Versions Compared

Old Version 14

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 15

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

You need to be careful with this, because leaving out a step can introduce security holes. In particular, if you want an HttpClient bean to use the special TLSSocketFactory we provide that supports a TrustEngine, you MUST provide an HttpClientSecurityParameters instance to the component using the HttpClient bean to configure the security behavior you want.

...

TrustEngine Examples

To use a TrustEngine, you need to define an HttpClientSecurityParameters bean with a tLSTrustEngine property. While you can define any compatible object, the two most common cases are supported via a pair of factory beans:

...

The category and details in the ERROR will vary by component, but the WARN and SSLPeerUnverifiedException messages will consistently indicate that the component was configured to apply a TrustEngine to the connection but couldn't do so. This will happen after the connection is established, possibly even after data is sent and consumed, but it should happen at the end. If not, something is wrong and has to be corrected to be confident that the eventual configuration will work.

...

NameTypeDescription

shibboleth.NonCachingHttpClient                                                   

HttpClientFactoryBeanFactory bean for non-caching HTTP client
shibboleth.FileCachingHttpClientFileCachingHttpClientFactoryBeanFactory bean for file-based-caching HTTP client

shibboleth.MemoryCachingHttpClient

InMemoryCachingHttpClientFactoryBeanFactory bean for in-memory-caching HTTP client
shibboleth.StaticExplicitTrustEngine 3.3StaticExplicitKeyFactoryBeanFactory bean for creating ExplicitKeyTrustEngine
shibboleth.StaticPKIXTrustEngine 3.3StaticPKIXFactoryBeanFactory bean for creating PKIXX509CredentialTrustEngine
shibboleth.SecurityEnhancedTLSSocketFactory 3.2SecurityEnhancedTLSSocketFactorySocket factory that supports HttpClientSecurityParameters-aware components
shibboleth.SecurityEnhancedTLSSocketFactoryWithClientTLS 3.3SecurityEnhancedTLSSocketFactoryClient-TLS-capable socket factory that supports HttpClientSecurityParameters-aware components

...