Page Comparison

...

Code Block

language	xml
title	conf/relying-party.xml
collapse	true

<bean id="SpecialSecurityConfig" parent="shibboleth.oidc.DefaultSecurityConfiguration">
	<property name="signatureSigningConfiguration">
    	<bean parent="shibboleth.BasicSignatureSigningConfiguration"
			p:signingCredentials-ref="shibboleth.oidc.SpecialSigningCredential">
		        <property name="signatureAlgorithms">
        		    <list>
        		        <util:constant static-field="net.shibboleth.oidc.jwa.support.SignatureConstants.ALGO_ID_SIGNATURE_ES_512" />
		            </list>
        		</property>
	    </bean>
	</property>
</bean>

<bean parent="RelyingPartyByName" c:relyingPartyIds="https://needy.rp.example.org">
    <property name="profileConfigurations">
        <list>
            <bean parent="OIDC.SSO" p:securityConfiguration-ref="SpecialSecurityConfig" />
        </list>
    </property>
</bean>

Reference

Localtabgroup

Localtab

active

true

Expand

title	Properties

Security-related properties in conf/oidc.properties:

Name	Type	Default	Description
idp.signing.oidc.rs.key	JWK file pathname		JWK RSA signing keypair
idp.signing.oidc.es.key	JWK file pathname		JWK EC signing keypair
idp.signing.oidc.rsa.enc.key	JWK file pathname		JWK RSA decryption keypair
idp.oidc.signing.config	Bean ID	shibboleth.oidc.SigningConfiguration	Allows override of default signing configuration
idp.oidc.encryption.config	Bean ID	shibboleth.oidc.EncryptionConfiguration	Allows override of default encryption configuration
idp.oidc.rodecrypt.config	Bean ID	shibboleth.oidc.requestObjectDecryptionConfiguration	Allows override of default request decryption configuration
idp.oidc.rovalid.config	Bean ID	shibboleth.oidc.requestObjectSignatureValidationConfiguration	Allows override of default request signature validation configuration
idp.oidc.rovalid.config	Bean ID	shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration	Allows override of default JWT token validation configuration

localtab

Expand

title	Beans

Beans defined in conf/oidc-credentials.xml or internally for use in conf/relying-party.xml:

Name / Type	Description
shibboleth.JWKCredential net.shibboleth.idp.plugin.oidc.op.profile.spring.factory.BasicJWKCredentialFactoryBean	Spring factory bean for easy definition of JWK-formatted credentials
shibboleth.oidc.DefaultRSSigningCredential Credential	Default RSA signing keypair used with OIDC
shibboleth.oidc.DefaultESSigningCredential Credential	Default EC signing keypair used with OIDC
shibboleth.oidc.DefaultRSAEncryptionCredential Credential	Default RSA decryption keypair used with OIDC
shibboleth.oidc.SigningCredentials List<Credential>	List of signing keys available for use with OIDC
shibboleth.oidc.EncryptionCredentials List<Credential>	List of encryption keys available for use in decryption with OIDC
shibboleth.oidc.SigningCredentialsToPublish List<Credential>	List of signing keys to publish to RPs with OIDC
shibboleth.oidc.EncryptionCredentialsToPublish List<Credential>	List of encryption keys to publish to RPs with OIDC
shibboleth.oidc.DefaultSecurityConfiguration SecurityConfiguration	Default security configuration used by all OIDC profile beans
shibboleth.oidc.SigningConfiguration BasicSignatureSigningConfiguration	Default signing behavior for OIDC profiles, auto-wires default algorithms and signing keys
shibboleth.oidc.EncryptionConfiguration EncryptionConfiguration	Default encryption behavior for OIDC profiles, auto-wires default algorithms
shibboleth.oidc.requestObjectDecryptionConfiguration EncryptionConfiguration	Default decryption behavior for OIDC request decryption
shibboleth.oidc.requestObjectSignatureValidationConfiguration BasicSignatureSigningConfiguration	Default signature validation behavior for OIDC request signatures
shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration BasicSignatureSigningConfiguration	Default signature validation behavior for validating JWTs used as endpoint credentials

Version	Old Version 3	New Version 4
Changes made by	Scott Cantor	Scott Cantor
Saved on	Feb 19, 2021	Oct 20, 2021

Versions Compared

Key

Reference