Encrypted sub claim #362
-
|
Hi, I've been digging around in the docs to see if you can configure activelogin to encrypt the sub claim, is that possible? Why would we like to this? We're using activelogin together with Azure AD B2C and in the AD we're creating alternative security keys using the sub claim. Due to GDPR we're investigating the possibility to prevent the AD from storing "personnummer" (sub) and an idea would be if activelogin could encrypt the sub with a key only known to identityserver and activelogin. BR, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
The direct answer to your question related to Active Login: An input to what you want to achieve: |
Beta Was this translation helpful? Give feedback.
The direct answer to your question related to Active Login:
There is no (and won't be) any built-in support for encrypting the sub claim. What is available is the option to alter the claim issuing pipeline. We have full docs on that here:
https://docs.activelogin.net/articles/bankid.html#claims-issuing
An input to what you want to achieve:
I would probably implement the solution in a different way, not relying on encrypting the PIN (that has flaws). But architecting a secure auth flow with Azure AD B2C is out of scope for this OSS project - but we would be more than happy to consult in this area. Ping us if you need guidance.