49.106    Narrative Generator 49.108    OpenID Connect (OIDC)   

49.107.1OpenID Connect Token Validation

 

The OpenID Connect Token Validation configuration category includes the following configurable options:

  • OIDC HTTP Client: JWKS Cache Timeout (mins)

  • OIDC HTTP Client: Truststore File

  • OIDC HTTP Client: Truststore Password

49.107.2Property: OIDC HTTP Client: JWKS Cache Timeout (mins)

 
Property Name OIDC HTTP Client: JWKS Cache Timeout (mins)
Property Key
Property Type NON_NEGATIVE_INTEGER
Description If set to a non-zero value, any keystore lookups performed by the OIDC HTTP Client will be cached for the specified number of minutes. Caching these fetched keystores improves authentication performance by avoiding unnecessary lookups, but can also mean that invalidated keys will be honored for a period. Setting this to a small setting (such as the default value) is generally a sensible compromise.
Applies to Modules
  • SMART Inbound Security
  • SMART Outbound Security
Default Value 30
Example Property
module.[MODULE_ID].config.introspection_client.jwks_cache.mins = 30

49.107.3Property: OIDC HTTP Client: Truststore File

 
Property Name OIDC HTTP Client: Truststore File
Property Key
Property Type Resource Path
Description Specifies a TrustStore to use for outbound client connections from the OIDC server. This is only needed in cases where the remote OIDC server uses a self-signed certificate for TLS. This truststore applies to outbound (from Smile CDR) HTTPS connections that are made in order to fetch the remote IDP server discovery document, to fetch the remote IDP server JWKS (keystore), and to introspect tokens issued by the remote IDP server.
Applies to Modules
  • SMART Inbound Security
  • SMART Outbound Security
Default Value (no default)
Example Property
module.[MODULE_ID].config.introspection_client.truststore.file = classpath:truststore.p12

49.107.4Property: OIDC HTTP Client: Truststore Password

 
Property Name OIDC HTTP Client: Truststore Password
Property Key
Property Type PASSWORD
Description The password to use to open the truststore, if specified.
Applies to Modules
  • SMART Inbound Security
  • SMART Outbound Security
Default Value (no default)
Example Property
module.[MODULE_ID].config.introspection_client.truststore.password = 
   49.106    Narrative Generator 49.108    OpenID Connect (OIDC)