Appendix
The following topics are covered in the Appendix:
HTTP response types
For reference below a list with HTTP status codes based on IETF Consensus. The status codes are divided in the following categories:
| Code range | Meaning | Description |
|---|---|---|
| 1xx | Informational | Request received, continuing process |
| 2xx | Success | The action was successfully received, understood, and accepted |
| 3xx | Redirection | Further action must be taken in order to complete the request |
| 4xx | Client Error | The request contains bad syntax or cannot be fulfilled |
| 5xx | Server Error | The server failed to fulfill an apparently valid request |
The following status codes are used:
| Code | Meaning | RFC |
|---|---|---|
| 200 | OK | RFC2616 |
| 204 | No Content | RFC2616 |
| 302 | Found | RFC2616 |
| 400 | Bad Request | RFC2616 |
| 401 | Unauthorized | RFC2616 |
| 404 | Not Found | RFC2616 |
| 405 | Method Not Allowed | RFC2616 |
| 406 | Not Acceptable | RFC2616 |
| 409 | Conflict | RFC2616 |
| 415 | Unsupported Media Type | RFC2616 |
| 500 | Internal Server Error | RFC2616 |
Scope authentication endpoint
When the user authentication level is lower then the required level for the requested scope the user will be redirected to the specified endpoint. The user authentication level is extracted from the values of the user header. See configure header authentication.
Docker Compose environment variables
| Property | Description |
|---|---|
| TOKEN_SERVER_ENGINE_AUTHENTICATION_ENDPOINT | Uri of the endpoint handling step up to enable the user to increase his authentication level |
Request parameters received by endpoint
| Request parameter | Description |
|---|---|
| redirect_uri | Redirect Uri requested in the authorization grant request |
| auth_level | The authentication level (integer value) required for the requested set of scopes. This parameter will contain the highest required value. |
Links
- JCE http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
- Thymeleaf documentation: http://www.thymeleaf.org/doc/tutorials/2.1/usingthymeleaf.html
- The Onegini Token Server only sends the APP the cid and cs if the response to the OCRA challenge was correct.
- OAuth 2.0 https://tools.ietf.org/html/rfc6749#section-5.2