github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenID-Connect-Java-Spring-.../openid-connect-server-webapp/src/main/webapp/resources/template/dynreg.html

570 lines
33 KiB
HTML
Raw Blame History

<!--
Copyright 2014 The MITRE Corporation
and the MIT Kerberos and Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!-- self-service dynamic registration -->
<script type="text/html" id="tmpl-dynreg">
<div class="row-fluid">
<div class="span5">
<button class="btn btn-large" id="newreg">Register a new client</button>
</div>
<div class="span2">
<strong> - OR - </strong>
</div>
<div class="span5">
<input type="text" id="clientId" placeholder="Enter Client ID">
<input type="text" id="regtoken" placeholder="Enter Registration Access Token">
<button class="btn btn-large" id="editreg">Edit an existing client</button>
<span class="help-block>Paste in your client ID and registration access token to access the client.</span>
</div>
</script>
<script type="text/html" id="tmpl-dynreg-client-form">
<h1><%=(client.client_id == null ? 'New' : 'Edit')%> Client</h1>
<form class="form-horizontal tabbable">
<fieldset>
<div class="well well-small">
<button class="btn btn-small btn-save btn-success"><i class="icon-ok-circle icon-white"></i> Save</button> &nbsp;
<button class="btn btn-small btn-cancel"><i class="icon-ban-circle"></i> Cancel</button>
<% if (client.client_id) { %>
<button class="btn btn-danger btn-delete pull-right"><i class="icon-trash icon-white"></i> Delete</button>
<% } %>
</div>
<ul class="nav nav-tabs">
<li class="active"><a data-target="#client-main-tab" data-toggle="tab" href="#">Main</a></li>
<li><a data-target="#client-access-tab" data-toggle="tab" href="#">Access</a></li>
<li><a data-target="#client-secret-tab" data-toggle="tab" href="#">Credentials</a></li>
<li><a data-target="#client-crypto-tab" data-toggle="tab" href="#">Crypto</a></li>
<li><a data-target="#client-other-tab" data-toggle="tab" href="#">Other</a></li>
<li><a data-target="#client-json-tab" data-toggle="tab" href="#">JSON</a></li>
</ul>
<div class="tab-content">
<div class="tab-pane active" id="client-main-tab">
<% if (client.client_id) { %>
<div class="control-group">
<div class="controls">
<div class="alert alert-error">
<strong>Warning!</strong> You MUST protect your your Client ID, Client Secret, and your Registration Access Token. If
you lose your Client ID or Registration Access Token, you will no longer have access to your client's registration
records and you will need to register a new client.
</div>
</div>
</div>
<div class="control-group" id="clientId">
<label class="control-label">Client ID</label>
<div class="controls">
<pre><%=client.client_id ? client.client_id : '<code>Will be generated</code>'%></pre>
</div>
</div>
<div class="control-group" id="requireClientSecret">
<label class="control-label">Client Secret</label>
<div class="control-group">
<div class="controls">
<pre><%=client.client_id ? (client.client_secret ? client.client_secret : 'None (public client)') : 'Will be generated'%></pre>
</div>
</div>
</div>
<div class="control-group" id="clientConfigurationUri">
<label class="control-label">Client Configuration URL</label>
<div class="controls">
<pre><%=client.registration_client_uri ? client.registration_client_uri : 'Will be generated'%></pre>
</div>
</div>
<div class="control-group" id="registrationAccessToken">
<label class="control-label">Registration Access Token</label>
<div class="controls">
<pre><%=client.registration_access_token ? client.registration_access_token : 'Will be generated'%></pre>
</div>
</div>
<% } else { %>
<div class="control-group" id="clientId">
<label class="control-label">Client ID</label>
<div class="controls">
<code>Will be generated</code>
</div>
</div>
<div class="control-group" id="requireClientSecret">
<label class="control-label">Client Secret</label>
<div class="control-group">
<div class="controls">
<code>Will be generated</code>
</div>
</div>
</div>
<div class="control-group" id="clientConfigurationUri">
<label class="control-label">Client Configuration URL</label>
<div class="controls">
<code>Will be generated</code>
</div>
</div>
<div class="control-group" id="registrationAccessToken">
<label class="control-label">Registration Access Token</label>
<div class="controls">
<code>Will be generated</code>
</div>
</div>
<% } %>
<div class="control-group" id="clientName">
<label class="control-label">Client name</label>
<div class="controls">
<input value="<%=client.client_name ? client.client_name : ''%>" maxlength="100" type="text" class="" placeholder="Type something">
<p class="help-block">Human-readable application name</p>
</div>
</div>
<div class="control-group" id="redirectUris">
<label class="control-label">Redirect URI(s)</label>
<div class="controls">
</div>
</div>
<div class="control-group" id="clientDescription">
<label class="control-label">Description</label>
<div class="controls">
<textarea class="input-xlarge" placeholder="Type a description" maxlength="200" rows="3"><%=client.client_description ? client.client_description : ''%></textarea>
<p class="help-block">Human-readable text description</p>
</div>
</div>
<div class="control-group" id="logoUri">
<label class="control-label">Logo</label>
<div class="controls">
<input placeholder="https://" value="<%=client.logo_uri ? client.logo_uri : ''%>" maxlength="1000" type="text" class=""/>
<p class="help-block">URL that points to a logo image, will be displayed on approval page</p>
</div>
</div>
<div class="control-group" id="logoBlock">
<div class="controls">
<!-- TODO: this should be an internally-served placeholder graphic -->
<img src="http://placehold.it/275x200&text=Enter a logo URL" alt="logo" id="logoPreview" width="275px" class="thumbnail" />
</div>
</div>
<div class="control-group" id="tosUri">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Terms of Service</label>
<div class="controls">
<input placeholder="https://" value="<%=client.tos_uri ? client.tos_uri : ''%>" maxlength="1000" type="text" class=""/>
<p class="help-block">URL for the Terms of Service of this client, will be displayed to the user</p>
</div>
</div>
<div class="control-group" id="policyUri">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Policy</label>
<div class="controls">
<input placeholder="https://" value="<%=client.policy_uri ? client.policy_uri : ''%>" maxlength="1000" type="text" class=""/>
<p class="help-block">URL for the Policy Statement of this client, will be displayed to the user</p>
</div>
</div>
<div class="control-group" id="clientUri">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Home Page</label>
<div class="controls">
<input placeholder="https://" value="<%=client.client_uri ? client.client_uri : ''%>" maxlength="1000" type="text" class=""/>
<p class="help-block">URL for the client's home page, will be displayed to the user</p>
</div>
</div>
<div class="control-group" id="applicationType">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Application Type</label>
<div class="controls">
<label class="radio inline">
<input type="radio" name="applicationType" value="NATIVE" <%=(client.application_type == 'NATIVE' ? 'checked' : '')%>> Native
</label>
<label class="radio inline">
<input type="radio" name="applicationType" value="WEB" <%=(client.application_type == 'WEB' ? 'checked' : '')%>> Web
</label>
</div>
</div>
<div class="control-group" id="contacts">
<label class="control-label">Contacts</label>
<div class="controls">
</div>
</div>
</div>
<div class="tab-pane" id="client-access-tab">
<div class="control-group" id="scope">
<label class="control-label">Scope</label>
<div class="controls">
</div>
</div>
<div class="control-group" id="grantTypes">
<label class="control-label">Grant Types</label>
<div class="controls">
<label class="checkbox">
<input id="grantTypes-authorization_code" type="checkbox"
<%=($.inArray("authorization_code", client.grant_types) > -1 ? 'checked' : '')%>>
authorization code
</label>
<label class="checkbox">
<input id="grantTypes-client_credentials" type="checkbox"
<%=($.inArray("client_credentials", client.grant_types) > -1 ? 'checked' : '')%>> client credentials
</label>
<label class="checkbox">
<input id="grantTypes-password" type="checkbox" <%=($.inArray("password", client.grant_types) > -1 ? 'checked' : '')%>> password
</label>
<label class="checkbox">
<input id="grantTypes-implicit" type="checkbox" <%=($.inArray("implicit", client.grant_types) > -1 ? 'checked' : '')%>> implicit
</label>
<!--
<label class="checkbox">
<input id="grantTypes-refresh_token" type="checkbox" <%=($.inArray("refresh_token", client.grant_types) > -1 ? 'checked' : '')%>> refresh
</label>
-->
<label class="checkbox">
<input id="grantTypes-redelegate" type="checkbox" <%=($.inArray("urn:ietf:params:oauth:grant_type:redelegate", client.grant_types) > -1 ? 'checked' : '')%>> redelegate
</label>
</div>
</div>
<div class="control-group" id="responseTypes">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Response Types</label>
<div class="controls">
<label class="checkbox">
<input id="responseTypes-code" type="checkbox" <%=($.inArray("code", client.response_types) > -1 ? 'checked' : '')%>> code
</label>
<label class="checkbox">
<input id="responseTypes-token" type="checkbox" <%=($.inArray("token", client.response_types) > -1 ? 'checked' : '')%>> token
</label>
<label class="checkbox">
<input id="responseTypes-idtoken" type="checkbox" <%=($.inArray("id_token", client.response_types) > -1 ? 'checked' : '')%>> id_token
</label>
<label class="checkbox">
<input id="responseTypes-token-idtoken" type="checkbox" <%=($.inArray("token id_token", client.response_types) > -1 ? 'checked' : '')%>> token id_token
</label>
<label class="checkbox">
<input id="responseTypes-code-idtoken" type="checkbox" <%=($.inArray("code id_token", client.response_types) > -1 ? 'checked' : '')%>> code id_token
</label>
<label class="checkbox">
<input id="responseTypes-code-token" type="checkbox" <%=($.inArray("code token", client.response_types) > -1 ? 'checked' : '')%>> code token
</label>
<label class="checkbox">
<input id="responseTypes-code-token-idtoken" type="checkbox" <%=($.inArray("code token id_token", client.response_types) > -1 ? 'checked' : '')%>> code token id_token
</label>
</div>
</div>
<div class="control-group" id="subjectType">
<label class="control-label">Subject Type</label>
<div class="controls">
<label class="radio inline">
<input type="radio" name="subjectType" value="public" <%=(client.subject_type == 'public' ? 'checked' : '')%>> Public
</label>
<label class="radio inline">
<input type="radio" name="subjectType" value="pairwise" <%=(client.subject_type == 'pairwise' ? 'checked' : '')%>> Pairwise
</label>
</div>
</div>
<div class="control-group" id="sectorIdentifierUri">
<label class="control-label">Sector Identifier URI</label>
<div class="controls">
<input placeholder="https://" value="<%=client.sector_identifier_uri ? client.sector_identifier_uri : ''%>" maxlength="1000" type="text" class=""/>
<p class="help-block">Sector Identifier for JavaScript</p>
</div>
</div>
</div>
<div class="tab-pane" id="client-secret-tab">
<div class="control-group" id="tokenEndpointAuthMethod">
<label class="control-label">Token Endpoint Authentication Method</label>
<div class="controls">
<label class="radio">
<input type="radio" name="tokenEndpointAuthMethod" value="client_secret_basic" <%=(client.token_endpoint_auth_method == 'client_secret_basic' ? 'checked' : '')%>> Client Secret over HTTP Basic
</label>
<label class="radio">
<input type="radio" name="tokenEndpointAuthMethod" value="client_secret_post" <%=(client.token_endpoint_auth_method == 'client_secret_post' ? 'checked' : '')%>> Client Secret over HTTP POST
</label>
<label class="radio">
<input type="radio" name="tokenEndpointAuthMethod" value="client_secret_jwt" <%=(client.token_endpoint_auth_method == 'client_secret_jwt' ? 'checked' : '')%>> Client Secret via symmetrically-signed JWT assertion
</label>
<label class="radio">
<input type="radio" name="tokenEndpointAuthMethod" value="private_key_jwt" <%=(client.token_endpoint_auth_method == 'private_key_jwt' ? 'checked' : '')%>> Asymmetrically-signed JWT assertion
</label>
<label class="radio">
<input type="radio" name="tokenEndpointAuthMethod" value="none" <%=(client.token_endpoint_auth_method == 'none' ? 'checked' : '')%>> No authentication
</label>
</div>
</div>
<div class="control-group" id="jwksUri">
<label class="control-label">JWK Set</label>
<div class="controls">
<input placeholder="https://" value="<%=client.jwks_uri ? client.jwks_uri : ''%>" maxlength="1000" type="text" class=""/>
<p class="help-block">URL for the client's JSON Web Key set</p>
</div>
</div>
<div class="control-group" id="tokenEndpointAuthSigningAlg">
<label class="control-label">Token Endpoint Authentication Signing Algorithm</label>
<div class="controls">
<select>
<option value="default" <%=client.token_endpoint_auth_signing_alg == null ? 'selected ' : ''%>>Any allowed</option>
<option value="HS256" <%=client.token_endpoint_auth_signing_alg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
<option value="HS384" <%=client.token_endpoint_auth_signing_alg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
<option value="HS512" <%=client.token_endpoint_auth_signing_alg == "HS512" ? 'selected' : ''%>>HMAC using SHA-512 hash algorithm</option>
<option value="RS256" <%=client.token_endpoint_auth_signing_alg == "RS256" ? 'selected' : ''%>>RSASSA using SHA-256 hash algorithm</option>
<option value="RS384" <%=client.token_endpoint_auth_signing_alg == "RS384" ? 'selected' : ''%>>RSASSA using SHA-384 hash algorithm</option>
<option value="RS512" <%=client.token_endpoint_auth_signing_alg == "RS512" ? 'selected' : ''%>>RSASSA using SHA-512 hash algorithm</option>
<option value="ES256" <%=client.token_endpoint_auth_signing_alg == "ES256" ? 'selected' : ''%>>ECDSA using P-256 curve and SHA-256 hash algorithm</option>
<option value="ES384" <%=client.token_endpoint_auth_signing_alg == "ES384" ? 'selected' : ''%>>ECDSA using P-384 curve and SHA-384 hash algorithm</option>
<option value="ES512" <%=client.token_endpoint_auth_signing_alg == "ES512" ? 'selected' : ''%>>ECDSA using P-512 curve and SHA-512 hash algorithm</option>
</select>
</div>
</div>
</div>
<div class="tab-pane" id="client-crypto-tab">
<div class="control-group" id="requestObjectSigningAlg">
<label class="control-label">Request Object Signing Algorithm</label>
<div class="controls">
<select>
<option value="default" <%=client.request_object_signing_alg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=client.request_object_signing_alg == "none" ? 'selected' : ''%>>No digital signature</option>
<option value="HS256" <%=client.request_object_signing_alg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
<option value="HS384" <%=client.request_object_signing_alg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
<option value="HS512" <%=client.request_object_signing_alg == "HS512" ? 'selected' : ''%>>HMAC using SHA-512 hash algorithm</option>
<option value="RS256" <%=client.request_object_signing_alg == "RS256" ? 'selected' : ''%>>RSASSA using SHA-256 hash algorithm</option>
<option value="RS384" <%=client.request_object_signing_alg == "RS384" ? 'selected' : ''%>>RSASSA using SHA-384 hash algorithm</option>
<option value="RS512" <%=client.request_object_signing_alg == "RS512" ? 'selected' : ''%>>RSASSA using SHA-512 hash algorithm</option>
<option value="ES256" <%=client.request_object_signing_alg == "ES256" ? 'selected' : ''%>>ECDSA using P-256 curve and SHA-256 hash algorithm</option>
<option value="ES384" <%=client.request_object_signing_alg == "ES384" ? 'selected' : ''%>>ECDSA using P-384 curve and SHA-384 hash algorithm</option>
<option value="ES512" <%=client.request_object_signing_alg == "ES512" ? 'selected' : ''%>>ECDSA using P-512 curve and SHA-512 hash algorithm</option>
</select>
</div>
</div>
<div class="control-group" id="userInfoSignedResponseAlg">
<label class="control-label">User Info Endpoint Signing Algorithm</label>
<div class="controls">
<select>
<option value="default" <%=client.userinfo_signed_response_alg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=client.userinfo_signed_response_alg == "none" ? 'selected' : ''%>>No digital signature</option>
<option value="HS256" <%=client.userinfo_signed_response_alg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
<option value="HS384" <%=client.userinfo_signed_response_alg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
<option value="HS512" <%=client.userinfo_signed_response_alg == "HS512" ? 'selected' : ''%>>HMAC using SHA-512 hash algorithm</option>
<option value="RS256" <%=client.userinfo_signed_response_alg == "RS256" ? 'selected' : ''%>>RSASSA using SHA-256 hash algorithm</option>
<option value="RS384" <%=client.userinfo_signed_response_alg == "RS384" ? 'selected' : ''%>>RSASSA using SHA-384 hash algorithm</option>
<option value="RS512" <%=client.userinfo_signed_response_alg == "RS512" ? 'selected' : ''%>>RSASSA using SHA-512 hash algorithm</option>
<option value="ES256" <%=client.userinfo_signed_response_alg == "ES256" ? 'selected' : ''%>>ECDSA using P-256 curve and SHA-256 hash algorithm</option>
<option value="ES384" <%=client.userinfo_signed_response_alg == "ES384" ? 'selected' : ''%>>ECDSA using P-384 curve and SHA-384 hash algorithm</option>
<option value="ES512" <%=client.userinfo_signed_response_alg == "ES512" ? 'selected' : ''%>>ECDSA using P-512 curve and SHA-512 hash algorithm</option>
</select>
</div>
</div>
<div class="control-group" id="userInfoEncryptedResponseAlg">
<label class="control-label">User Info Endpoint Encryption Algorithm</label>
<div class="controls">
<select>
<option value="default" <%=client.userinfo_encrypted_response_alg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=client.userinfo_encrypted_response_alg == "none" ? 'selected' : ''%>>No encryption</option>
<option value="RSA1_5" <%=client.userinfo_encrypted_response_alg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
<option value="RSA-OAEP" <%=client.userinfo_encrypted_response_alg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
<option value="A128KW" <%=client.userinfo_encrypted_response_alg == "A128KW" ? 'selected' : ''%>>AES Key Wrap Algorithm using 128 bit keys </option>
<option value="A256KW" <%=client.userinfo_encrypted_response_alg == "A256KW" ? 'selected' : ''%>>AES Key Wrap Algorithm using 256 bit keys</option>
<option value="dir" <%=client.userinfo_encrypted_response_alg == "dir" ? 'selected' : ''%>>Direct use of a shared symmetric key as the Content Master Key (CMK) for the block encryption step</option>
<option value="ECDH-ES" <%=client.userinfo_encrypted_response_alg == "ECDH-ES" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using the Concat KDF, with the agreed-upon key being used directly as the Content Master Key (CMK)</option>
<option value="ECDH-ES+A128KW" <%=client.userinfo_encrypted_response_alg == "ECDH-ES+A128KW" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per ECDH-ES and Section 4.7, but where the agreed-upon key is used to wrap the Content Master Key (CMK) with the A128KW function</option>
<option value="ECDH-ES+A256KW" <%=client.userinfo_encrypted_response_alg == "ECDH-ES+A256KW" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per ECDH-ES and Section 4.7, but where the agreed-upon key is used to wrap the Content Master Key (CMK) with the A256KW function</option>
</select>
</div>
</div>
<div class="control-group" id="userInfoEncryptedResponseEnc">
<label class="control-label">User Info Endpoint Encryption Method</label>
<div class="controls">
<select>
<option value="default" <%=client.userinfo_encrypted_response_enc == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=client.userinfo_encrypted_response_enc == "none" ? 'selected' : ''%>>No encryption</option>
<option value="A128CBC+HS256" <%=client.userinfo_encrypted_response_enc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
<option value="A256CBC+HS512" <%=client.userinfo_encrypted_response_enc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
<option value="A128GCM" <%=client.userinfo_encrypted_response_enc == "A128GCM" ? 'selected' : ''%>>AES GCM using 128 bit keys</option>
<option value="A256GCM" <%=client.userinfo_encrypted_response_enc == "A256GCM" ? 'selected' : ''%>>AES GCM using 256 bit keys</option>
</select>
</div>
</div>
<div class="control-group" id="idTokenSignedResponseAlg">
<label class="control-label">ID Token Signing Algorithm</label>
<div class="controls">
<select>
<option value="default" <%=client.id_token_signed_response_alg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=client.id_token_signed_response_alg == "none" ? 'selected' : ''%>>No digital signature</option>
<option value="HS256" <%=client.id_token_signed_response_alg == "HS256" ? 'selected' : ''%>>HMAC using SHA-256 hash algorithm</option>
<option value="HS384" <%=client.id_token_signed_response_alg == "HS384" ? 'selected' : ''%>>HMAC using SHA-384 hash algorithm</option>
<option value="HS512" <%=client.id_token_signed_response_alg == "HS512" ? 'selected' : ''%>>HMAC using SHA-512 hash algorithm</option>
<option value="RS256" <%=client.id_token_signed_response_alg == "RS256" ? 'selected' : ''%>>RSASSA using SHA-256 hash algorithm</option>
<option value="RS384" <%=client.id_token_signed_response_alg == "RS384" ? 'selected' : ''%>>RSASSA using SHA-384 hash algorithm</option>
<option value="RS512" <%=client.id_token_signed_response_alg == "RS512" ? 'selected' : ''%>>RSASSA using SHA-512 hash algorithm</option>
<option value="ES256" <%=client.id_token_signed_response_alg == "ES256" ? 'selected' : ''%>>ECDSA using P-256 curve and SHA-256 hash algorithm</option>
<option value="ES384" <%=client.id_token_signed_response_alg == "ES384" ? 'selected' : ''%>>ECDSA using P-384 curve and SHA-384 hash algorithm</option>
<option value="ES512" <%=client.id_token_signed_response_alg == "ES512" ? 'selected' : ''%>>ECDSA using P-512 curve and SHA-512 hash algorithm</option>
</select>
</div>
</div>
<div class="control-group" id="idTokenEncryptedResponseAlg">
<label class="control-label">ID Token Encryption Algorithm</label>
<div class="controls">
<select>
<option value="default" <%=client.id_token_encrypted_response_alg == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=client.id_token_encrypted_response_alg == "none" ? 'selected' : ''%>>No encryption</option>
<option value="RSA1_5" <%=client.id_token_encrypted_response_alg == "RSA1_5" ? 'selected' : ''%>>RSAES-PKCS1-V1_5</option>
<option value="RSA-OAEP" <%=client.id_token_encrypted_response_alg == "RSA-OAEP" ? 'selected' : ''%>>RSAES using Optimal Asymmetric Encryption Padding (OAEP)</option>
<option value="A128KW" <%=client.id_token_encrypted_response_alg == "A128KW" ? 'selected' : ''%>>Advanced Encryption Standard (AES) Key Wrap Algorithm using 128 bit keys </option>
<option value="A256KW" <%=client.id_token_encrypted_response_alg == "A256KW" ? 'selected' : ''%>>AES Key Wrap Algorithm using 256 bit keys</option>
<option value="dir" <%=client.id_token_encrypted_response_alg == "dir" ? 'selected' : ''%>>Direct use of a shared symmetric key as the Content Master Key (CMK) for the block encryption step</option>
<option value="ECDH-ES" <%=client.id_token_encrypted_response_alg == "ECDH-ES" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement using the Concat KDF, with the agreed-upon key being used directly as the Content Master Key (CMK)</option>
<option value="ECDH-ES+A128KW" <%=client.id_token_encrypted_response_alg == "ECDH-ES+A128KW" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per ECDH-ES and Section 4.7, but where the agreed-upon key is used to wrap the Content Master Key (CMK) with the A128KW function</option>
<option value="ECDH-ES+A256KW" <%=client.id_token_encrypted_response_alg == "ECDH-ES+A256KW" ? 'selected' : ''%>>Elliptic Curve Diffie-Hellman Ephemeral Static key agreement per ECDH-ES and Section 4.7, but where the agreed-upon key is used to wrap the Content Master Key (CMK) with the A256KW function</option>
</select>
</div>
</div>
<div class="control-group" id="idTokenEncryptedResponseEnc">
<label class="control-label">ID Token Encryption Method</label>
<div class="controls">
<select>
<option value="default" <%=client.id_token_encrypted_response_enc == null ? 'selected ' : ''%>>Use server default</option>
<option value="none" <%=client.id_token_encrypted_response_enc == "none" ? 'selected' : ''%>>No encryption</option>
<option value="A128CBC+HS256" <%=client.id_token_encrypted_response_enc == "A128CBC+HS256" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in Cipher Block Chaining (CBC) mode with PKCS #5 padding with an integrity calculation using HMAC SHA-256, using a 256 bit CMK (and 128 bit CEK)</option>
<option value="A256CBC+HS512" <%=client.id_token_encrypted_response_enc == "A256CBC+HS512" ? 'selected' : ''%>>Composite Authenticated Encryption algorithm using AES in CBC mode with PKCS #5 padding with an integrity calculation using HMAC SHA-512, using a 512 bit CMK (and 256 bit CEK)</option>
<option value="A128GCM" <%=client.id_token_encrypted_response_enc == "A128GCM" ? 'selected' : ''%>>AES GCM using 128 bit keys</option>
<option value="A256GCM" <%=client.id_token_encrypted_response_enc == "A256GCM" ? 'selected' : ''%>>AES GCM using 256 bit keys</option>
</select>
</div>
</div>
</div>
<div class="tab-pane" id="client-other-tab">
<div class="control-group" id="initiateLoginUri">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Initiate Login</label>
<div class="controls">
<input placeholder="https://" value="<%=client.initiate_login_uri ? client.initiate_login_uri : ''%>" maxlength="1000" type="text" class=""/>
<p class="help-block">URL to initiate login on the client</p>
</div>
</div>
<div class="control-group" id="postLogoutRedirectUri">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Post-Logout Redirect</label>
<div class="controls">
<input placeholder="https://" value="<%=client.post_logout_redirect_uri%>" maxlength="1000" type="text" class=""/>
<p class="help-block">URL to redirect the client to after a logout operation</p>
</div>
</div>
<div class="control-group" id="requireAuthTime">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Require Auth Time</label>
<div class="controls">
<label class="checkbox">
<input type="checkbox" <%=(client.require_auth_time == true ? 'checked' : '')%>> Always require that the auth_time claim be sent in the id token
</label>
</div>
</div>
<div class="control-group" id="defaultMaxAge">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Default Max Age</label>
<div class="controls">
<input placeholder="" value="<%=client.default_max_age ? client.default_max_age : ''%>" maxlength="1000" type="text" class=""/>
<p class="help-block">Default maximum session age before re-prompting</p>
</div>
</div>
<div class="control-group" id="requestUris">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Request URIs</label>
<div class="controls">
</div>
</div>
<div class="control-group" id="defaultAcrValues">
<label class="control-label"><span class="label label-default nyi"><i class="icon-road icon-white"></i> NYI </span> Default ACR Values</label>
<div class="controls">
</div>
</div>
</div>
<div class="tab-pane" id="client-json-tab">
<pre>
<%= JSON.stringify(client, undefined, 2) %>
</pre>
</div>
<div class="well well-small">
<button class="btn btn-small btn-save btn-success"><i class="icon-ok-circle icon-white"></i> Save</button> &nbsp;
<button class="btn btn-small btn-cancel"><i class="icon-ban-circle"></i> Cancel</button>
<% if (client.client_id) { %>
<button class="btn btn-danger btn-delete pull-right"><i class="icon-trash icon-white"></i> Delete</button>
<% } %>
</div>
</fieldset>
</form>
</script>
Reference in New Issue View Git Blame Copy Permalink