Since v3Starting with V3.1, the OP plugin has a mechanism to register automatically registers a configurable Filter attached to its endpoints.
Activation
The filter registration is enabled by default, but the feature can be deactivated via a Java system propertiesproperty:
| Code Block |
|---|
-Dnet.shibboleth.idp.plugin.oidc.op.servlet.RegisterFilterServletContextInitializer=disabled |
Filter
...
Mappings
By default, the wired filter is mapped to all /profile/oidc/* and /profile/oauth2/* endpoints, but the list can be customized via a space-separated list in the net.shibboleth.idp.plugin.oidc.op.servlet.RegisterFilterServletContextInitializer.mappings Java system property.
For instance, if to register the filter is wanted to be registered for the /profile/custom/* endpoints tooas well, the following system property should would be declared in the Java environment:
| Code Block |
|---|
"-Dnet.shibboleth.idp.plugin.oidc.op.servlet.RegisterFilterServletContextInitializer.mappings=/profile/oauth2/* /profile/oidc/* /profile/custom/*" |
Filter
...
Configuration
The filter bean to be wired can be configured via is configured by defining a bean named via the idp.oidc.ResponseHeaderFilter property.
One example use case is to register custom HTTP response headers. In order to add the same HTTP headers that are by default added to the SAML and CAS endpoints, the idpthe idp.oidc.ResponseHeaderFilter should be pointed to shibboleth property would be set to shibboleth.ResponseHeaderFilter:
| Code Block |
|---|
idp.oidc.ResponseHeaderFilter = shibboleth.ResponseHeaderFilter |
By default, this configures wires the values defined by the idp.hsts, idp.frameoptions and idp.csp properties to into the corresponding HTTP headers (see PropertyReference ) and applies them to the OP plugin as well as the original IdP endpoints.