Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rename MobileIdClient Configuration Parameters #11

Closed
phaupt opened this issue Feb 4, 2022 · 0 comments · Fixed by #12
Closed

Rename MobileIdClient Configuration Parameters #11

phaupt opened this issue Feb 4, 2022 · 0 comments · Fixed by #12
Labels
enhancement New feature or request

Comments

@phaupt
Copy link
Member

phaupt commented Feb 4, 2022
edited
Loading

Please rename some of the configuration parameters as described below. This should help to better understand the purpose of the variable.

Current configuration example:

  <mobileIdClient
    AP_ID = "mid://adfs-dev.swisscom.ch"
    SslKeystore = "LocalMachine"
    SslCertThumbprint = "19cb073f974729d9fec8cb1a0c50866886fcdeba"
    SslRootCaCertDN = "C=CH, O=Swisscom, OID.2.5.4.97=VATCH-CHE-101.654.423, OU=Digital Certificate Services, CN=Swisscom Root CA 4"
    SslRootCaCertFiles = "C:\Program Files (x86)\MobileIdAdfs\v1.3\certs\Swisscom_Root_CA_2.crt;C:\Program Files (x86)\MobileIdAdfs\v1.3\certs\Swisscom_Root_CA_4.crt" 
    SignatureProfile = http://mid.swisscom.ch/Any-LoA4
    DtbsPrefix = "ADFS Demo: "
    RequestTimeOutSeconds = "60"
    PollResponseIntervalSeconds = "1"
    PollResponseDelaySeconds = "3"
    ServiceUrlPrefix  = https://mobileid.swisscom.com/soap/services/
    SecurityProtocolType = "Tls12"
    EnableSubscriberInfo = "false"
    DisableSignatureValidation = "false"
    DisableSignatureCertValidation = "false"
  />
  1. sslRootCaCertDN
    According to the src code, this DN is loaded when the SSL connection is established to mobileid.swisscom.com , which is illogical and makes no sense. Please adjust the code so that we can remove this variable from the configuration completely.
  2. SslKeystore
    Rename to SslMidClientKeystore. This should make it clearer that this is only about the MobileID AP client certificate and not about server or SignResp certificates.
  3. SslCertThumbprint
    Rename to SslMidClientCertThumbprint. This should make it clearer that this is only about the MobileID AP client certificate and not about server or SignResp certificates.
  4. SslRootCaCertFiles
    Rename to SignRespCertFiles. This makes confusion with the server certificate (mobileid.swisscom.com) less likely.
  5. DisableSignatureValidation
    Rename to DisableSignRespValidation. This makes confusion with the server certificate (mobileid.swisscom.com) less likely.
  6. DisableSignatureCertValidation
    Rename to DisableSignRespCertValidation. This makes confusion with the server certificate (mobileid.swisscom.com) less likely.

The new configuration should then look like this:

  <mobileIdClient
    AP_ID = "mid://adfs-dev.swisscom.ch"
    SslMidClientKeystore = "LocalMachine"
    SslMidClientCertThumbprint = "19cb073f974729d9fec8cb1a0c50866886fcdeba"
    SignRespCertFiles = "C:\Program Files (x86)\MobileIdAdfs\v1.3\certs\Swisscom_Root_CA_2.crt;C:\Program Files (x86)\MobileIdAdfs\v1.3\certs\Swisscom_Root_CA_4.crt" 
    SignatureProfile = http://mid.swisscom.ch/Any-LoA4
    DtbsPrefix = "ADFS Demo: "
    RequestTimeOutSeconds = "60"
    PollResponseIntervalSeconds = "1"
    PollResponseDelaySeconds = "3"
    ServiceUrlPrefix  = https://mobileid.swisscom.com/soap/services/
    SecurityProtocolType = "Tls12"
    EnableSubscriberInfo = "false"
    DisableSignRespValidation = "false"
    DisableSignRespCertValidation = "false"
  />
@phaupt phaupt added the enhancement New feature or request label Feb 4, 2022
@PascalBayard PascalBayard mentioned this issue Feb 11, 2022
Merged
phaupt added a commit that referenced this issue Feb 11, 2022
@phaupt
Merge pull request #12 from PascalBayard/develop/#11-Rename_MobileIdC…
2155c5a 
…lient_Configuration_Parameters

Develop/#11 rename mobile id client configuration parameters
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Develop/#11 rename mobile id client configuration parameters PascalBayard/mobileid-enabler-adfs
2 participants
@phaupt @PascalBayard