Skip to content

Sector Identifier#

Janssen Server supports sector identifier URI and pairwise subject IDs for OpenId Connect relying party. As defined in OpenId Connect core specification, the sector identifiers value is used to derive pairwise subject IDs. Janssen Server also supports Sector Identifier URI as part of client configuration. Sector Identifier URI when used with pairwise subject type, enables a group of websites under the same administrative control to receive the same subject identifiers. Sector Identifier URI also allows clients to change the host component of the redirect URI and still keep the subject identifiers unchanged.

Configuring Sector Identifier#

Janssen Server runs below mentioned checks on value configured for Sector Identifier URI:

  • URI should have a https schema
  • URI should be accessible to Janssen Server and the response should be a valid JSON array of redirect URIs
  • All redirect URI received in response must exist in the list of the redirect URI provided by the client at the registration time

Note

If the client can not host an endpoint that will be reachable by Sector Identifier URI, then in order to use the pairwise subject IDs, the client must supply a Redirect URI list where URIs have the same host component. The host component value will be used as the sector identifier.

Configuration With Pairwise Subject Type#

How sector identifier value is used to derive value for the pairwise subject identifier is detailed in the OIDC core specification.

Janssen Server allows clients/RPs to set subject type. The public subject type is the default and the client/RP can choose to use the pairwise type. When using TUI, this can be configured from the client configuration screen below:

When the pairwise subject type is selected, the value for Sector Identifier URI can be left blank if all redirect URIs have the same host component. If the list of redirect URIs contains multiple host names, providing a Sector Identifier URI is a must. When Sector Identifier URI is provided, the host component of the URI is used as a sector identifier.

Configuration Properties#

Janssen Server allows customization concerning sector identifiers using the properties below:

Want to contribute?#

If you have content you'd like to contribute to this page in the meantime, you can get started with our Contribution guide.


Last update: 2024-09-27
Created: 2022-07-21