Additional Configuration Attributes for OAuth2

The following attributes are applicable only if Authentication Method is selected as OAuth2:

To have customized headers as a part of the access token generation request, add the oauth_headers attribute as follows:

Copy 
<entry key="oauth_headers">   
 <value> 
    <Map> 
     <entry key="Content-Type" value="application/x-www-form-urlencoded" /> 
    </Map> 
  </value> 
</entry>

Web Services now uses access token configured in the application as authorization header for each endpoint, users would no longer require to specify the authorization header for each endpoint. If authorization is provided at endpoint level then it would precede over the access token.
SailPoint recommends to provide authorization header suffix in the access token provided. For example, Bearer <Access Token>.If no prefix is provided, then Web Services would by default provide Bearer as Authorization header prefix.

To send additional headers for token generation, add the oauth_headers attribute as follows:

Copy 
<entry key="oauth_headers">   
 <value> 
   <Map> 
    <entry key="customHeaderKey" value="customHeaderValue"/> 
   </Map> 
  </value> 
</entry> 

Web Services supports exclusion of headers in the OAuth2 request. The header keys for headers which are intended to be excluded from the OAuth2 request, can be added as comma separated values as follows:

<entry key="oauth_headers_to_exclude" value="Authorization,CUSTOM_HEADER"/>

For some managed systems, custom request parameters may be required to be part of the access token generation request.To send additional parameters for token generation, add the following entry:

Copy 
<entry key="oauth_request_parameters">   
 <value> 
    <Map> 
      <entry key="customParamKey" value="customParamValue"/> 
    </Map> 
  </value> 
</entry> 

To delete any of the standard request attributes which are not supported by managed systems access token generation requests, add the following entry:

<entry key="oauth_body_attrs_to_exclude" value="customParamKey1,customParamKey2"/>

(Optional) Used for SAML assertion generation, if additional header information is required then add the following entry:

Copy 
<entry key="saml_headers">  
  <value>    
    <Map>     
      <entry key="customHeaderKey" value="customHeaderValue"/>    
    </Map>  
  </value>
</entry>

(Optional) Used for SAML assertion generation, the key provided here would be excluded from the header while executing SAML Assertion generation request. The keys that need to be excluded can be added as comma separated values as follows:

<entry key="saml_headers_to_exclude" value="Authorization,CUSTOM_HEADER"/>

Contains the alg (algorithm that is used for signing the JWT assertion) as follows:

Copy 
<entry key="oAuthJwtHeader">   
 <value> 
    <Map> 
      <entry key="alg" value="RS256"/> 
    </Map> 
  </value> 
</entry> 

If required additional header attributes can be provided in this map.

Contains the aud (Audience), Expiry of the JWT assertion (exp), iss (Issuer), sub (Subject) as follows:

Copy 
<entry key="oAuthJwtPayload">   
  <value> 
    <Map> 
      <entry key="aud" value=""/> 
      <entry key="exp" value="15f"/> 
      <entry key="iss" value=""/> 
      <entry key="sub" value=""/> 
    </Map> 
  </value> 
</entry> 

If required additional payload attributes can be provided in this map. For additional attributes like jti, iat, nbf if only key (not value) is available in the map then it would consider the default values for the same.