Improve customization methods for the configuration flow
Description
Environment
Activity
Henri MikkonenNovember 4, 2022 at 1:24 PM
You’ll want to move that
FunctionMetadataValueResolverinto the API or, more likely, just define a parent bean for it so people don’t have to reference it.
Good point, thanks!
Defined a new abstract global bean shibboleth.oidc.discovery.FunctionMetadataValueResolver. It can be used in the previous example in the following way:
Scott CantorNovember 4, 2022 at 1:09 PM
You’ll want to move that FunctionMetadataValueResolver into the API or, more likely, just define a parent bean for it so people don’t have to reference it.
Henri MikkonenNovember 4, 2022 at 1:05 PM
Added support for new property idp.oidc.discovery.resolver.values. It can be used for wiring a custom bean for configuring the map of dynamic claims for the configuration flow response.
New class net.shibboleth.idp.plugin.oidc.op.metadata.impl.FunctionMetadataValueResolver helps to set static values via Java Functions.
For example, when idp.oidc.discovery.resolver.values = CustomConfigurationValues, the following bean adds a custom JSON attribute STATIC_TEST_ATTRIBUTE with value TestValue to the JSON response of the configuration flow:
As the bean parent is shibboleth.oidc.discovery.DefaultDynamicValueResolvers and map merge="true" is set, the custom claim is merged to the default map of values.
The configuration property
idp.oidc.discovery.resolvercan be used for defining a customProviderMetadataResolver-bean used for producing response of the configuration-flow (/oidc/configuration). It defaults to theshibboleth.oidc.DefaultOpenIdConfigurationResolverbean which uses a configurable JSON skeleton file as basis and supplements it with the currently active signing and encryption algorithm information.We should offer better/easier means for adding custom claims to the flow response. For instance, we should provide simple documented method for adding property-based attribute values.