We would like two additional parameters (acr_values, display) for the OPENID PROVIDERS definition in the Intelligent Application Manager (or indicium/appsettings.json). We need these paramaters for the eIDAS integration (openID provider) as part of the multi-factor authentication in our solution. See the example below:
Some background information on openID standard
https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
+5Hello Math,
We will be looking into allowing additional parameters to be configured for OpenID providers in IAM. Until then, I think you could solve this problem by configuring an outbound rewrite rule.
Assuming that Indicium is hosted on IIS you can follow the steps below. If not, then you could apply a similar solution elsewhere.
I used the following value to match the Location header returned in the response. When a user clicks the button to sign in with an Identity Provider, Indicium will redirect the browser to the Authorization URL of that Identity provider. Redirects are done by means of a 302 response with a Location header indicating where the browser should redirect to. So the idea here is that we capture all redirects to the specified Identity Provider. You can make this condition more or less specific if that seems better to you.
.*/AutentIDConnect/npa/authorize?.*Then at the Action part, we will rewrite this Location header and add the necessary parameters to it:
{RESPONSE_LOCATION}&acr_values=http://eidas.europa.eu/LoA/high&display=no_eidas_country_selectionNote that I have not tested any of this. There could be some mistakes in my example, but the general idea should work.
I hope this helps.
+9Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
