...
- Configure both credentials together in a chain.
- Add one or more
<RelyingParty>
elements in the appropriate spot with a keyName
property that matches the "CN" from the desired credential's certificate subject (or that matches a subjectAltName).
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example using certificate subject as keyNamexml |
---|
|
<ApplicationDefaults ...>
...
<Errors .../>
<RelyingParty Name="https://idp.example.org/idp/shibboleth" keyName="trusted.example.org"/>
...
<CredentialResolver type="Chaining">
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
<CredentialResolver type="File" key="trusted-key.pem" certificate="trusted-cert.pem"/>
</CredentialResolver>
</ApplicationDefaults>
|
If you find that each candidate credential shares essentially the same certificate subject information, then you can use a locally-chosen name in your <RelyingParty>
element and add the same value to a keyName
attribute or <Name>
element in the <CredentialResolver>
.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example using locally chosen keyNamexml |
---|
|
<ApplicationDefaults ...>
...
<Errors .../>
<RelyingParty Name="https://idp.example.org/idp/shibboleth" keyName="Special"/>
...
<CredentialResolver type="Chaining">
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
<CredentialResolver type="File" key="trusted-key.pem" certificate="trusted-cert.pem" keyName="Special"/>
</CredentialResolver>
</ApplicationDefaults>
|