...
The web server within which the SP is deployed also manages its own keys and certificates to establish TLS/SSL connections with browser users. While it is technically possible for the SP software to use the same keypair and certificate used by the web server itself, this is not a good idea. Also note that in the current implementation, only the shibd daemon process needs to access the SP's credentials, so the web server does not need any access to them whatsoever.
Note that multiple CredentialResolvers can be specified (see the Multiple Credentials topic for more detail).
Types
Only one type of credential resolver is available:
Type | Description |
|---|---|
File | Loads keys and certificates stored in local or remote files using common formats. PEM, DER, and PKCS#12 are supported. |
Reference
Common Attributes
Name | Type | Req? | Description |
|---|---|---|---|
| string | Y | Type of plugin to use |
...