[mitreid-connect] How is enabled the trust between an openID client and the mitreid-connect server?
Justin Richer
jricher at mit.edu
Wed Aug 24 13:56:44 EDT 2016
By default, simple-web-app is set up to use dynamic client registration:
https://tools.ietf.org/html/rfc7591
The server generates an ID and secret and hands them to the client as part of this protocol. This is not using symmetric encryption or symmetric signatures.
It is possible to use asymmetric signatures to authenticate the client, but the client needs to register its JWK value or JWK Set URI with the server to do so.
— Justin
> On Aug 24, 2016, at 9:15 AM, Michael Furman <michael_furman at hotmail.com> wrote:
>
> Hi all,
> I have launched the openid-connect-server-webapp server and the demo client (simple-web-app).
>
> I see that during the dynamical registration the client registered with the random client secret (For the example
> JqnXxNQzuAIg1qR0EZXS3WKfdKmvcKowlrIMQ0E8bDXrjRJjZA5nSJTxAeGlAaKVNQ9Qv3zoEUzhYSJyLJeFHg)
>
> 1) How the secret passed from the server to the client?
> 2) According to my understanding it is shared secret (i.e. the symmetric encryption).
>
> Is it possible to use the asymmetric encryption to enable the trust between the openID client and the mitreid-connect server?
>
> Thank you in advance for your help.
>
> Best regards,
> Michael
>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu <mailto:mitreid-connect at mit.edu>
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect <http://mailman.mit.edu/mailman/listinfo/mitreid-connect>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20160824/fa114fd2/attachment.html
More information about the mitreid-connect
mailing list