Administration Guide > OAuth Domain Administration > Hybrid OAuth2 Domain
 
Hybrid OAuth2 Domain
TDV supports a Hybrid OAuth2 domain to enable the use of existing group privileges that are configured in other domains, for example, LDAP. To create a hybrid OAuth2 domain, follow these steps:
1. Launch Manager.
2. From the SECURITY tab, choose Domain Management.
3. Click Add Domain.
4. Enter the Domain Name. The domain name will be part of the login.
When the process of adding the domain is complete, this name is displayed in the Domain Name column and as part of the login (lower case only).
5. Specify the domain type as Hybrid OAuth2.
6. The following table describes the different fields in the New Domain window for the Hybrid OAuth2 Domain:
 
Field
Description
Issuer Value
This is the location where resources containing information about the authorization server are published.
The issuer generally matches the “iss” value in the payload section of the bearer token.
User ID Claim
Claims are key/value pairs that contain information about a user. This field represents the Claim name containing the User ID. By default it takes the value “upn”.
Issuer Claim
Indicates the domain binding claim name. If this is not set, “iss” is the default value. This field is used to receive tokens that do not carry an “iss” claim.
Group Claim
Indicates the key that is part of the token and holds the different groups defined in TDV.
Group Format
The domain and principal given in a specific format. if left blank, the default format is domain/principal. A delimiter is required.
Group Separator
Indicates the separator used in the list of TDV groups. The default is space.
Validation
The method used for validating the token. It can be Secret, Public Key or JWKS.
JWKS - JSON Web Key Set endpoint containing information about public keys. The public keys are used to verify the JSON Web Token (bearer token) issued by the authorization server.
Secret - The Secret is part of the signature in the bearer token. The signature is a hash generated by a cryptographic algorithm looking at the header and payload. The hash will be used to verify that the token created by the authorization server has not been tampered.
Public Key - This is the authorization server’s Public Key. Public keys are in JSON Web Key (JWK) format and is used to verify the bearer token issued by the authorization server.
Claim Info Endpoint
The Claim Info Endpoint is an OAuth2 protected resource that returns Claims about the authenticated End-User.
Claim Info JSON
The specific Claim as a name and value pair in JSON format, for which you can assign privileges and define rules and policies to access the published TDV resources. Multiple Claims can be given as comma-separated. The Claim values can also be in an array.
Annotation
This is an optional description for the domain.
7. Click OK.