OPProfileConfiguration-Common
- Henri Mikkonen
Options common to all OAuth2/OIDC profiles:
Name | Type | Default | Description |
|---|---|---|---|
securityConfiguration | Bean named shibboleth.oidc.DefaultSecurityConfiguration | An object containing all of the default security-related objects needed for peer authentication and encryption. See OIDCSecurityConfiguration for complete details. | |
messageHandler 4.2 | Function<MessageContext,Exception> |
| A function hook allowing modification of messages before signing and transmission, useful for adding extensions |
inboundInterceptorFlows | List<String> |
| Ordered list of profile interceptor flows to run prior to message processing |
outboundInterceptorFlows | List<String> |
| Ordered list of profile interceptor flows to run prior to outbound message handling |
Guidance
Modifying the security configuration is usually done to:
specify an alternate signing or decryption key to use
control signing or encryption algorithms
The two interceptor lists allow the much less commonly used profile interceptor injection points to be used. This is largely a Java-based way of doing very low-level sorts of “message rewriting” hackery that might otherwise be impossible to pull off. One use case for the inbound side might be picking up non-standard parameters in a request.