Invoking the coverage map service

The coverage map service is an unprotected endpoint that returns a JavaScript Object Notation (JSON) array of slash-terminated URI prefixes. The array of URI prefixes designates which web contexts are part of a Single Sign On (SSO) group, thus enabling clients to know whether a URI destination is deemed safe to send an access token.

Before you begin

The coverage map service returns a JSON array of URI prefixes, which are a unique set that is derived from the aggregation of the trusted_uri_prefixes parameter values that are specified in the registered clients. Therefore, a typical case for populating the coverage map service is to register clients and specify the trusted_uri_prefixes value.

About this task

Avoid trouble: If you are using an outbound proxy, note that the OpenID Connect RP does not provide a means to route requests through a proxy host automatically.

If you must use a proxy to access the OpenID Connect Provider (OP), the value that you enter for any OP-related URL property must contain the proxy host and port, not the external OP host and port.

In most cases, you can replace the OP host and port with the proxy host and port. The URL that you enter must be visible to both the RP and client (browser or application). For further guidance on how to determine the correct URL to use, contact your proxy administrator.

In this example, the client expects the SSL port to be set to 443.

https://server.example.com:443/oidc/endpoint/<provider_name>/coverage_map

Additionally, this example assumes that a client is registered with the specified trusted_uri_prefixes.

Procedure

  1. Specify a token_type URI query parameter on the coverage_map endpoint. The following is an example request that assumes that the client is registered with the specified trusted_uri_prefixes 
    https://server.example.com:443/oidc/endpoint/<provider_name>/coverage_map?token_type=bearer

    The only token_type value that is supported is token_type=bearer.

  2. Get the coverage map for the bearer token type, as shown in the following example.

    Request Headers:

    GET https://server.example.com:443/oidc/endpoint/<provider_name>/coverage_map?token_type=bearer

    Response Headers:

    Status: 200
CacheControl: public, maxage=600
ETag:"vvhkgXkRx+BzR3Q4kwCCqw=="
ContentType: application/json

    Response Body:

    [
  "http://res1.ibm.com/",
  "https://trusted.server.ibm.com:9554/resources/"
]