Versions Compared

Old Version 22

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 23

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Name

Type

Default

Description

type 

string

Required, set to "File" in the case of this plugin

certificate

local pathname

Shorthand for a <Certificate> element whose <Path> element contains the value of the attribute

key

local pathname

Shorthand for a <Key> element whose <Path> element contains the value of the attribute

password 

string

Optional password for decrypting the private key if the key shorthand attribute is used.

keyName 

string

Optional "alias" for the key if the key shorthand attribute is used. See the <Name> element belowin the CredentialKey topic.

use 

"signing", "TLS", "encryption",

Optional setting that limits the use of the credential to the designated purpose. Note that "signing" implies "TLS" (it's a superset).

keyInfoMask 

integer bitmask

15

Optional bitmask controlling the content of generated KeyInfo information. By default, various combinations of the key value, name(s), X.509 certificate, and X.509 subject name are included. Certificate issuer and serial number are not, because of known bugs in non-Shibboleth software. The actual output in any given case depends on the underlying implementation.

extractNames 

boolean

true

Optional flag to disable the default extraction of "key names" based on the supplied certificate. Allows deployer to maximize control over the exact names, if any, that will be available to match against a compared key in a signature or encrypted key block. Normally left on except in specialized cases.

...