Versions Compared

Old Version 6

changes.mady.by.user Henri Mikkonen

Saved on

compared with

New Version Current

changes.mady.by.user Henri Mikkonen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleProfile-Specific

Options specific to the OIDC UserInfo flow:

Name

Type

Description

resolveAttributes 3.1

Boolean

Whether to run the attribute resolution/filtering step

deniedUserInfoAttributes

Set<String>

Specifies IdPAttributes to omit from UserInfo token

encryptionOptional 3.4

Boolean

Whether to automatically disable encryption if the relying party does not possess a suitable key (defaults to true)

unregisteredClientPolicy 4.0

Map<String, UnregisteredClientPolicy>

The policy used to verify unverified clients when this profile is enabled in the unverified RP config.

See wiki page for full description and defaults

The following property can be used to globally control the last setting above:

  • idp.oidc.deniedUserInfoAttributes

This option relates to "claims splitting" and override the typical processing rules for when to insert claims into particular tokens. Typically most "data" is omitted from the front-channel ID token unless no authorization code is being issued, with the claims only accessed via the UserInfo endpoint. This setting, together with the same option on the OIDC.SSO profile bean, prevent attributes from appearing in the UserInfo response.

...