This page shows the state of the OpenId configuration and information that is useful for tracking down problems with the configuration.

State

The state of the connection. Possible values are

disabled

configuration incomplete

fetching configuration from OpenID server

OpenID configuration not compatible, refetching configuration after a timeout

OpenID configuration compatible

OpenId configuration elements

Authorization endpoint: URI which is used to login in myApps

JWKS URI: URI which is used to fetch neccessary keys to verify the id_token signature

Support for id_token response type: the response type id_token must be supported

Support for id_token signing algorithm RS256: the id_token signing algorithm RS256 must be used

Support for response mode form_post: the response mode form_post must be supported

Support for upn claim: the upn claim must be returned within the id_token

Support for unique-name claim: the unique-name claim must be returned within the id_token

Support for nonce claim: the nonce claim must be returned within the id_token

OpenId keys

a list of keys which can be used to verify the signature of an id_token

kid

x5t

n

e

TroubleShooting

State: OpenID configuration not compatible, refetching configuration after a timeout
No OpenID configuration retrieved yet! Check the OpenID URL and/or your network settings and if the OpenID server certificate is trusted!

This happens when the config file is not received/fetch at all by the Gateway so possible problems:

• DNS not solving correctly
• No connectivity to the target OpenID URL
• The Gateway doesn't Trust the certificate of the Web URL.