Other config properties

Property

Value

Description

HTTP Signature Certificate Loader

HTTP Signature X.509 Certificate URL Loader

Reads certificate used for signature verification from the URL specified in the keyID (part of the signature header).

Credential Extractor

Certificate Token Credential Extractor

Extracts the client certificate (the one used for the SSL/TLS handshake; not the signing certificate) and the OAuth Access Token from the request. This is used to authenticate the TPP in a later step.

HTTP Signature Algorithm Verifier

HTTP Signature Algorithm Whitelist" with the values

  • SHA512withRSA
  • SHA256withRSA
  • SHA512withECDSA
  • SHA256withECDSA

Whitelists the allowed signature algorithms.

Credential Verifier

Certificate Subject Organization Identifier Equality Credential Verifier

Makes sure that the organizationIdentifier in the signing certificate is the same as the one in the client certificate.

Audit Logger

Empty (no logging) or Http Signature Audit Logger"

If enabled the Http Signature Audit Logger" logs all information from the HTTP request required to verify the signature at a later point in time (trusted signing certificate issuers' certificates are not included). The log is only written if the signature can be successfully verified.

To also log the request body (and not only its hash value), you also need to enable the Audit Logger in the digest configuration (HTTP Instance Digest Verification plugin).

The logged information contains the whole request (depending on the configuration also including the body). This means that it may contain sensitive information such as payment instructions or account numbers. It is strongly recommended to send the log to a log receiver designed to hold this kind of information (see plugin description for details).

Trust Store Path

see descriptio

Refers to a trust store file containing all trusted certificates of QTSP that issue TPP certificates. See also Getting issuer certificates for PSD2.

Other Properties

For all other configuration properties, please refer to the documentation in the ConfigEditor by clicking on the information.svg symbols.