The Shibboleth IdP V3 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only. See the IDP4 wiki space for current documentation on the supported version.
CredentialBeanFactories
- Rod Widdowson
3.3 and later
This section applies only to V3.3 and later.
In the unlikely event that you wish to define more advanced credentials Spring BeanFactories exist to make it easier to configure both BasicX509Credential and BasicCredential.
Each Credential type has two variants, one whose parameters are inline data and one whose parameters are resources.
BasicX509Credential
The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.X509InlineCredentialFactoryBean (inline) They take the following parameters:
| Parameter Name | Type (Inline/Resource) | Description |
|---|---|---|
| certificates | List (String/Resource) | A list of certificates. These may PEM or DER encoded |
| cRLs | List (String/Resource) | A list of CRLs. These must be base 64 encoded without PEM headers and footers |
| entity | String/Resource | The entity certificate |
| entityID | String | The entityID |
| keyNames | List<String> | The names for the key represented by the credential. |
| privateKey | byte[]/Resource | The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format |
| privateKeyPassword | byte[] | The password (if any) for the private key |
| usageType | "encryption" or "signing" | Â |
BasicCredential
The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicResourceCredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.BasicInlineCredentialFactoryBean (inline) They take the following parameters:
| Parameter Name | Type (Inline/Resource) | Description |
|---|---|---|
| entityID | String | The entity ID |
| keyNames | List<String> | The names for the key represented by the credential. |
| privateKeyInfo | byte[]/Resource | The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format |
| privateKeyPassword | byte[] | The password (if any) for the private key |
| publicKeyInfo | byte[]/Respource | The public key in DER or PEM format |
| secretKeyAlgorithm | String | The JCA key Algorithm (AES, DES or DESede) |
| secretKeyEncoding | String | The way in which the secret key is encoded: "binary" (UTF8), "hex", or "base64" |
| secretKeyInfo | byte[]/Resource | The secret key |
| usageType | "encryption" or "signing" | Â |