Server configuration

The MITREid Connect server can function as an OpenID Connect Identity Provider (IdP) and an OAuth 2.0 Authorization Server (AS) simultaneously. The server is a Spring application and its configuration files are found in openid-connect-server/src/main/webapp/WEB-INF/ and end in .xml. The configuration has been split into multiple .xml files to facilitate overrides and custom configuration. As such, application-context.xml and spring-servlet.xml should never be edited or overridden by a local configuration. Rather, each of the remaining files contains aspects that can be configured independently:

• user-context.xml: Defines how users user information is stored and accessed within the system, which users map to administrators, and how the site's default access controls will work.
• server-config.xml: Defines the server's ConfigurationPropertiesBean class which defines the server's Issuer URL, from which all other URLs in the system are based. This also defines the display title and titlebar icon.
• data-context.xml: Data connection information used by the JPA storage layers. The beans defined here will include database connection credentials and any other components that need to be defined for storage.
• crypto-config.xml: Cryptographic configuration, defines the server's signing and validation service. this requires parameters such as location of the server's private key file and the server's default signing key and algorithm.
• task-config.xml: Defines scheduled tasks that should be run repeatedly with a fixed-delay. In our master branch, we have 2 tasks defined: clear out expired tokens, and clear out expired ApprovedSite definitions.
• local-config.xml: Any remaining new bean definitions that don't fit existing categories but need to be added to the configuration. This is loaded last.