Invoking the coverage map service
The coverage map service is an unprotected endpoint that returns a JavaScript Object Notation (JSON) array of slash-terminated
URI
prefixes. The array of URI prefixes designates which web contexts are part of a
Single Sign On (SSO) group, thus enabling clients to know whether a URI destination is deemed safe
to send an access token.
Before you begin
JSON
array of URI
prefixes, which are a unique set that is derived from the aggregation of the
trusted_uri_prefixes parameter values that are specified in the registered
clients. Therefore, a typical case for populating the coverage map service is to register clients
and specify the trusted_uri_prefixes value.About this task
If you must use a proxy to access the OpenID Connect Provider (OP), the value that you enter for any OP-related URL property must contain the proxy host and port, not the external OP host and port.
In most cases, you can replace the OP host and port with the proxy host and port. The URL that you enter must be visible to both the RP and client (browser or application). For further guidance on how to determine the correct URL to use, contact your proxy administrator.
In this example, the client expects the SSL port to be set to 443.
https://server.example.com:443/oidc/endpoint/<provider_name>/coverage_map
Additionally, this example assumes that a client is registered with the specified trusted_uri_prefixes.