diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-01-31 10:06:17 +0100 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-01-31 10:06:17 +0100 |
commit | 77b9a943b555abe4867e6f78d6ede43a5e05aa9e (patch) | |
tree | b3b6a7d94db4cf3c3e1b042f2c00aac8dcd47ab7 /id | |
parent | 03486ae6e1d250da3d2c4407dd6a631f85f281c4 (diff) | |
download | moa-id-spss-77b9a943b555abe4867e6f78d6ede43a5e05aa9e.tar.gz moa-id-spss-77b9a943b555abe4867e6f78d6ede43a5e05aa9e.tar.bz2 moa-id-spss-77b9a943b555abe4867e6f78d6ede43a5e05aa9e.zip |
update default config
Diffstat (limited to 'id')
-rw-r--r-- | id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml | 24 | ||||
-rw-r--r-- | id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml | 37 |
2 files changed, 54 insertions, 7 deletions
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml index 9fef4fa2e..46052053a 100644 --- a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml +++ b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml @@ -3,14 +3,32 @@ <properties> <comment>SWModule encrypt with JKS.</comment> - <entry key="keystorePath">keys/eidasKeyStore.jks</entry> + + <entry key="check_certificate_validity_period">false</entry> + <entry key="disallow_self_signed_certificate">false</entry> + <entry key="response.encryption.mandatory">false</entry> + + <!-- Data Encryption algorithm --> + <entry key="data.encryption.algorithm">http://www.w3.org/2009/xmlenc11#aes256-gcm</entry> + + <!-- Decryption algorithm Whitelist--> + <entry key="encryption.algorithm.whitelist"> + http://www.w3.org/2009/xmlenc11#aes128-gcm; + http://www.w3.org/2009/xmlenc11#aes256-gcm; + http://www.w3.org/2009/xmlenc11#aes192-gcm + </entry> + + <!-- Key Encryption algorithm --> + <entry key="key.encryption.algorithm">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</entry> + + <entry key="keyStorePath">keys/eidasKeyStore.jks</entry> + <entry key="keyStoreType">JKS</entry> <entry key="keyStorePassword">local-demo</entry> <entry key="keyPassword">local-demo</entry> <!-- Management of the encryption activation --> <entry key="encryptionActivation">eIDAS/encryptionConf.xml</entry> - <entry key="responseToPointIssuer.BE">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium,C=BE</entry> <entry key="responseToPointSerialNumber.BE">54C8F779</entry> @@ -18,5 +36,5 @@ <entry key="responseDecryptionIssuer">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE</entry> <entry key="serialNumber">54C8F779</entry> - <entry key="keystoreType">JKS</entry> + </properties>
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml index 745580428..bf7215cb5 100644 --- a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml +++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml @@ -3,17 +3,46 @@ <properties> <comment>SWModule sign with JKS.</comment> - <entry key="keystorePath">keys/eidasKeyStore_Service_CB.jks</entry> + <entry key="check_certificate_validity_period">false</entry> + <entry key="disallow_self_signed_certificate">false</entry> + + <!-- signing Algorithm SHA_512(default),SHA_384,SHA_256 --> + <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 --> + <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 --> + <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 --> + <entry key="signature.algorithm">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</entry> + + <!-- List of incoming Signature algorithms white list separated by ; (default all) --> + <entry key="signature.algorithm.whitelist"> + http://www.w3.org/2001/04/xmldsig-more#rsa-sha256; + http://www.w3.org/2001/04/xmldsig-more#rsa-sha384; + http://www.w3.org/2001/04/xmldsig-more#rsa-sha512; + http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384; + http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512; + http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1; + http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-mgf1 + </entry> + + <!-- signing response assertion true/false (default false) --> + <entry key="response.sign.assertions">true</entry> + + <!--AuthnRequest / Assertion signing keyStore--> + <entry key="keyStorePath">keys/eidasKeyStore_Service_CB.jks</entry> + <entry key="keyStoreType">JKS</entry> <entry key="keyStorePassword">local-demo</entry> <entry key="keyPassword">local-demo</entry> <entry key="issuer">CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB</entry> <entry key="serialNumber">54C8F839</entry> - <entry key="keystoreType">JKS</entry> - <entry key="metadata.keystorePath">keys/eidasKeyStore_METADATA.jks</entry> + + <!--Metadata signing keystore--> + <entry key="metadata.keyStorePath">keys/eidasKeyStore_METADATA.jks</entry> + <entry key="metadata.keyStoreType">JKS</entry> <entry key="metadata.keyStorePassword">local-demo</entry> <entry key="metadata.keyPassword">local-demo</entry> <entry key="metadata.issuer">CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE</entry> <entry key="metadata.serialNumber">561BC0C8</entry> - <entry key="metadata.keystoreType">JKS</entry> + </properties> |