The Shibboleth IdP V4 software will leave support on September 1, 2024.
CredentialBeanFactories
In the unlikely event that you wish to define more advanced credentials, Spring BeanFactories exist to make it easier to configure both BasicX509Credential and BasicCredential.
Each Credential type has two variants, one whose parameters are inline data and one whose parameters are resources.
BasicX509Credential
The two primary bean factories are net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.X509InlineCredentialFactoryBean (inline).
V4.3 introduces new parent beans to indirect the class names:
shibboleth.BasicX509CredentialFactoryBean
shibboleth.X509InlineCredentialFactoryBean
They take the following parameters:
Parameter Name | Type (Inline/Resource) | Description |
|---|---|---|
certificates | List (String/Resource) | A list of certificates. These may PEM or DER encoded |
cRLs | List (String/Resource) | A list of CRLs. These must be base 64 encoded without PEM headers and footers |
entity | String/Resource | The entity certificate |
entityID | String | The entityID |
keyNames | List<String> | The names for the key represented by the credential. |
privateKey | byte[]/Resource | The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format |
privateKeyPassword | byte[] | The password (if any) for the private key |
usageType | "encryption" or "signing" |
|
BasicCredential
The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicResourceCredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.BasicInlineCredentialFactoryBean (inline)
V4.3 introduces new parent beans to indirect the class names:
shibboleth.BasicResourceCredentialFactoryBean
shibboleth.BasicInlineCredentialFactoryBean
They take the following parameters:
Parameter Name | Type (Inline/Resource) | Description |
|---|---|---|
entityID | String | The entity ID |
keyNames | List<String> | The names for the key represented by the credential. |
privateKeyInfo | byte[]/Resource | The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format |
privateKeyPassword | byte[] | The password (if any) for the private key |
publicKeyInfo | byte[]/Respource | The public key in DER or PEM format |
secretKeyAlgorithm | String | The JCA key Algorithm (AES, DES or DESede) |
secretKeyEncoding | String | The way in which the secret key is encoded: "binary" (UTF8), "hex", or "base64" |
secretKeyInfo | byte[]/Resource | The secret key |
usageType | "encryption" or "signing" |
|