Add clockSkew and idGenerator configuration hooks to JSONSecurityConfiguration
Basics
Logistics
Basics
Logistics
Description
OpenSAML’s BasicSecurityConfiguration class has two constructor arguments for customising clock skew and identifier generation configuration. JSONSecurityConfiguration extends the class but is missing any constructors and thus gets always wired with the default values (5 minutes for clock skew and ProviderType.SECURE for id generation).
We should add the corresponding constructors for JSONSecurityConfiguration.
Leaving ClaimsValidator still getting the clockSkew-configuration via global property, not via security configuration.
Henri MikkonenMarch 22, 2024 at 11:12 AM
Included @ParameterName annotation to the constructor args.
Henri MikkonenJanuary 15, 2024 at 3:49 PM
Added the constructors in 173e4b1def2f085f81869d392e7eb6a732222d23.
We should perhaps review where the clockSkew value from security configuration should be wired instead of a class/bean-specific value. For instance the ClaimsValidators have local default values (of 1 minute).
OpenSAML’s
BasicSecurityConfigurationclass has two constructor arguments for customising clock skew and identifier generation configuration.JSONSecurityConfigurationextends the class but is missing any constructors and thus gets always wired with the default values (5 minutes for clock skew andProviderType.SECUREfor id generation).We should add the corresponding constructors for
JSONSecurityConfiguration.