This document summarizes all changes made to Identify REST API in version 5.14.
Certificates endpoint
The GET /Certificates endpoint has some new parameters: ignoreRawData, searchType, and searchValue.
- Affected operations:
GET /Certificates. -
Behaviors:
Name Data type Require? Default value Description ignoreRawData boolean ⬜️ false An option to reduce response size. When this setting is set to true, this endpoint will return certificates' information without raw data searchType string ⬜️ Thumbprint Specifies the certificate attribute that is used to search for certificates. Valid values are Thumbprint and Subject. The default value is Thumbprint. searchValue string ⬜️ N/A When this value is specified, Identify uses the {searchType, searchValue} pair to search for matched certificates. Search by Thumbprint uses exact comparison. Search by Subject looks for subjects that contain the searchValue. All comparisons are case-insensitive.
Connections endpoint
The OAuth authentication connection configuration section model has some new attributes:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
"configurations": [ { "clientId": "clientid", "clientSecret": "cliensecret", ... "authenticationType": "GenericOAuthProvider", "fetchEndpointsUrl": "https://path.to/.well-known/openid-configuration", "authorizationEndpoint": "https://path.to/authorize.idp", "tokenEndpoint": "https://path.to/token.idp", "userInformationEndpoint": "https://path.to/openidconnect/userinfo.idp", "logoutEndpoint": "https://path.to/openidconnect/logout.idp", "jwksEndpoint": "https://path.to/certs.idp", (*) "jwsAlgorithm": "RSASigning", (*) "symmetricSigningKey": "sym_key", (*) "signingCertificateRevocationCheck": "CheckChain", (*) ... } ], |
-
New configuration fields:
- jwksEndpoint
- jwsAlgorithm:
- Supported value:
RSASigning,HMACSymmetric, andNone - Default value:
None - symmetricSigningKey: this field is required when you configure the
jwsAlgorithmtoHMACSymmetric - signingCertificateRevocationCheck:
- Supported modes:
None,CheckEndCert,CheckEndCertCacheOnly,CheckChain,CheckChainCacheOnly,CheckChainExcludeRoot, andCheckChainExcludeRootCacheOnly - Default value:
None
-
Affected operations:
POST /connections,PUT /connections. -
Behaviors:
Name Data type Require? Default value Description jwksEndpoint string ✅ N/A Specifies the Jwks URL where Identify can fetch the public keys' information of OIDC Identity provider in the JWKS format. The setting can be filled automatically when the authenticationTypeis one of these values: Facebook, Microsoft, Google or when a valid.well-known/openid-configurationURL is specifiedjwsAlgorithm string ⬜️ None Specifies the JWS algorithm. Supported values are {None, RSASigning, HMACSymmetric} symmetricSigningKey string ⬜️ N/A Specifies the symmetric signing key. Required when jWSAlgorithmisHMACSymmetricsigningCertificateRevocationCheck string ⬜️ None Specifies the signing certificate revocation check mode: Node, CheckEndCert, CheckEndCertCacheOnly, CheckChain, CheckChainCacheOnly, CheckChainExcludeRoot or CheckChainExcludeRootCacheOnly.