From dc63e2f52746dcfbfc2100de2792c597ed338910 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Oct 27 2016 14:58:49 +0000 Subject: Fix UserInfo signing by adding the field to the SP configuration Merges: #156 Signed-off-by: Patrick Uiterwijk Reviewed-by: Howard Johnson --- diff --git a/ipsilon/providers/openidc/provider.py b/ipsilon/providers/openidc/provider.py index 4c415d2..07da219 100644 --- a/ipsilon/providers/openidc/provider.py +++ b/ipsilon/providers/openidc/provider.py @@ -345,6 +345,12 @@ class Client(pconfig.ConfigHelper): ['RS256'], self.get_current_info('id_token_signed_response_alg'), readonly=self.readonly), + pconfig.Pick( + 'UserInfo Signed Response Alg', + 'Algorithm used to sign userinfo', + ['', 'RS256'], + self.get_current_info('userinfo_signed_response_alg'), + readonly=self.readonly), pconfig.String( 'Initiate Login URI', 'URI that third party can use to initiate login at client.', @@ -363,7 +369,6 @@ class Client(pconfig.ConfigHelper): # TODO: # id_token_encrypted_response_alg # id_token_encrypted_response_enc - # userinfo_signed_response_alg # userinfo_encrypted_response_alg # userinfo_encrypted_response_enc # request_object_signing_alg (defualt none)