Versions Compared

Old Version 9

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
<bean id="SpecialSecurityConfig" parent="shibboleth.oidc.DefaultSecurityConfiguration">
	<property name="signatureSigningConfiguration">
    	<bean parent="shibboleth.BasicSignatureSigningConfigurationoidc.SigningConfiguration"
			p:signingCredentials-ref="shibboleth.oidc.SpecialSigningCredential">
		        <property name="signatureAlgorithms">
        		    <list>
        		        <util:constant static-field="net.shibboleth.oidc.jwa.support.SignatureConstants.ALGO_ID_SIGNATURE_ES_512" />
		            </list>
        		</property>
	    </bean>
	</property>
</bean>

<bean parent="RelyingPartyByName" c:relyingPartyIds="https://needy.rp.example.org">
    <property name="profileConfigurations">
        <list>
            <bean parent="OIDC.SSO" p:securityConfiguration-ref="SpecialSecurityConfig" />
        </list>
    </property>
</bean>

...

Expand
titleProperties

Security-related properties in conf/oidc.properties:

Name / Default

Type

Description

idp.signing.oidc.rs.key

JWK file pathname

JWK RSA signing keypair

idp.signing.oidc.es.key

JWK file pathname

JWK EC signing keypair

idp.signing.oidc.rsa.enc.key

JWK file pathname

JWK RSA decryption keypair

idp.oidc.signing.config

shibboleth.oidc.SigningConfiguration

Bean ID

Allows override of default signing configuration

idp.oidc.encryption.config

shibboleth.oidc.EncryptionConfiguration

Bean ID

Allows override of default encryption configuration

idp.oidc.rodecryptdecryption.config

shibboleth.oidc.requestObjectDecryptionConfigurationDecryptionConfiguration

Bean ID

Allows override of default request decryption configuration

idp.oidc.rovalidvalidation.config

shibboleth.oidc.requestObjectSignatureValidationConfigurationSignatureValidationConfiguration

Bean ID

Allows override of default request signature validation configuration

idp.oidc.rovalid.config

shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration

Bean ID

Allows override of default JWT token validation configuration

Expand
titleBeans

Beans defined in conf/oidc-credentials.xml or internally for use in conf/relying-party.xml:

Name / Type

Description

shibboleth.JWKCredential

BasicJWKCredentialFactoryBean

Spring factory bean for easy definition of JWK-formatted credentials

shibboleth.oidc.DefaultRSSigningCredential

Credential

Default RSA signing keypair used with OIDC

shibboleth.oidc.DefaultESSigningCredential

Credential

Default EC signing keypair used with OIDC

shibboleth.oidc.DefaultRSAEncryptionCredential

Credential

Default RSA decryption keypair used with OIDC

shibboleth.oidc.SigningCredentials

List<Credential>

List of signing keys available for use with OIDC

shibboleth.oidc.EncryptionCredentials

List<Credential>

List of encryption keys available for use in decryption with OIDC

shibboleth.oidc.SigningCredentialsToPublish

List<Credential>

List of signing keys to publish to RPs with OIDC

shibboleth.oidc.EncryptionCredentialsToPublish

List<Credential>

List of encryption keys to publish to RPs with OIDC

shibboleth.oidc.DefaultSecurityConfiguration

JSONSecurityConfiguration

Default security configuration used by all OIDC profile beans

shibboleth.oidc.SigningConfiguration

BasicSignatureSigningConfiguration

Default signing behavior for OIDC profiles, auto-wires default algorithms and signing keys

shibboleth.oidc.SignatureValidationConfiguration

BasicSignatureValidationConfiguration

Default signature validation behavior for validating JWTs

shibboleth.oidc.EncryptionConfiguration

BasicEncryptionConfiguration

Default encryption behavior for OIDC profiles, auto-wires default algorithms

shibboleth.oidc.DecryptionConfiguration

BasicDecryptionConfiguration

Default decryption behavior for OIDC profiles

...