Merge pull request #28 from mposolda/master
KEYCLOAK-3318 Documentation for parameters forwarding from adapter. M…
This commit is contained in:
commit
347afd6977
3 changed files with 36 additions and 5 deletions
|
@ -29,6 +29,7 @@
|
||||||
... link:topics/oidc/java/adapter-context.adoc[Security Context]
|
... link:topics/oidc/java/adapter-context.adoc[Security Context]
|
||||||
... link:topics/oidc/java/adapter_error_handling.adoc[Error Handling]
|
... link:topics/oidc/java/adapter_error_handling.adoc[Error Handling]
|
||||||
... link:topics/oidc/java/logout.adoc[Logout]
|
... link:topics/oidc/java/logout.adoc[Logout]
|
||||||
|
... link:topics/oidc/java/params_forwarding.adoc[Parameters Forwarding]
|
||||||
... link:topics/oidc/java/multi-tenancy.adoc[Multi Tenancy]
|
... link:topics/oidc/java/multi-tenancy.adoc[Multi Tenancy]
|
||||||
... link:topics/oidc/java/application-clustering.adoc[Application Clustering]
|
... link:topics/oidc/java/application-clustering.adoc[Application Clustering]
|
||||||
|
|
||||||
|
|
32
topics/oidc/java/params_forwarding.adoc
Normal file
32
topics/oidc/java/params_forwarding.adoc
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
|
||||||
|
==== Parameters Forwarding
|
||||||
|
|
||||||
|
The {{book.project.name}} initial authorization endpoint request has support for various parameters. Most of the parameters are described in
|
||||||
|
http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification] . Some parameters are added automatically by adapter based
|
||||||
|
on the adapter configuration. However there are also few parameters, which can be added on per-invocation basis. When you open the secured application URI,
|
||||||
|
the particular parameter will be forwarded to the {{book.project.name}} authorization endpoint.
|
||||||
|
|
||||||
|
For example, if you request offline token, then you can open the secured application URI with the `scope` parameter like:
|
||||||
|
|
||||||
|
[source]
|
||||||
|
----
|
||||||
|
http://myappserver/mysecuredapp?scope=offline_access
|
||||||
|
----
|
||||||
|
|
||||||
|
and the parameter `scope=offline_access` will be automatically forwarded to the {{book.project.name}} authorization endpoint.
|
||||||
|
|
||||||
|
The supported parameters are actually:
|
||||||
|
|
||||||
|
* scope
|
||||||
|
|
||||||
|
* prompt
|
||||||
|
|
||||||
|
* max_age
|
||||||
|
|
||||||
|
* login_hint
|
||||||
|
|
||||||
|
* kc_idp_hint
|
||||||
|
|
||||||
|
Most of the parameters are described in the http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification].
|
||||||
|
The only exception is parameter `kc_idp_hint`, which is specific to {{book.project.name}} and contains the name of Identity provider to automatically use.
|
||||||
|
More info in {{book.adminguide.link}}[{{book.adminguide.name}}] in `Identity Brokering` section.
|
|
@ -255,7 +255,8 @@ Redirects to login form on (options is an optional object with redirectUri and/o
|
||||||
Options is an Object, where:
|
Options is an Object, where:
|
||||||
|
|
||||||
* redirectUri - Specifies the uri to redirect to after login.
|
* redirectUri - Specifies the uri to redirect to after login.
|
||||||
* prompt - By default the login screen is displayed if the user is not logged-in to {{book.project.name}}. To only authenticate to the application if the user is already logged-in and not display the login page if the user is not logged-in, set this option to `none`.
|
* prompt - By default the login screen is displayed if the user is not logged-in to {{book.project.name}}. To only authenticate to the application if the user is already logged-in and not display the login page if the user is not logged-in, set this option to `none`. To always require re-authentication and ignore SSO, set this option to `login` .
|
||||||
|
* maxAge - Used just if user is already authenticated. Specifies maximum time since the authentication of user happened. If user is already authenticated for longer time than `maxAge`, the SSO is ignored and he will need to re-authenticate again.
|
||||||
* loginHint - Used to pre-fill the username/email field on the login form.
|
* loginHint - Used to pre-fill the username/email field on the login form.
|
||||||
* action - If value is 'register' then user is redirected to registration page, otherwise to login page.
|
* action - If value is 'register' then user is redirected to registration page, otherwise to login page.
|
||||||
* locale - Specifies the desired locale for the UI.
|
* locale - Specifies the desired locale for the UI.
|
||||||
|
@ -264,10 +265,7 @@ Options is an Object, where:
|
||||||
|
|
||||||
Returns the URL to login form on (options is an optional object with redirectUri and/or prompt fields).
|
Returns the URL to login form on (options is an optional object with redirectUri and/or prompt fields).
|
||||||
|
|
||||||
Options is an Object, where:
|
Options is an Object, which supports same options like the function `login` .
|
||||||
|
|
||||||
* redirectUri - Specifies the uri to redirect to after login.
|
|
||||||
* prompt - Can be set to 'none' to check if the user is logged in already (if not logged in, a login form is not displayed).
|
|
||||||
|
|
||||||
====== logout(options)
|
====== logout(options)
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue