User Identification Dialog (OAuth)

The User Identification step is where you specify an attribute from an OAuth authorization server that the federation system uses to find a record in a user store.
casso127
HID_userid-oauth
The User Identification step is where you specify an attribute from an OAuth authorization server that the federation system uses to find a record in a user store.
  • Use Anonymous User
    Specifies that the user information is anonymous. If you select this option, the system searches the user directories for a user that matches the specified anonymous user to authenticate the user. If you clear this option, the system uses the claim value to authenticate the user.
  • Anonymous User
    If you selected the Use Anonymous User option, defines the name of the identifying attribute of the user in the user store.
  • User ID Attribute Name
    If the identifying attribute of the user must be retrieved from user claims, defines the user identifying claim from the OAuth user information.
    Example
    : email
    If the authorization server returns an attribute that the user wants as part of a multi-valued attribute, define the attribute name in the following format:
    parent_attribute:target_child_attribute
    Example
    : Windows Live returns email data as a multi-valued attribute in the JSON response. The attribute is in the following format:
    "emails": {
              "preferred": "[email protected]", 
              "account": "[email protected]", 
              "personal": null, 
              "business": null
       },
    To access the preferred email ID, the user must configure the attribute name as emails:preferred.
  • Scope
    Specifies the required type of permission the application is requesting from the user. For example, if the scope value is https://www.googleapis.com/auth/userinfo.profile, the application can gain read-only access to basic user profile information.
  • User Information Service URL
    Defines the user information URLs that the system must use to retrieve user claims. If Anonymous User is not selected, you must specify at least one user information URL. If Anonymous User is selected, you can specify a user information URL.
    Example
    :
    Value for Google: https://www.googleapis.com/oauth2/v1/userinfo
    Value for LinkedIn: https://api.linkedin.com/v1/people/~?format=json | https://api.linkedin.com/v1/people/~:(email-address)?format=json
    If LinkedIn is the OAuth authorization server, the format=json query parameter must be sent on the User Information Services URLs to let the system parse the returned data.
    WindowsLive returns email data as part of multi-valued claims.