Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
<bean id="SpecialSecurityConfig" parent="shibboleth.oidc.DefaultSecurityConfiguration">
	<property name="signatureSigningConfiguration">
    	<bean parent="shibboleth.BasicSignatureSigningConfigurationoidc.SigningConfiguration"
			p:signingCredentials-ref="shibboleth.oidc.SpecialSigningCredential">
		        <property name="signatureAlgorithms">
        		    <list>
        		        <util:constant static-field="net.shibboleth.oidc.jwa.support.SignatureConstants.ALGO_ID_SIGNATURE_ES_512" />
		            </list>
        		</property>
	    </bean>
	</property>
</bean>

<bean parent="RelyingPartyByName" c:relyingPartyIds="https://needy.rp.example.org">
    <property name="profileConfigurations">
        <list>
            <bean parent="OIDC.SSO" p:securityConfiguration-ref="SpecialSecurityConfig" />
        </list>
    </property>
</bean>

...

Expand
titleProperties

Security-related properties in conf/oidc.properties:

Name / Default

Type

Description

idp.signing.oidc.rs.key

JWK file pathname

JWK RSA signing keypair

idp.signing.oidc.es.key

JWK file pathname

JWK EC signing keypair

idp.signing.oidc.rsa.enc.key

JWK file pathname

JWK RSA decryption keypair

idp.oidc.signing.config

shibboleth.oidc.SigningConfiguration

Bean ID

Allows override of default signing configuration

idp.oidc.encryption.config

shibboleth.oidc.EncryptionConfiguration

Bean ID

Allows override of default encryption configuration

idp.oidc.rodecryptdecryption.config

shibboleth.oidc.requestObjectDecryptionConfigurationDecryptionConfiguration

Bean ID

Allows override of default request decryption configuration

idp.oidc.rovalidvalidation.config

shibboleth.oidc.requestObjectSignatureValidationConfigurationSignatureValidationConfiguration

Bean ID

Allows override of default request signature validation configuration

idp.oidc.rovalid.config

shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration

Bean ID

Allows override of default JWT token validation configuration

Expand
titleBeans

Beans defined in conf/oidc-credentials.xml or internally for use in conf/relying-party.xml:

Name / Type

Description

shibboleth.JWKCredential

net.shibboleth.idp.plugin.oidc.op.profile.spring.factory.BasicJWKCredentialFactoryBean

Spring factory bean for easy definition of JWK-formatted credentials

shibboleth.oidc.DefaultRSSigningCredential

Credential

Default RSA signing keypair used with OIDC

shibboleth.oidc.DefaultESSigningCredential

Credential

Default EC signing keypair used with OIDC

shibboleth.oidc.DefaultRSAEncryptionCredential

Credential

Default RSA decryption keypair used with OIDC

shibboleth.oidc.SigningCredentials

List<Credential>

List of signing keys available for use with OIDC

shibboleth.oidc.EncryptionCredentials

List<Credential>

List of encryption keys available for use in decryption with OIDC

shibboleth.oidc.SigningCredentialsToPublish

List<Credential>

List of signing keys to publish to RPs with OIDC

shibboleth.oidc.EncryptionCredentialsToPublish

List<Credential>

List of encryption keys to publish to RPs with OIDC

shibboleth.oidc.DefaultSecurityConfiguration

SecurityConfigurationJSONSecurityConfiguration

Default security configuration used by all OIDC profile beans

shibboleth.oidc.SigningConfiguration

BasicSignatureSigningConfiguration

Default signing behavior for OIDC profiles, auto-wires default algorithms and signing keys

shibboleth.oidc.SignatureValidationConfiguration

BasicSignatureValidationConfiguration

Default signature validation behavior for validating JWTs

shibboleth.oidc.EncryptionConfigurationEncryptionConfiguration

BasicEncryptionConfiguration

Default encryption behavior for OIDC profiles, auto-wires default algorithms

shibboleth.oidc.requestObjectDecryptionConfigurationDecryptionConfiguration

EncryptionConfigurationBasicDecryptionConfiguration

Default decryption behavior for OIDC request decryption

shibboleth.oidc.requestObjectSignatureValidationConfiguration

BasicSignatureSigningConfiguration

Default signature validation behavior for OIDC request signatures

shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration

BasicSignatureSigningConfiguration

Default signature validation behavior for validating JWTs used as endpoint credentialsprofiles