The HTTP Oauth2 Token Introspection Authorization Mechanism is used to define OAuth2 authorization using an introspection (RFC7662) compliant authorization server.
Indicates whether the HTTP Oauth2 Authorization Mechanism is enabled for use.
Default Value
false
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
access-token-cache-expiration
Description
Token cache expiration
Default Value
None
Allowed Values
A duration Syntax. Lower limit is 0 seconds. Upper limit is 2147483647 seconds.
Multi-valued
No
Required
No
Admin Action Required
None
Advanced Property
No
Read-only
No
authzid-json-pointer
Description
Specifies the JSON pointer to the value to use as Authorization ID. The JSON pointer is applied to the resolved access token JSON document. (example: /uid)
Default Value
None
Allowed Values
A String
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
client-id
Description
Client's ID to use during the HTTP basic authentication against the authorization server.
Default Value
None
Allowed Values
A String
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
client-secret
Description
Client's secret to use during the HTTP basic authentication against the authorization server.
Default Value
None
Allowed Values
A String
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
enabled
Description
Indicates whether the HTTP Authorization Mechanism is enabled.
Default Value
None
Allowed Values
true
false
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
identity-mapper
Description
> Specifies the name of the identity mapper to use in conjunction with the authzid-json-pointer to get the user corresponding to the acccess-token.
Default Value
None
Allowed Values
The DN of any Identity Mapper. The referenced identity mapper must be enabled when the HTTP Oauth2 Authorization Mechanism is enabled.
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
key-manager-provider
Description
Specifies the name of the key manager that should be used with this HTTP Oauth2 Token Introspection Authorization Mechanism .
Default Value
None
Allowed Values
The DN of any Key Manager Provider. The referenced key manager provider must be enabled.
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately, but only for subsequent requests to the authorization server.
Advanced Property
No
Read-only
No
required-scope
Description
Scopes required to grant access to the service.
Default Value
None
Allowed Values
A String
Multi-valued
Yes
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
token-introspection-url
Description
Defines the token introspection endpoint URL where the access-token resolution request should be sent. (example: http://example.com/introspect)
Default Value
None
Allowed Values
A String
Multi-valued
No
Required
Yes
Admin Action Required
None
Advanced Property
No
Read-only
No
trust-manager-provider
Description
Specifies the name of the trust manager that should be used when negotiating SSL connections with the remote authorization server.
Default Value
By default, no trust manager is specified indicating that only certificates signed by the authorities associated with this JVM will be accepted.
Allowed Values
The DN of any Trust Manager Provider. The referenced trust manager provider must be enabled when SSL is enabled.
Multi-valued
No
Required
No
Admin Action Required
None. Changes to this property take effect immediately, but only impact subsequent SSL connection negotiations.
Advanced Property
No
Read-only
No
Advanced Properties
java-class
Description
Specifies the fully-qualified name of the Java class that provides the HTTP Oauth2 Token Introspection Authorization Mechanism implementation.