...
To update the Trust Marks, you need to modify the trust_marks section of the satosa/plugins/oidc_frontend.yaml file. Follow the steps below to replace the existing Trust Marks with the ones received from the federation operator.
Locate the Trust Marks Section
In the current configuration, the `trusttrust_marks` marks are defined under:
Code Block language yml trust_marks: - <existing-trust-mark-1> - <existing-trust-mark-2>
You need to replace these values with the new Trust Marks provided by the federation operator.
Example Update
If the federation operator provided the following new Trust Marks:
Code Block language yml eyJhbGciOiJSUzI1NiIsImtpZCI6IjM2NWQ2MjY3LTI5MzQtNGJhNy05YjEyLWU4ZmFkNTYwYjZjMyJ9... eyJhbGciOiJSUzI1NiIsImtpZCI6IjkwNTFjZTgzLTY1NzEtNDliYi04ODdjLTc3OWQzMDNmOTRmYyJ9...
Modify the `trusttrust_marks` marks section as follows:
Code Block language yml trust_marks: - eyJhbGciOiJSUzI1NiIsImtpZCI6IjM2NWQ2MjY3LTI5MzQtNGJhNy05YjEyLWU4ZmFkNTYwYjZjMyJ9... - eyJhbGciOiJSUzI1NiIsImtpZCI6IjkwNTFjZTgzLTY1NzEtNDliYi04ODdjLTc3OWQzMDNmOTRmYyJ9..
Restart the Issuer to Apply Changes
Once you've updated the configuration file, restart the Issuer container to apply the changes:
Code Block language bash ./stop.sh && \ ./start.sh
Verify the Changes
After restarting the Issuer, verify that the new Trust Marks are correctly applied:Code Block language bash curl -k -s https://<issuer-host>:8000/.well-known/openid-federation | cut -d '.' -f2 | tr '_-' '/+' | base64 -d 2>/dev/null | jq .
Look for the updated `trusttrust_marks` marks in the JSON response.
Testing Trust Marks
...