Keeping OIDC client_secret out of git
cantor.2 at osu.edu
Tue Jun 30 15:57:50 UTC 2020
On 6/30/20, 11:09 AM, "users on behalf of Darren Boss" <users-bounces at shibboleth.net on behalf of darren.boss at computecanada.ca> wrote:
> Is anyone doing something similar and come up with a solution?
The next plugin release is planning to support SAML metadata with a key-by-reference syntax that can pull the secrets from an external source. It's been prototyped with a REST sort of approach using the HTTP connector in the IdP.
Of course, the *right* answer is public keys...
More information about the users