...
Name | Type | Default | Description |
---|---|---|---|
type | string | Required, set to "File" in the case of this plugin | |
certificate | local pathname | Shorthand for a <Certificate> element whose | |
key | local pathname | Shorthand for a <Key> element whose | |
password | string | Optional password for decrypting the private key if the | |
keyName | string | Optional "alias" for the key if the | |
use | "signing", "TLS", "encryption", | Optional setting that limits the use of the credential to the designated purpose. Note that " | |
keyInfoMask | integer bitmask | 15 | Optional bitmask controlling the content of generated KeyInfo information. By default, various combinations of the key value, name(s), X.509 certificate, and X.509 subject name are included. Certificate issuer and serial number are not, because of known bugs in non-Shibboleth software. The actual output in any given case depends on the underlying implementation. |
extractNames | boolean | true | Optional flag to disable the default extraction of "key names" based on the supplied certificate. Allows deployer to maximize control over the exact names, if any, that will be available to match against a compared key in a signature or encrypted key block. Normally left on except in specialized cases. |
...