Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

In the unlikely event that you wish to define more advanced credentials, Spring BeanFactories exist to make it easier to configure both BasicX509Credential and BasicCredential.

Each Credential type has two variants, one whose parameters are inline data and one whose parameters are resources.

BasicX509Credential

The two primary bean factories are net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.X509InlineCredentialFactoryBean (inline).

V4.3 introduces new parent beans to indirect the class names:

  • shibboleth.BasicX509CredentialFactoryBean

  • shibboleth.X509InlineCredentialFactoryBean

They take the following parameters:

Parameter Name

Type (Inline/Resource)

Description

certificates

List (String/Resource)

A list of certificates. These may PEM or DER encoded

cRLs

List (String/Resource)

A list of CRLs. These must be base 64 encoded without PEM headers and footers

entity

String/Resource

The entity certificate

entityID

String

The entityID

keyNames

List<String>

The names for the key represented by the credential.

privateKey

byte[]/Resource

The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format

privateKeyPassword

byte[]

The password (if any) for the private key

usageType

"encryption" or "signing"

 

BasicCredential

The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicResourceCredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.BasicInlineCredentialFactoryBean (inline)

V4.3 introduces new parent beans to indirect the class names:

  • shibboleth.BasicResourceCredentialFactoryBean

  • shibboleth.BasicInlineCredentialFactoryBean

They take the following parameters:

Parameter Name

Type (Inline/Resource)

Description

entityID

String

The entity ID

keyNames

List<String>

The names for the key represented by the credential.

privateKeyInfo

byte[]/Resource

The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format

privateKeyPassword

byte[]

The password (if any) for the private key

publicKeyInfo

byte[]/Respource

The public key in DER or PEM format

secretKeyAlgorithm

String

The JCA key Algorithm (AES, DES or DESede)

secretKeyEncoding

String

The way in which the secret key is encoded: "binary" (UTF8), "hex", or "base64"

secretKeyInfo

byte[]/Resource

The secret key

usageType

"encryption" or "signing"

 

  • No labels