Page History
...
- Checking if the response contains the field "active". The value of the field is expected to be "true".
- Checking if the Access Token is not expired.
- Checking if the Client ID (aud) stored in the ID Token is the same as in the configuration of the Identity Service.
- Checking if the issuer (iss) stored in the ID Token is the same as the OIDC Authentication URL in the configuration of the Identity Service.
- Checking if the account (e-mail) stored in the ID Token is the same as in the field "email" in the answer of the userinfo endpoint.
- Checking if the signature is valid with the given public key. The public key is accessed from the certs endpoint. The certs endpoint is the value of jwks_uri in the response of the /.well-known/openid-configuration call. The response of the certs endpoint includes a number of keys. The public key is found in the field "n" in the element that includes the "kid" field with a value equal to the value of the "kid" field in the header of the ID Token.
...
After setting up the Client users can be added in Keycloak's "Users" view.
Google Identity Provider
| Status | ||||
|---|---|---|---|---|
|
Vault Identity Provider
| Status | ||||
|---|---|---|---|---|
|
...
Overview
Content Tools