...
A simple shell/batch script called seckeygen is provided as a simple means of rotating the key, and the software will typically detect when the file changes and reload it. It's possible to rely on a remote file, but since there's no independent means to secure that, you should be very careful with that approach.
Reference
Attributes
Name | Type | Default | Description |
|---|---|---|---|
path | local pathname | Path to a local file containing the keys to use | |
url | remote URL | Location of a remote file to download containing the keys to use | |
reloadChanges | boolean | true | When a local file is used, this controls whether to monitor it for changes and reload it automatically |
backingFilePath | local pathname | When a remote resource is used, this is a required setting defining the location to back up the remote resource to ensure a valid copy at restart | |
reloadInterval | time in seconds | 0 | When a remote resource is used, a non-zero value specifies the interval between checks for an updated copy |
Child Elements
None
Example
Given an XML configuration of:
Excerpt of shibboleth2.xml
| Code Block | ||||
|---|---|---|---|---|
| ||||
<DataSealer type="Versioned" path="sealer.keys" /> |
...