diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2020-01-28 10:36:46 +0100 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2020-01-28 10:36:46 +0100 |
| commit | 9ec3da77a6ed558e23fc5b476b672e66e8a3248b (patch) | |
| tree | f091569310376de407ab9d81d877df9173610c3b /id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml | |
| parent | be1c69d66fdf98658a3183e346401be9ad4d4cc3 (diff) | |
| download | moa-id-spss-9ec3da77a6ed558e23fc5b476b672e66e8a3248b.tar.gz moa-id-spss-9ec3da77a6ed558e23fc5b476b672e66e8a3248b.tar.bz2 moa-id-spss-9ec3da77a6ed558e23fc5b476b672e66e8a3248b.zip | |
fix wrong default configuration parameter that skips BKU selection
Diffstat (limited to 'id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml')
| -rw-r--r-- | id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml new file mode 100644 index 000000000..bf7215cb5 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml @@ -0,0 +1,48 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SWModule sign with JKS.</comment> + <entry key="check_certificate_validity_period">false</entry> + <entry key="disallow_self_signed_certificate">false</entry> + + <!-- signing Algorithm SHA_512(default),SHA_384,SHA_256 --> + <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 --> + <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 --> + <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 --> + <entry key="signature.algorithm">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</entry> + + <!-- List of incoming Signature algorithms white list separated by ; (default all) --> + <entry key="signature.algorithm.whitelist"> + http://www.w3.org/2001/04/xmldsig-more#rsa-sha256; + http://www.w3.org/2001/04/xmldsig-more#rsa-sha384; + http://www.w3.org/2001/04/xmldsig-more#rsa-sha512; + http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512; + http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1; + http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-mgf1 + </entry> + + <!-- signing response assertion true/false (default false) --> + <entry key="response.sign.assertions">true</entry> + + <!--AuthnRequest / Assertion signing keyStore--> + <entry key="keyStorePath">keys/eidasKeyStore_Service_CB.jks</entry> + <entry key="keyStoreType">JKS</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB</entry> + <entry key="serialNumber">54C8F839</entry> + + + <!--Metadata signing keystore--> + <entry key="metadata.keyStorePath">keys/eidasKeyStore_METADATA.jks</entry> + <entry key="metadata.keyStoreType">JKS</entry> + <entry key="metadata.keyStorePassword">local-demo</entry> + <entry key="metadata.keyPassword">local-demo</entry> + <entry key="metadata.issuer">CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE</entry> + <entry key="metadata.serialNumber">561BC0C8</entry> + +</properties> |