Page Comparison

Token specification

Drop Down

✅

oidc

Choose any of the supported token specification oidc, saml2p or ws-fed.

Client identificator

String

✅

webshop_android

Each client must be uniquely identified. Provide a value that you also must use in the clients configuration later on. Choose either something self explanatory or a random value if you wanna hide the purpose of the client as a security measurement.

Name

String

✅

Android Webshop Application

Identifies your client in a technical way in the system

Displayname

String

✅

Android Webshop Application

Non technical name used to display the application in various places such as the Self-Service Portal

Version 7 and above

Logout URI

URL

https://www.webshop.com/logout

If no logout URL is provided by the client, the user will be redirected to this URL after a logout.

Redirect Uri (Regex) *

REGEX Pattern

✅

regex:^https:\/\/webshop\.ch$

The client provides an URL where the user will be redirected to after a successful authentication. It’s good practice to test those URLs against a pattern to ensure that the user can only be redirected to previously configured URLs. This will significantly increase the security of the system.

Scope

Multi Value

profile email

A list of scopes that the client can request. If the client requests a scope that is not part of this configuration, he will not be able to perform an authentication.

Default level of authentication entry

Drop Down

✅

Default

Select a default level of authentication entry that will be used to determinate the authentication flow for the user.

Use Backend To Validate User Password

Checkbox

✅

Indicates if backend should be used to validate user password (which involves API call and checks password as well as password policies). Otherwise validation is done internally in Authentication Service and password policies are not checked.

Default value - TRUE