...
- loading service configuration resources from an HTTP server (HTTPResource)
- advanced/custom configuration of remote metadata sources (FileBackedHTTPMetadataProvider, DynamicHTTPMetadataProvider)
- reporting of metrics via an HTTP collector (MetricsConfiguration)
- a forthcoming HTTPDataConnector the HTTP DataConnector for web service access in the attribute resolver
...
Code Block | ||
---|---|---|
| ||
<bean id="SecurityEnhancedHttpClient" parent="shibboleth.NonCachingHttpClient"
p:tLSSocketFactory-ref="shibboleth.SecurityEnhancedTLSSocketFactory" /> |
...
TLS Client Authentication
Note |
---|
The code as it stands does not generally support TLS Renegotiation, which is most commonly encountered when using a virtual host that applies client TLS to only a subset of paths and not the host as a whole. |
Configuring a component using the HttpClient with a private key and certificate for authenticating itself to a server is a simple two step process:
...
Name | Type | Description |
---|---|---|
shibboleth.NonCachingHttpClient | HttpClientFactoryBean | Factory bean for creating non-caching HTTP clientHTTPClient |
shibboleth.FileCachingHttpClient | FileCachingHttpClientFactoryBean | Factory bean for creating file-based-caching HTTP clientHTTPClient |
shibboleth.MemoryCachingHttpClient | InMemoryCachingHttpClientFactoryBean | Factory bean for creating in-memory-caching HTTP clientHTTPClient |
shibboleth.StaticExplicitTrustEngine 3.3 | StaticExplicitKeyFactoryBean | Factory bean for creating ExplicitKeyTrustEngine |
shibboleth.StaticPKIXTrustEngine 3.3 | StaticPKIXFactoryBean | Factory bean for creating PKIXX509CredentialTrustEngine |
shibboleth.SecurityEnhancedTLSSocketFactory 3.2 | SecurityEnhancedTLSSocketFactory | Socket factory that supports HttpClientSecurityParameters-aware components |
shibboleth.SecurityEnhancedTLSSocketFactoryWithClientTLS 3.3 | SecurityEnhancedTLSSocketFactory | Client-TLS-capable socket factory that supports HttpClientSecurityParameters-aware components |
shibboleth.SecurityEnhancedTLSSocketFactoryWithClientTLSOnly 3.4 | SecurityEnhancedTLSSocketFactory | Client-TLS-capable socket factory that supports HttpClientSecurityParameters-aware components but does not accept a pluggable TrustEngine |
...