CredentialBeanFactories

Owned by Scott Cantor
Last updated: Aug 14, 2023
2 min read

In the unlikely event that you wish to define more advanced credentials, Spring BeanFactories exist to make it easier to configure both BasicX509Credential and BasicCredential.

Each Credential type has two variants, one whose parameters are inline data and one whose parameters are resources.

BasicX509Credential

The parent beans for the two primary bean factories are:

  • shibboleth.BasicX509CredentialFactoryBean (relies on external resources for the keys)

  • shibboleth.X509InlineCredentialFactoryBean (allows inline definition of keys)

They have the following bean properties:

Parameter Name

Type (Inline/Resource)

Description

Parameter Name

Type (Inline/Resource)

Description

certificates

List (String/Resource)

A list of certificates. These may PEM or DER encoded

cRLs

List (String/Resource)

A list of CRLs. These must be base 64 encoded without PEM headers and footers

entity

String/Resource

The entity certificate

entityID

String

The entityID

keyNames

List<String>

The names for the key represented by the credential.

privateKey

byte[]/Resource

The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format

privateKeyPassword

byte[]

The password (if any) for the private key

usageType

"encryption" or "signing"

 

BasicCredential

The parent beans for the two primary bean factories are:

  • shibboleth.BasicResourceCredentialFactoryBean (relies on external resources for the keys)

  • shibboleth.BasicInlineCredentialFactoryBean (allows inline definition of keys)

They have the following bean properties:

Parameter Name

Type (Inline/Resource)

Description

Parameter Name

Type (Inline/Resource)

Description

entityID

String

The entity ID

keyNames

List<String>

The names for the key represented by the credential.

privateKeyInfo

byte[]/Resource

The private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format

privateKeyPassword

byte[]

The password (if any) for the private key

publicKeyInfo

byte[]/Respource

The public key in DER or PEM format

secretKeyAlgorithm

String

The JCA key Algorithm (AES, DES or DESede)

secretKeyEncoding

String

The way in which the secret key is encoded: "binary" (UTF8), "hex", or "base64"

secretKeyInfo

byte[]/Resource

The secret key

usageType

"encryption" or "signing"

Â