Hi there .
Will try to help within my frame of reference ( a fully compliant oidc/oauth2 identityprovider).
Im using this one:
https://identityserver4.readthedocs.io/en/latest/intro/big_picture.html
this may be of help to understand the terms the fields are asking you.
https://identityserver4.readthedocs.io/en/latest/intro/terminology.html#terminology
In my particular case, integration went quite smooth, since the server fully complies with the protocol specs.
That information should live somewhere in your authorization service / server ( keycloak).
You will need to figure out where and how to configure your identity provider(idp) in order to fill those fields.
in Keycloak you should be able to create clientID/clientSecret Pair
as for the endpoints, and other data according to keycloak docs you shold be able to look up those values in the metadata document:
The discovery document can be obtained from:
http://${host}:${port}/auth/realms/${realm}/.well-known/uma2-configuration
https://www.keycloak.org/docs/4.8/authorization_services/#_service_authorization_api
scopes in an openid compliant idp may vary.
if you suppress this value, it will ask for the bare minimum (openid)., you could ask for other scopes ( eg: profile, email,your-custom-claim.
More info on resources / claims can be found here:
https://identityserver4.readthedocs.io/en/latest/topics/resources.html
Again, scopes and related claims should be defined / configured on your idp (keycloack)
the login attribute can be the sub claim ( default identifier emitted in an oauth token)
if your idp can emit other claims, you will be able to map them to canvas attributes .
Hope it helps.
This discussion post is outdated and has been archived. Please use the Community question forums and official documentation for the most current and accurate information.