The following table contains settings that validate the software statement signature.
Further validation of the software statement can be done in the mapping rule.
Name
Description
Valid Value
jwks_uri
Jwks URI containing the public key that is needed to validate the software statement signature.
string
signing_algs
Accepted signing algorithms.
string[]
9.2. Registration Endpoint Authentication
These settings are only applicable for POST operation.
Name
Description
Valid Value
require_mtls
Specifies whether the endpoint requires MTLS.
boolean
require_bearer_token
Specifies whether the endpoint requires bearer token.
boolean
require_software_statement
Specifies whether the endpoint requires software statement.
boolean
allow_custom_client_creds
Only for POST. Specifies whether to accept client_id/client_secret in the POST payload.
boolean
9.3. Management Endpoint Authentication
The following settings apply to PUT, GET, and DELETE operation, unless stated otherwise.
Name
Description
Valid Value
require_mtls
Specifies whether the endpoint requires MTLS.
boolean
require_bearer_token
Specifies whether the endpoint requires bearer token.
boolean
allow_client_secret_update
Specifies whether to accept client_secret in the PUT payload and update the existing client_secret. Only for PUT.
boolean
require_software_statement
Specifies whether the endpoint requires software statement. This setting applies to the PUT operation only.
boolean
9.4. Registration Access Token
Name
Description
Valid Value
generate
Specifies whether to produce registration access token as part of POST/PUT/GET operations.
boolean
lifetime
Specifies the lifetime of the registration access token.
integer
scopes
Specify the access token scopes. All scopes specified here are mandatory. Unauthorized if any scope is not present in the access token.
string[]
dynamic_registration:
recipe: FAPI_UK-OB # Security profile to use, option Default, FAPI_DEFAULT, FAPI_UK-OB, FAPI_AU-CDR
mappingrule_id: dcr # Dynamic registration mapping rule ID.
software_statement_validation: # Software statement validation settings.
jwks_uri: http://172.16.123.1:3000/jwks/obdirectory # Jwks URI containing the public key required to validate the software statement signature.
signing_algs: # Accepted signing algorithms.
- ES256
registration_endpoint_authentication: # Authentication settings for POST operation.
require_mtls: true # Specifies whether the endpoint requires MTLS.
require_bearer_token: true # Specifies whether the endpoint requires bearer token.
require_software_statement: false # Specifies whether the endpoint requires software statement.
allow_custom_client_creds: true # Only for POST. Specifies whether to accept client_id/client_secret in the POST payload.
management_endpoint_authentication: # Authentication settings for PUT/GET/DELETE operations.
require_mtls: false # Specifies whether the endpoint requires MTLS.
require_bearer_token: true # Specifies whether the endpoint requires bearer token.
require_software_statement: false # Specifies whether the endpoint requires software statement. This is only applicable for PUT operation.
allow_client_secret_update: false # Specifies whether client_secret can be updated. This is only applicable for PUT operation.
registration_access_token: # Registration access token settings.
generate: true # Specifies whether to produce registration access token as part of POST/PUT/GET operations.
lifetime: 86400 # Specifies the lifetime of the registration access token.
scopes: # Specify the scopes required by the access token. All scopes specified here are mandatory. Unauthorized if any scope is not present in the access token.
- cdr:registration
