Property | Value | Description |
---|---|---|
HTTP Signature Certificate Loader | "HTTP Signature X.509 Certificate Header Loader" with header name "TPP-Signature-Certificate" | Reads certificate used for signature verification from the specified HTTP header as specified in NextGenPSD2. |
Credential Extractor | "Client Certificate (X.509) Credential Extractor" (the default) | Extracts the client certificate (the one used for the SSL/TLS handshake; not the signing certificate) from the request. This is used to authenticate the TPP in a later step. |
HTTP Signature Algorithm Verifier | "HTTP Signature Algorithm Whitelist" with the values
| Whitelists the signature algorithms allowed according to the NextGenPSD2 specification. |
Credential Verifier | "Certificate Subject Organization Identifier Equality Credential Verifier" | Makes sure that the "organizationIdentifier" in the signing certificate is the same as the one in the client certificate. |
Audit Logger | Empty (no logging) or "Http Signature Audit Logger" | If enabled the "Http Signature Audit Logger" logs all information from the HTTP request required to verify the signature at a later point in time (trusted signing certificate issuers' certificates are not included). The log is only written if the signature could be successfully verified. In order to also log the request body (and not only its hash value), you also need to enable the Audit Logger in the digest configuration ("HTTP Instance Digest Verification" plugin). The logged information contains the whole request (depending on the configuration also including the body). This means that it may contain sensitive information such as payment instructions or account numbers. It is strongly recommended to send the log to a log receiver designed to hold this kind of information (see plugin description for details). |
Trust Store Path | see description | Refers to a trust store file containing all trusted certificates of QTSP that issue TPP certificates. See also Getting issuer certificates for PSD2. |
Other Properties | For all other configuration properties, please refer to the documentation in the ConfigEditor by clicking on the symbols. |