...
Virtually all the configuration options below can be set via two different properties: a static property that explicitly sets the value to use and a lookup strategy or predicate property that takes a Function or Predicate and returns the value to use. The dynamic property is generally named "propertyNamePredicate" or "propertyNameLookupStrategy" for Boolean- and non-Boolean-valued properties respectively.
Inn V3.3+ of the plugin, the support for plain OAuth2 authorization requests can be controlled via idp.oauth2.requireAuthenticationRequestPredicate
property. In order the default behaviour as before V3.3, the property value defaults to a predicate shibbileth.Conditions.TRUE, meaning that OIDC authentication requests are always required. One principal requirement for an OIDC authentication request is to include openid in the requested scopes. If the predicate is configured to return false, then non-OIDC requests are enabled. For these RPs, one must configure at least one audience in the RP metadata for controlling the target audience of the access tokens. See audience claim in OAuthRPMetadataProfile .
Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
...