3.3 and later

This section applies only to V3.3 and later.

In the unlikely event that you wish to define more advanced credentials Spring BeanFactories exist to make it easier to configure both BasicX509Credential and BasicCredential.

Each Credential type has two variants, one whose parameters are inline data and one whose parameters are resources.

BasicX509Credential

The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.X509InlineCredentialFactoryBean (inline) They take the following parameters:

Parameter Name	Type (Inline/Resource)	Description
certificates	List (String/Resource)	A list of certificates. These may PEM or DER encoded
cRLs	List (String/Resource)	A list of CRLs. These must be base 64 encoded without PEM headers and footers
entity	String/Resource	The entity certificate
entityID	String	The entityID
keyNames	List<String>	The names for the key represented by the credential.
privateKey	byte[]/Resource	The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format
privateKeyPassword	byte[]	The password (if any) for the private key
usageType	"encryption" or "signing"

BasicCredential

The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicResourceCredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.BasicInlineCredentialFactoryBean (inline) They take the following parameters:

Parameter Name	Type (Inline/Resource)	Description
entityID	String	The entity ID
keyNames	List<String>	The names for the key represented by the credential.
privateKeyInfo	byte[]/Resource	The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format
privateKeyPassword	byte[]	The password (if any) for the private key
publicKeyInfo	byte[]/Respource	The public key in DER or PEM format
secretKeyAlgorithm	String	The JCA key Algorithm (AES, DES or DESede)
secretKeyEncoding	String	The way in which the secret key is encoded: "binary" (UTF8), "hex", or "base64"
secretKeyInfo	byte[]/Resource	The secret key
usageType	"encryption" or "signing"

Browser not supported