Versions Compared

Old Version 2

changes.mady.by.user Arto Tuomi

Saved on

compared with

New Version Current

changes.mady.by.user Arto Tuomi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
bgColorlightblue
titleExercise 2.2 - Shibboleth OP Configuration

Everybody has a Shibboleth OP instance running on a virtual machine with public IP. The OP issuer name is https://IP_ADDRESS

  • What is the endpoint URL for the openid-configuration?

    Code Block
    titleHints, Tips and Result
    collapsetrue
    https://IP_ADDRESS/.well-known/openid-configuration


  • What are is the contents of the well-known endpoint?

    Code Block
    themeRDark
    titleHints, Tips and Result
    collapsetrue
    {
   "issuer":"https://192.168.0.150",
   "authorization_endpoint":"https://192.168.0.150/idp/profile/oidc/authorize",
   "registration_endpoint":"https://192.168.0.150/idp/profile/oidc/register",
   "token_endpoint":"https://192.168.0.150/idp/profile/oidc/token",
   "userinfo_endpoint":"https://192.168.0.150/idp/profile/oidc/userinfo",
   "jwks_uri":"https://192.168.0.150/oidc/keyset.jwk",
   "response_types_supported":[
      "code",
      "id_token",
      "token id_token",
      "code id_token",
      "code token",
      "code token id_token"
   ],
   "subject_types_supported":[
      "public",
      "pairwise"
   ],
   "grant_types_supported":[
      "authorization_code",
      "implicit",
      "refresh_token"
   ],
   "id_token_encryption_alg_values_supported":[
      "RSA1_5"
   ],
   "id_token_encryption_enc_values_supported":[
      "A128CBC-HS256"
   ],
   "id_token_signing_alg_values_supported":[
      "RS256",
      "RS384",
      "RS512",
      "HS256",
      "HS384",
      "HS512",
      "ES256"
   ],
   "userinfo_encryption_alg_values_supported":[
      "RSA1_5"
   ],
   "userinfo_encryption_enc_values_supported":[
      "A128CBC-HS256"
   ],
   "userinfo_signing_alg_values_supported":[
      "RS256",
      "RS384",
      "RS512",
      "HS256",
      "HS384",
      "HS512",
      "ES256"
   ],
   "request_object_signing_alg_values_supported":[
      "none",
      "RS256",
      "RS384",
      "RS512",
      "HS256",
      "HS384",
      "HS512",
      "ES256",
      "ES384",
      "ES512"
   ],
   "token_endpoint_auth_methods_supported":[
      "client_secret_basic",
      "client_secret_post",
      "client_secret_jwt",
      "private_key_jwt"
   ],
   "claims_parameter_supported":true,
   "request_parameter_supported":true,
   "request_uri_parameter_supported":false,
   "require_request_uri_registration":false,
   "display_values_supported":[
      "page"
   ],
   "scopes_supported":[
      "openid",
      "profile",
      "email",
      "address",
      "phone",
      "offline_access"
   ],
   "response_modes_supported":[
      "query",
      "fragment",
      "form_post"
   ],
   "claims_supported":[
      "aud",
      "iss",
      "sub",
      "iat",
      "exp",
      "acr",
      "auth_time",
      "email",
      "email_verified",
      "address",
      "phone",
      "phone_number_verified",
      "name",
      "family_name",
      "given_name",
      "middle_name",
      "nickname",
      "preferred_username",
      "profile",
      "picture",
      "website",
      "gender",
      "birthdate",
      "zoneinfo",
      "locale",
      "updated_at"
   ]
}


...