1.5 Prerequisites/Preconditions

The OpenID Connect 1.0 Protocol Extensions define extensions to [OIDCCore], [OIDCFrontChanLO], and [OIDCDiscovery]. The following prerequisites are required for implementing the OpenID Connect 1.0 Protocol Extensions:

  • The REQUIRED parts of [OIDCCore], [OIDCDiscovery], and [OIDCFrontChanLO] have been implemented on the AD FS server.

  • The REQUIRED parts for RP-Initiated Logout, as defined in [OIDCSession] section 5, MAY<1> have been implemented on the AD FS server.

The OpenID Connect 1.0 Protocol Extensions also assume that if the OpenID Connect 1.0 client requests authorization for a particular resource, or relying party, secured by the AD FS server, the client knows the identifier of that resource. These extensions also assume that the OpenID Connect 1.0 client knows its own client identifier and all relevant client authentication information if it is a confidential client.

The OAuth 2.0 Protocol Extensions [MS-OAPX], the OAuth 2.0 Protocol Extensions for Broker Clients [MS-OAPXBC], and the OpenID Connect 1.0 Protocol Extensions (this document), if being used, MUST all be running on the same AD FS server.