-
Notifications
You must be signed in to change notification settings - Fork 24
How to write an oxd plugin
centroxy edited this page Jan 17, 2018
·
7 revisions
- URI of the OpenID Provider
- URI after logout
- Post-login redirect URL
- Client ID
- Client Secret
- oxd port/https url
Available scopes should be dynamically generated via discovery. At the very least, request-able scopes should include:
- openid
- profile
- ability to add a custom scope
-
Checkbox to choose supported ACRs (which should be dynamically discovered from the OP metadata), so the application can request specific types of authentication.
-
Checkbox to bypass the local authentication screen
Two options:
- Automatically login any user with an account in the OP
- Only register and allow ongoing access to users with one or more of the following roles in the OpenID Provider:
- Text field that enables user to add roles that should be checked upon new user authentication
- Provide ability for plugin admin to use ACR levels (Gluu Server specific) to set supported authentication methods, e.g.
required ACR level >= 4
orrequired ACR level >4
. This is useful in that it allows the app / plugin admin to request stronger authentication without explicitly requesting specific types of authentication, e.g. super gluu.