwarding to installed applications. Example: urn:InstalledApplication |
|
QER\Person\OAuthAuthenticator\ |
The configuration parameter specifies whether self-signed certificates are allowed for connecting to the token and UserInfo endpoint. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the contents of the certificate as a Base64 coded string. It is used if no certificate is configured. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Identifier (URL) of the JSON Web Key endpoint, which supplies the signature key. At the moment, only JWK files, which contain the certificate in the x5c field are supported. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Identifier (URL) of the log off end point. Example: http://localhost/rsts/login?wa=wsignout1.0 |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Share-Secret value used for authenticating at the token enpoint. |
|
Configuration Parameter |
Meaning |
|---|---|
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter specifies the authentication log. If the configuration parameter has the value "openid", OpenID Connect is used and otherwise OAuth2. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Locator (URL) of the OpenID Connection UserInfo endpoint. |
The authorization module supports the authorization code for OAuth 2.0 and OpenID Connect. For more detailed information about the authorization code flow, see, for example, the OAuth Specification or the OpenID Connect Specification.
This authentication module uses a Secure Token Service for logging in. This login procedure can be used with every Secure Token Service which can return an OAuth 2.0 token.
|
Login Data |
Dependent on the authentication method of the secure token service. |
|
Prerequisites |
The employee exists in the database. The employee is assigned at least one application role. The user account exists in the database and the employee is entered in the user account's master data. |
|
Set as default |
No |
|
Single Sign-On |
No |
|
Front-end login allowed |
Yes |
|
Web Portal login allowed |
Yes |
|
Remarks |
One Identity Manager determines which employee is assigned to the user account. If an employee owns more than one identity, the configuration parameter "QER\Person\MasterIdentity\UseMasterForAuthentication" controls which employee is used for authentication.
A dynamic system user determined from the employee's application roles. The user interface and the write permissions are loaded through this system user. Data modifications are attributed to the current user account. To do this, the claim type whose value is used for labeling data changes must be declared. |
The respective user interface prompts for the authorization code. The configuration parameter "QER\Person\OAuthAuthenticator\LoginEndpoint" is used to open an extra login dialog box for determining the authorization code. The authentication module requires an access token from the token endpoint and the certificate is required to check the security token. In the process, an attempt is made to find the certificate from the web application configuration. If this is not possible, configuration parameters are applied. To find the certificate for testing the token, the certificate stores are queries in the following order:
In addition, the subject or finger print is used to check certificates from the server if they are given and do not exist locally on the server.
In addition, the subject or finger print is used to check certificates from the server if they are given and do not exist locally on the server.
A claim type is required to find the user account from the user information. In addition, it is specified which One Identity Manager schema information should be used to search for the user account.
Authentication through OpenID is built on OAuth. OpenID Connection authentication uses the same mechanisms, but make user claims available either in an ID token or through a UserInfo endpoint. Other configuration settings are required for using OpenID Connect. If the configuration parameter "QER\Person\OAuthAuthenticator\Scope" contains the value "openid", the authentication module uses OpenID Connect.
Modify the following configuration parameters in the Designer to implement the authentication module.
|
Configuration Parameter |
Meaning |
|---|---|
|
QER\Person\OAuthAuthenticator |
This configuration parameter specifies whether authentication is supported through security tokens. |
|
QER\Person\OAuthAuthenticator\ |
The configuration parameter contain the certificate endpoint's Uniform Resource Locator (URL) on the authorization server. Example: https://localhost/RSTS/SigningCertificate |
|
QER\Person\OAuthAuthenticator\ |
The configuration parameter contain the subject of the certificate to use for testing. Either subject or finger print must be set. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the fingerprint of the certificate used to verify the security token. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter specifies whether the client application supports this authentication. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the web application's Uniform Resource Name URN, which supports this authentication. Example: urn:OneIdentityManager/Web |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the native application's Uniform Resource Name URN, which supports this authentication. Example: urn:OneIdentityManager/WinClient |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains a pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) disabled by the user account for the login. Example: AccountDisabled |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains a pipe (|) delimited list of Boolean columns from the One Identity Manager table (SearchTable) enabled by the user account for the login. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the certificate issuer's Uniform Resource Name (URN) for verifying the security token. Example: urn:STS/identity |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Locator (URL) of the Secure Token Service login page. Example: http://localhost/rsts/login |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Name (URN) of the resourec to be queried, for example ADFS. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the claim type's Uniform Resource Identifier (URI) found from the login data. Example: name of an entity http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the column from the One Identity Manager table (SearchTable), which is used to search for user data. Equivalent to the claim type (SearchClaim) in the One Identity Manager schema. Example: ObjectGUID |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the table in the One Identity Manager schema in which user information is stored. The table must contain a foreign key with the name UID_Person, which points to the table Person. Example: ADSAccount |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the token endpoint's Uniform Resource Identifier (URL) of the authorization server for returning the access token to the client for logging in. Example: https://localhost/rsts/oauth2/token |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the claim type's Uniform Resource Identifier (URL) used to label change data (XUserInserted, XUserUpdated).. Example: User Principle Name (UPN) http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Identifier (URL) for forwarding to installed applications. Example: urn:InstalledApplication |
|
QER\Person\OAuthAuthenticator\ |
The configuration parameter specifies whether self-signed certificates are allowed for connecting to the token and UserInfo endpoint. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the contents of the certificate as a Base64 coded string. It is used if no certificate is configured. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Identifier (URL) of the JSON Web Key endpoint, which supplies the signature key. At the moment, only JWK files, which contain the certificate in the x5c field are supported. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Identifier (URL) of the log off end point. Example: http://localhost/rsts/login?wa=wsignout1.0 |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Share-Secret value used for authenticating at the token enpoint. |
|
Configuration Parameter |
Meaning |
|---|---|
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter specifies the authentication log. If the configuration parameter has the value "openid", OpenID Connect is used and otherwise OAuth2. |
|
QER\Person\OAuthAuthenticator\ |
This configuration parameter contains the Uniform Resource Locator (URL) of the OpenID Connection UserInfo endpoint. |
© 2023 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy
