...
| Code Block |
|---|
|
<bean id="SpecialSecurityConfig" parent="shibboleth.oidc.DefaultSecurityConfiguration">
<property name="signatureSigningConfiguration">
<bean parent="shibboleth.BasicSignatureSigningConfigurationoidc.SigningConfiguration"
p:signingCredentials-ref="shibboleth.oidc.SpecialSigningCredential">
<property name="signatureAlgorithms">
<list>
<util:constant static-field="net.shibboleth.oidc.jwa.support.SignatureConstants.ALGO_ID_SIGNATURE_ES_512" />
</list>
</property>
</bean>
</property>
</bean>
<bean parent="RelyingPartyByName" c:relyingPartyIds="https://needy.rp.example.org">
<property name="profileConfigurations">
<list>
<bean parent="OIDC.SSO" p:securityConfiguration-ref="SpecialSecurityConfig" />
</list>
</property>
</bean> |
...
| Expand |
|---|
|
Security-related properties in conf/oidc.properties: Name / Default | Type | Description |
|---|
idp.signing.oidc.rs.key | JWK file pathname | JWK RSA signing keypair | idp.signing.oidc.es.key | JWK file pathname | JWK EC signing keypair | idp.signing.oidc.rsa.enc.key | JWK file pathname | JWK RSA decryption keypair | idp.oidc.signing.config shibboleth.oidc.SigningConfiguration | Bean ID | Allows override of default signing configuration | idp.oidc.encryption.config shibboleth.oidc.EncryptionConfiguration | Bean ID | Allows override of default encryption configuration | idp.oidc.rodecryptdecryption.config shibboleth.oidc.requestObjectDecryptionConfigurationDecryptionConfiguration | Bean ID | Allows override of default request decryption configuration | idp.oidc.rovalidvalidation.config shibboleth.oidc.requestObjectSignatureValidationConfigurationSignatureValidationConfiguration | Bean ID | Allows override of default request signature validation configuration | idp.oidc.rovalid.config shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration | Bean ID | Allows override of default JWT token validation configuration |
|
| Expand |
|---|
|
Beans defined in conf/oidc-credentials.xml or internally for use in conf/relying-party.xml: Name / Type | Description |
|---|
shibboleth.JWKCredential |
|
...
BasicJWKCredentialFactoryBean | Spring factory bean for easy definition of JWK-formatted credentials | shibboleth.oidc.DefaultRSSigningCredential Credential | Default RSA signing keypair used with OIDC | shibboleth.oidc.DefaultESSigningCredential Credential | Default EC signing keypair used with OIDC | shibboleth.oidc.DefaultRSAEncryptionCredential Credential | Default RSA decryption keypair used with OIDC | shibboleth.oidc.SigningCredentials List<Credential> | List of signing keys available for use with OIDC | shibboleth.oidc.EncryptionCredentials List<Credential> | List of encryption keys available for use in decryption with OIDC | shibboleth.oidc.SigningCredentialsToPublish List<Credential> | List of signing keys to publish to RPs with OIDC | shibboleth.oidc.EncryptionCredentialsToPublish List<Credential> | List of encryption keys to publish to RPs with OIDC | shibboleth.oidc.DefaultSecurityConfiguration |
|
...
...
...
...
...
shibboleth.oidc.requestObjectSignatureValidationConfiguration
BasicSignatureSigningConfiguration
...
Default signature validation behavior for OIDC request signatures
...
shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration
BasicSignatureSigningConfiguration
...