Skip to main content
Version: 7.2405.x.x LTS

OIDCProviderMetadataFetcherState

nevisAuth 4.38.x HTTP client changes

The new HTTP client shipped with nevisAuth 4.38.0.12 will likely require changes in this auth state configuration, specifically in the area of certificate configuration and handling.

Visit Appendix H for additional information.

Introduction and overview

OpenID providers have metadata describing their configuration such as the URL to their endpoints and URLs to key material. The AuthState OIDCProviderMetadataFetcherState fetches this provider metadata from the given URL and propagates it in the configured scope for further processing by other AuthStates.

Description

The following table and chapters describe the characteristics of the AuthState.

TopicDescription
Classch.nevis.esauth.auth.states.oauth2.openid.rp.OIDCProviderMetadataFetcherState
LoggingOIDCRelyingParty
Auditingnone
Markernone
Methodsprocess (Requests the provider metadata from the configured URL)

Properties

  • providerMetadataURL (string)

    The URL of the provider metadata document to be fetched over HTTP.

  • propagationScope (string, session)

    Value or variable containing the Access Token to use in the Userinfo Request being sent to the Userinfo Endpoint.

  • httpclient.* (String)

    Configure the outgoing HTTP communication towards the metadata provider. For a list of valid HTTP properties, see HTTP Client.

Input

none

Transitions

  • failed

    If no valid provider metadata document could be retrieved.

  • ok

    A valid metadata document could be retrieved.

Output

  • session:[AuthStateName].providerMetadata

    The provider metadata retrieved from the configured URL.

Errors

none

Notes

none

Example

<AuthState name="OIDCProviderMetadataFetcherState" class="ch.nevis.esauth.auth.states.oauth2.openid.rp.OIDCProviderMetadataFetcherState" authLevel="auth.test">
<ResultCond name="ok" next="RelyingParty"/>
<ResultCond name="failed" next="AuthError"/>
<property name="providerMetadataURL" value="https://accounts.google.com/.well-known/openid-configuration" />
</AuthState>