Merge pull request #28 from mposolda/master

KEYCLOAK-3318 Documentation for parameters forwarding from adapter. M…
This commit is contained in:
Marek Posolda 2016-07-22 13:48:52 +02:00 committed by GitHub
commit 347afd6977
3 changed files with 36 additions and 5 deletions

View file

@ -29,6 +29,7 @@
... link:topics/oidc/java/adapter-context.adoc[Security Context] ... link:topics/oidc/java/adapter-context.adoc[Security Context]
... link:topics/oidc/java/adapter_error_handling.adoc[Error Handling] ... link:topics/oidc/java/adapter_error_handling.adoc[Error Handling]
... link:topics/oidc/java/logout.adoc[Logout] ... link:topics/oidc/java/logout.adoc[Logout]
... link:topics/oidc/java/params_forwarding.adoc[Parameters Forwarding]
... link:topics/oidc/java/multi-tenancy.adoc[Multi Tenancy] ... link:topics/oidc/java/multi-tenancy.adoc[Multi Tenancy]
... link:topics/oidc/java/application-clustering.adoc[Application Clustering] ... link:topics/oidc/java/application-clustering.adoc[Application Clustering]

View file

@ -0,0 +1,32 @@
==== Parameters Forwarding
The {{book.project.name}} initial authorization endpoint request has support for various parameters. Most of the parameters are described in
http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification] . Some parameters are added automatically by adapter based
on the adapter configuration. However there are also few parameters, which can be added on per-invocation basis. When you open the secured application URI,
the particular parameter will be forwarded to the {{book.project.name}} authorization endpoint.
For example, if you request offline token, then you can open the secured application URI with the `scope` parameter like:
[source]
----
http://myappserver/mysecuredapp?scope=offline_access
----
and the parameter `scope=offline_access` will be automatically forwarded to the {{book.project.name}} authorization endpoint.
The supported parameters are actually:
* scope
* prompt
* max_age
* login_hint
* kc_idp_hint
Most of the parameters are described in the http://openid.net/specs/openid-connect-core-1_0.html#AuthorizationEndpoint[OIDC specification].
The only exception is parameter `kc_idp_hint`, which is specific to {{book.project.name}} and contains the name of Identity provider to automatically use.
More info in {{book.adminguide.link}}[{{book.adminguide.name}}] in `Identity Brokering` section.

View file

@ -255,7 +255,8 @@ Redirects to login form on (options is an optional object with redirectUri and/o
Options is an Object, where: Options is an Object, where:
* redirectUri - Specifies the uri to redirect to after login. * redirectUri - Specifies the uri to redirect to after login.
* prompt - By default the login screen is displayed if the user is not logged-in to {{book.project.name}}. To only authenticate to the application if the user is already logged-in and not display the login page if the user is not logged-in, set this option to `none`. * prompt - By default the login screen is displayed if the user is not logged-in to {{book.project.name}}. To only authenticate to the application if the user is already logged-in and not display the login page if the user is not logged-in, set this option to `none`. To always require re-authentication and ignore SSO, set this option to `login` .
* maxAge - Used just if user is already authenticated. Specifies maximum time since the authentication of user happened. If user is already authenticated for longer time than `maxAge`, the SSO is ignored and he will need to re-authenticate again.
* loginHint - Used to pre-fill the username/email field on the login form. * loginHint - Used to pre-fill the username/email field on the login form.
* action - If value is 'register' then user is redirected to registration page, otherwise to login page. * action - If value is 'register' then user is redirected to registration page, otherwise to login page.
* locale - Specifies the desired locale for the UI. * locale - Specifies the desired locale for the UI.
@ -264,10 +265,7 @@ Options is an Object, where:
Returns the URL to login form on (options is an optional object with redirectUri and/or prompt fields). Returns the URL to login form on (options is an optional object with redirectUri and/or prompt fields).
Options is an Object, where: Options is an Object, which supports same options like the function `login` .
* redirectUri - Specifies the uri to redirect to after login.
* prompt - Can be set to 'none' to check if the user is logged in already (if not logged in, a login form is not displayed).
====== logout(options) ====== logout(options)