Improve customization methods for the configuration flow
Description
Environment
Activity

Henri MikkonenNovember 4, 2022 at 1:24 PM
You’ll want to move that
FunctionMetadataValueResolver
into the API or, more likely, just define a parent bean for it so people don’t have to reference it.
Good point, thanks!
Defined a new abstract global bean shibboleth.oidc.discovery.FunctionMetadataValueResolver
. It can be used in the previous example in the following way:
Scott CantorNovember 4, 2022 at 1:09 PM
You’ll want to move that FunctionMetadataValueResolver
into the API or, more likely, just define a parent bean for it so people don’t have to reference it.

Henri MikkonenNovember 4, 2022 at 1:05 PM
Added support for new property idp.oidc.discovery.resolver.values
. It can be used for wiring a custom bean for configuring the map of dynamic claims for the configuration flow response.
New class net.shibboleth.idp.plugin.oidc.op.metadata.impl.FunctionMetadataValueResolver
helps to set static values via Java Functions.
For example, when idp.oidc.discovery.resolver.values = CustomConfigurationValues
, the following bean adds a custom JSON attribute STATIC_TEST_ATTRIBUTE with value TestValue to the JSON response of the configuration flow:
As the bean parent is shibboleth.oidc.discovery.DefaultDynamicValueResolvers
and map merge="true"
is set, the custom claim is merged to the default map of values.
The configuration property
idp.oidc.discovery.resolver
can be used for defining a customProviderMetadataResolver
-bean used for producing response of the configuration-flow (/oidc/configuration
). It defaults to theshibboleth.oidc.DefaultOpenIdConfigurationResolver
bean which uses a configurable JSON skeleton file as basis and supplements it with the currently active signing and encryption algorithm information.We should offer better/easier means for adding custom claims to the flow response. For instance, we should provide simple documented method for adding property-based attribute values.