Page tree
Skip to end of metadata
Go to start of metadata

3.3 and later

This section applies only to V3.3 and later.

In the unlikely event that you wish to define more advanced credentials Spring BeanFactories exist to make it easier to configure both BasicX509Credential and BasicCredential.

Each Credential type has two variants, one whose parameters are inline data and one whose parameters are resources.

BasicX509Credential

The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.X509InlineCredentialFactoryBean (inline) They take the following parameters:

Parameter NameType (Inline/Resource)Description
certificatesList (String/Resource)A list of certificates. These may PEM or DER encoded
cRLsList (String/Resource)A list of CRLs. These must be base 64 encoded without PEM headers and footers
entityString/ResourceThe entity certificate
entityIDStringThe entityID
keyNamesList<String>The names for the key represented by the credential.
privateKeybyte[]/ResourceThe private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format
privateKeyPasswordbyte[]The password (if any) for the private key
usageType"encryption" or "signing" 

BasicCredential

The two bean factories are net.shibboleth.idp.profile.spring.factory.BasicResourceCredentialFactoryBean (configured from resources) and net.shibboleth.idp.profile.spring.factory.BasicInlineCredentialFactoryBean (inline) They take the following parameters:

Parameter NameType (Inline/Resource)Description
entityIDStringThe entity ID
keyNamesList<String>The names for the key represented by the credential.
privateKeyInfobyte[]/ResourceThe private key in DER, PEM, or PKCS#8 (encrypted or not) format or PEM encoded OpenSSL "traditional" format
privateKeyPasswordbyte[]The password (if any) for the private key
publicKeyInfobyte[]/RespourceThe public key in DER or PEM format
secretKeyAlgorithmStringThe JCA key Algorithm (AES, DES or DESede)
secretKeyEncodingStringThe way in which the secret key is encoded: "binary" (UTF8), "hex", or "base64"
secretKeyInfobyte[]/ResourceThe secret key
usageType"encryption" or "signing" 
  • No labels