By following links
- https://w3-connections.ibm.com/wikis/home?lang=en-us#!/wiki/BlueID%20Single%20Sign-On%20%28SSO%29%20Self-Boarding%20Process/page/Configuring%20the%20WAS%20TAI%20for%20OpenID
- http://www-01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_sec_tai.html?cp=SSAW57_8.5.5%2F3-3-11-0-4-2-11
server.xml
<featureManager>
<feature>appSecurity-2.0</feature>
</featureManager>
<trustAssociation id="myTrustAssociation" invokeForUnprotectedURI="false" failOverToAppAuthType="false">
<interceptors id="simpleTAI" enabled="true"
className="com.tivoli.am.fim.blueid.tai.OpenIDRelyingPartyTAI" libraryRef="simpleTAI">
<properties openid.provider.identifier="https://w3-03.sso.ibm.com/FIM/openidsso" effective.uri.list="/test"
openid.principal.attribute="http://axschema.org/contact/email" />
</interceptors>
</trustAssociation>
<library id="simpleTAI">
<fileset dir="${shared.resource.dir}/openid_tai_lib" includes="*.jar"/>
</library>
effective.uri.list="/" is correct, while effective.uri.list="/*" is wrong.
excluded.uri.list="/test" also worked