Onegini Token Server API configuration¶
Onegini IdP utilizes APIs in the Onegini Token Server for mobile login and to manage the user's devices. This page describes the configuration to setup the connection between the two components.
For this example we assume that Onegini IdP runs on host
idp.example.com and Onegini Token Server on host
The Onegini Token Server protects these APIs via an API client. Configure an API client in the Onegini Token Server that gives access to the Mobile Authentication API and the End User API.
To configure the Onegini Token Server API login to the admin panel. Then go to
Fill in all the configuration fields and click the
The configuration consists of the following properties:
|Base URL||Base URL of the Onegini Token Server, e.g.
|API username||Username of the API client in the Onegini Token Server|
|API password||Password of the API client in the Onegini Token Server|
|Base Callback URL||Base URL of the callback to which the Onegini Token Server redirects the user after initializing the mobile authentication. For mobile login it will be resolved from request URL if the field is left blank. Example:
Mobile authentication transactions clean-up¶
Whenever mobile authentication is triggered by the Onegini IdP, so when the user logs in via
Mobile Login or
QR Login, a new transaction is being created and stored within the database in
In some scenarios, the transaction may not be finished (for example, when the user abandons the login page) and removed from the database.
By configuring a mobile authentication transactions clean-up job you can create a scheduler that will remove the obsolete transactions (i.e. initiated at least 24 hours ago).
This scheduler is enabled by default and clean-up process is by default launched at every midnight.