Metadata driven override of encryption algorithm
cantor.2 at osu.edu
Wed Jan 27 22:57:20 UTC 2021
On 1/27/21, 5:49 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> This is awesome, Scott! Sorry, I never thought to check for a metadata filter to do this. Much simpler than my solution.
It's arguable. It's simpler on one level, but the XML can also be a giant pain. It's just the more "correct" fix and is more flexible because it appends to what's already there and doesn't just hardwire behavior in quite the same way.
To answer the original question, if you want to use metadata to set the SecurityConfiguration bean to use, you just use a tag with the name you already surmised and set the value to the name of the bean to use.
I set my per-app signing key rules that way, I have different beans for each signing key and tag the systems that can't be automatically updated to use just that bean and not the default.
More information about the users