diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-02-03 08:51:45 +0100 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-02-03 08:51:45 +0100 |
| commit | 2b68b287aa55dc48e9f3a01bd42d6099bbe1deb2 (patch) | |
| tree | 28e34446dc263144a09441120b0483e50e8e95b2 /id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml | |
| parent | 3573f8ea5a4b269834723da4708bf0bace50fa65 (diff) | |
| parent | e25d9bfa5fb81fd275706fb7cbee21fe5add5b19 (diff) | |
| download | moa-id-spss-2b68b287aa55dc48e9f3a01bd42d6099bbe1deb2.tar.gz moa-id-spss-2b68b287aa55dc48e9f3a01bd42d6099bbe1deb2.tar.bz2 moa-id-spss-2b68b287aa55dc48e9f3a01bd42d6099bbe1deb2.zip | |
Merge branch 'eIDAS_node_implementation' into development_preview
Diffstat (limited to 'id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml')
| -rw-r--r-- | id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml | 37 |
1 files changed, 33 insertions, 4 deletions
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml index 745580428..bf7215cb5 100644 --- a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml +++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml @@ -3,17 +3,46 @@ <properties> <comment>SWModule sign with JKS.</comment> - <entry key="keystorePath">keys/eidasKeyStore_Service_CB.jks</entry> + <entry key="check_certificate_validity_period">false</entry> + <entry key="disallow_self_signed_certificate">false</entry> + + <!-- signing Algorithm SHA_512(default),SHA_384,SHA_256 --> + <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 --> + <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 --> + <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 --> + <entry key="signature.algorithm">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</entry> + + <!-- List of incoming Signature algorithms white list separated by ; (default all) --> + <entry key="signature.algorithm.whitelist"> + http://www.w3.org/2001/04/xmldsig-more#rsa-sha256; + http://www.w3.org/2001/04/xmldsig-more#rsa-sha384; + http://www.w3.org/2001/04/xmldsig-more#rsa-sha512; + http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512; + http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1; + http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-mgf1 + </entry> + + <!-- signing response assertion true/false (default false) --> + <entry key="response.sign.assertions">true</entry> + + <!--AuthnRequest / Assertion signing keyStore--> + <entry key="keyStorePath">keys/eidasKeyStore_Service_CB.jks</entry> + <entry key="keyStoreType">JKS</entry> <entry key="keyStorePassword">local-demo</entry> <entry key="keyPassword">local-demo</entry> <entry key="issuer">CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB</entry> <entry key="serialNumber">54C8F839</entry> - <entry key="keystoreType">JKS</entry> - <entry key="metadata.keystorePath">keys/eidasKeyStore_METADATA.jks</entry> + + <!--Metadata signing keystore--> + <entry key="metadata.keyStorePath">keys/eidasKeyStore_METADATA.jks</entry> + <entry key="metadata.keyStoreType">JKS</entry> <entry key="metadata.keyStorePassword">local-demo</entry> <entry key="metadata.keyPassword">local-demo</entry> <entry key="metadata.issuer">CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE</entry> <entry key="metadata.serialNumber">561BC0C8</entry> - <entry key="metadata.keystoreType">JKS</entry> + </properties> |