3.3 and later
This section applies only to V3.3 and later.
In the unlikely event that you wish to define more advanced credentials Spring BeanFactories exist to make it easier to configure both BasicX509Credential and BasicCredential.
Each Credential type has two variants, one whose parameters are inline data and one whose parameters are resources.
BasicX509Credential
The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.X509InlineCredentialFactoryBean (inline) They take the following parameters:
| Parameter Name | Type (Inline/Resource) | Description |
|---|---|---|
| certificates | List (String/Resource) | A list of certificates. These may PEM or DER encoded |
| cRLs | List (String/Resource) | A list of CRLs. These must be base 64 encoded without PEM headers and footers |
| entity | String/Resource | The entity certificate |
| entityID | String | The entityID |
| keyNames | List<String> | The names for the key represented by the credential. |
| privateKey | byte[]/Resource | The private key (in DER or PEM PKCS#8 format or PEM encoded OpenSSL "traditional" format |
| privateKeyPassword | byte[] | The password (if any) for the private key |
| usageType | "encryption" or "signing" |
BasicCredential
The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicResourceCredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.BasicInlineCredentialFactoryBean (inline) They take the following parameters:
| Parameter Name | Type (Inline/Resource) | Description |
|---|---|---|
| entityID | ||
| keyNames | ||
| privatekeyInfo | ||
| privateKeyPassword | ||
| publicKeyInfo | ||
| secretKeyAlgorithm | ||
| secretKeyEncoding | ||
| secretKeyInfo |