Skip to content

/AWS1/CL_WKROIDCCONFIGINFO

Contains the OpenID Connect (OIDC) configuration information for Single Sign-On (SSO) authentication, including identity provider settings and client credentials.

CONSTRUCTOR

IMPORTING

Required arguments:

iv_companyid TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

Custom identifier your end users will use to sign in with SSO.

iv_scopes TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

The OAuth scopes requested from the identity provider, which determine what user information is accessible (e.g., 'openid profile email').

iv_issuer TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

The issuer URL of the identity provider, which serves as the base URL for OIDC endpoints and configuration discovery.

Optional arguments:

iv_applicationname TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

The name of the OIDC application as registered with the identity provider.

iv_clientid TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

The OAuth client ID assigned by the identity provider for authentication requests.

iv_clientsecret TYPE /AWS1/WKRSENSITIVESTRING /AWS1/WKRSENSITIVESTRING

The OAuth client secret used to authenticate the application with the identity provider.

iv_secret TYPE /AWS1/WKRSENSITIVESTRING /AWS1/WKRSENSITIVESTRING

An additional secret credential used by the identity provider for authentication.

iv_redirecturl TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

The callback URL where the identity provider redirects users after successful authentication. This URL must be registered with the identity provider.

iv_userid TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

The claim field from the OIDC token to use as the unique user identifier (e.g., 'email', 'sub', or a custom claim).

iv_customusername TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

A custom field mapping to extract the username from the OIDC token when the standard username claim is insufficient.

iv_cacertificate TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

The X.509 CA certificate for validating SSL/TLS connections to the identity provider when using self-signed or enterprise certificates.

iv_applicationid TYPE /AWS1/WKRINTEGER /AWS1/WKRINTEGER

The unique identifier for the registered OIDC application. Valid range is 1-10.

iv_ssotokenbufferminutes TYPE /AWS1/WKRINTEGER /AWS1/WKRINTEGER

The grace period in minutes before the SSO token expires when the system should proactively refresh the token to maintain seamless user access.

iv_extraauthparams TYPE /AWS1/WKRGENERICSTRING /AWS1/WKRGENERICSTRING

Additional authentication parameters to include in the OIDC authorization request as a query string. Useful for provider-specific extensions.

Queryable Attributes

applicationName

The name of the OIDC application as registered with the identity provider.

Accessible with the following methods

Method Description
GET_APPLICATIONNAME() Getter for APPLICATIONNAME, with configurable default
ASK_APPLICATIONNAME() Getter for APPLICATIONNAME w/ exceptions if field has no val
HAS_APPLICATIONNAME() Determine if APPLICATIONNAME has a value

clientId

The OAuth client ID assigned by the identity provider for authentication requests.

Accessible with the following methods

Method Description
GET_CLIENTID() Getter for CLIENTID, with configurable default
ASK_CLIENTID() Getter for CLIENTID w/ exceptions if field has no value
HAS_CLIENTID() Determine if CLIENTID has a value

companyId

Custom identifier your end users will use to sign in with SSO.

Accessible with the following methods

Method Description
GET_COMPANYID() Getter for COMPANYID, with configurable default
ASK_COMPANYID() Getter for COMPANYID w/ exceptions if field has no value
HAS_COMPANYID() Determine if COMPANYID has a value

scopes

The OAuth scopes requested from the identity provider, which determine what user information is accessible (e.g., 'openid profile email').

Accessible with the following methods

Method Description
GET_SCOPES() Getter for SCOPES, with configurable default
ASK_SCOPES() Getter for SCOPES w/ exceptions if field has no value
HAS_SCOPES() Determine if SCOPES has a value

issuer

The issuer URL of the identity provider, which serves as the base URL for OIDC endpoints and configuration discovery.

Accessible with the following methods

Method Description
GET_ISSUER() Getter for ISSUER, with configurable default
ASK_ISSUER() Getter for ISSUER w/ exceptions if field has no value
HAS_ISSUER() Determine if ISSUER has a value

clientSecret

The OAuth client secret used to authenticate the application with the identity provider.

Accessible with the following methods

Method Description
GET_CLIENTSECRET() Getter for CLIENTSECRET, with configurable default
ASK_CLIENTSECRET() Getter for CLIENTSECRET w/ exceptions if field has no value
HAS_CLIENTSECRET() Determine if CLIENTSECRET has a value

secret

An additional secret credential used by the identity provider for authentication.

Accessible with the following methods

Method Description
GET_SECRET() Getter for SECRET, with configurable default
ASK_SECRET() Getter for SECRET w/ exceptions if field has no value
HAS_SECRET() Determine if SECRET has a value

redirectUrl

The callback URL where the identity provider redirects users after successful authentication. This URL must be registered with the identity provider.

Accessible with the following methods

Method Description
GET_REDIRECTURL() Getter for REDIRECTURL, with configurable default
ASK_REDIRECTURL() Getter for REDIRECTURL w/ exceptions if field has no value
HAS_REDIRECTURL() Determine if REDIRECTURL has a value

userId

The claim field from the OIDC token to use as the unique user identifier (e.g., 'email', 'sub', or a custom claim).

Accessible with the following methods

Method Description
GET_USERID() Getter for USERID, with configurable default
ASK_USERID() Getter for USERID w/ exceptions if field has no value
HAS_USERID() Determine if USERID has a value

customUsername

A custom field mapping to extract the username from the OIDC token when the standard username claim is insufficient.

Accessible with the following methods

Method Description
GET_CUSTOMUSERNAME() Getter for CUSTOMUSERNAME, with configurable default
ASK_CUSTOMUSERNAME() Getter for CUSTOMUSERNAME w/ exceptions if field has no valu
HAS_CUSTOMUSERNAME() Determine if CUSTOMUSERNAME has a value

caCertificate

The X.509 CA certificate for validating SSL/TLS connections to the identity provider when using self-signed or enterprise certificates.

Accessible with the following methods

Method Description
GET_CACERTIFICATE() Getter for CACERTIFICATE, with configurable default
ASK_CACERTIFICATE() Getter for CACERTIFICATE w/ exceptions if field has no value
HAS_CACERTIFICATE() Determine if CACERTIFICATE has a value

applicationId

The unique identifier for the registered OIDC application. Valid range is 1-10.

Accessible with the following methods

Method Description
GET_APPLICATIONID() Getter for APPLICATIONID, with configurable default
ASK_APPLICATIONID() Getter for APPLICATIONID w/ exceptions if field has no value
HAS_APPLICATIONID() Determine if APPLICATIONID has a value

ssoTokenBufferMinutes

The grace period in minutes before the SSO token expires when the system should proactively refresh the token to maintain seamless user access.

Accessible with the following methods

Method Description
GET_SSOTOKENBUFFERMINUTES() Getter for SSOTOKENBUFFERMINUTES, with configurable default
ASK_SSOTOKENBUFFERMINUTES() Getter for SSOTOKENBUFFERMINUTES w/ exceptions if field has
HAS_SSOTOKENBUFFERMINUTES() Determine if SSOTOKENBUFFERMINUTES has a value

extraAuthParams

Additional authentication parameters to include in the OIDC authorization request as a query string. Useful for provider-specific extensions.

Accessible with the following methods

Method Description
GET_EXTRAAUTHPARAMS() Getter for EXTRAAUTHPARAMS, with configurable default
ASK_EXTRAAUTHPARAMS() Getter for EXTRAAUTHPARAMS w/ exceptions if field has no val
HAS_EXTRAAUTHPARAMS() Determine if EXTRAAUTHPARAMS has a value