By: Thomas Fellinger user 15 Oct 2021 at 3:42 a.m. CDT

5 Responses
Thomas Fellinger gravatar
This is just a general question... When I create a new client in Gluu it generates an entity based on a UUID for me. Is this a security feature? Would it be bad if one could decide the ID beforehand? Are IDs that just use the FQDN a risk? If there is no risk involved it would be great to predefine the ID to better automate distributed configurations. Thanks!

By Mohib Zico staff 19 Oct 2021 at 12:48 a.m. CDT

Mohib Zico gravatar
Hi, I am little bit confused, sorry. EntityID / Client generation / FQDN: both three are in three sectors like SAML / OpenID connect / Networking. Can you please describe your question a bit?

By Thomas Fellinger user 20 Oct 2021 at 1:34 a.m. CDT

Thomas Fellinger gravatar
Hello, in my case I am talking about OIDC and SAML. Thanks, Thomas

By Mobarak Hosen Shakil staff 18 Nov 2021 at 11:49 a.m. CST

Mobarak Hosen Shakil gravatar
Yes, It uses hashing to create an unique and non-guessable string that helps to keep safe from third-parties. Thanks, Regards ~ Shakil

By Thomas Fellinger user 18 Nov 2021 at 12:15 p.m. CST

Thomas Fellinger gravatar
Hello @Mobarak Hosen.Shakil! Thanks for getting back to me. Can you explain the threat model here? What is the threat this is protecting against? If the secret is the thing that is not guessable, what additional protection comes with the attacker not knowing the entity ID? Are there any documents you can point me to? Is this something only Gluu does or is it a defacto standard? I think Keycloak for example lets you choose the entity ID. Is this a risky practice and if so, why? If the there is no imminent risk by being able to choose the entity ID this would help us greatly in preconfiguring systems before they get onboarded to Gluu.

By Mobarak Hosen Shakil staff 18 Nov 2021 at 12:31 p.m. CST

Mobarak Hosen Shakil gravatar
Hi Thomas, Actually, I think it's better if you can book a call here: There are lot of things to discuss which is not sufficient in ticket comment. Regards ~ Shakil