OpenID Connect Federation 1.0: "nested" metadata policy entry
Issue #414
new
Is there a way to have MetadataPolicy.parse(metadataPolicy) accept a metadata policy in which entries have a "nested" value?
This is a normal metadata policy entry (as it is now)
{
"claim1": {
"default": "defaultvalue",
"one_of" : ["val1", "val2", "val3"],
...,
"operationN": valuesN
}
}
and this is the metadata policy entry we want to achieve:
{
"claim1": {
"claim1_child": {
"default": "defaultvalue",
"one_of" : ["val1", "val2", "val3"],
...,
"operationN": valuesN
}
}
}
The MetadataPolicy.parse(metadataPolicy) currently throws a PolicyViolationException with message "Unsupported policy operation: claim1_child"
Comments (2)
-
-
reporter Hello Vladimir, here’s the example:
{ "metadata_policy": { "openid_relying_party": { "jwks": { "keys": { "subset_of": [ { "kty": "RSA", "e": "AQAB", "use": "sig", "kid": "defaultRSASign", "n": "..." }, { "kty": "RSA", "e": "AQAB", "use": "enc", "kid": "defaultRSAEnc", "n": "..." } ] } } } } }
in
openid_relying_party
there’s a metadata policy entry for the parameterjwks
. It is a JWK set (as described in section 5 of https://www.rfc-editor.org/rfc/rfc7517) so it must have the parameterkeys
. We would like to use the policy entry to enforce the RP to have a subset of the keys contained inkeys
. - Log in to comment
Hi Pasquale,
Is this nested policy intended for metadata from OpenID Connect? A concrete example for context will help us a lot.