Skip to content

Example Exchange Token Federation Configurations

The following is a list of Identity Providers (IP) we’ve tested Token Exchange Federation with. Other IPs could also be used for Platform6 EX_FED but will probably require some assistance from support to get the configuration correct.

Sidetrade I

Property Name Value
exfed.token.claims Email,Role,FirstName,LastName,NotifyEmail
exfed.token.email.claim Email
oidc.given.name.claim FirstName
oidc.family.name.claim LastName
exfed.auto.provision.permissions.claim Role
exfed.auto.provision.permissions.org.path /dev/Sidetrade Roles
oidc.jwks.endpoint https://cloud-[platform-id]-web-oauth.sidetrade.com/.well-known/openid-configuration/jwks
exfed.auto.provision.user.property.claims.mappings NotifyEmail=notifyUserEmail

Sidetrade II

This is an example of a configuration that uses no PII(personally identifiable information)

Property Name Value
exfed.token.claims Email
exfed.token.email.claim Email
exfed.auto.provision.permissions.claim Role
exfed.auto.provision.permissions.org.path /dev/Sidetrade Roles
oidc.jwks.endpoint https://cloud-[platform-id]-web-oauth.sidetrade.com/.well-known/openid-configuration/jwks

Note

Email is a unique but generated address derived from Sidetrade technical identifiers so is not an email with a corresponding mailbox Role again is a numeric identifier

Warning

When excluding all PII from the federation, an admin would be required to set a userNotifyEmail property on an auto-provisioned user if and only if the user was a workflow user who required email notifications (i.e. a real mailbox was required)