Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
shib-idp-conftree/conf/credentials.xml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
65 lines (56 sloc)
3.32 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <beans xmlns="http://www.springframework.org/schema/beans" | |
| xmlns:context="http://www.springframework.org/schema/context" | |
| xmlns:util="http://www.springframework.org/schema/util" | |
| xmlns:p="http://www.springframework.org/schema/p" | |
| xmlns:c="http://www.springframework.org/schema/c" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd | |
| http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd | |
| http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" | |
| default-init-method="initialize" | |
| default-destroy-method="destroy"> | |
| <!-- | |
| NOTE: if you're using a legacy relying-party.xml file from a V2 configuration, this file is ignored. | |
| This defines the signing and encryption key and certificate pairs referenced by your relying-party.xml | |
| configuration. You don't normally need to touch this, unless you have advanced requirements such as | |
| supporting multiple sets of keys for different relying parties, in which case you may want to define | |
| all your credentials here for convenience. | |
| --> | |
| <!-- | |
| The list of ALL of your IdP's signing credentials. If you define additional signing credentials, | |
| for example for specific relying parties or different key types, make sure to include them within this list. | |
| --> | |
| <util:list id="shibboleth.SigningCredentials"> | |
| <ref bean="shibboleth.DefaultSigningCredential" /> | |
| </util:list> | |
| <!-- Your IdP's default signing key, set via property file. --> | |
| <bean id="shibboleth.DefaultSigningCredential" | |
| class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean" | |
| p:privateKeyResource="%{idp.signing.key}" | |
| p:certificateResource="%{idp.signing.cert}" | |
| p:entityId-ref="entityID" /> | |
| <!-- | |
| The list of ALL of your IdP's encryption credentials. By default this is just an alias | |
| for 'shibboleth.DefaultEncryptionCredentials'. It could be re-defined as | |
| a list with additional credentials if needed. | |
| --> | |
| <alias alias="shibboleth.EncryptionCredentials" name="shibboleth.DefaultEncryptionCredentials" /> | |
| <!-- Your IdP's default encryption (really decryption) keys, set via property file. --> | |
| <util:list id="shibboleth.DefaultEncryptionCredentials"> | |
| <bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean" | |
| p:privateKeyResource="%{idp.encryption.key}" | |
| p:certificateResource="%{idp.encryption.cert}" | |
| p:entityId-ref="entityID" /> | |
| <!-- | |
| For key rollover, uncomment and point to your original keypair, and use the one above | |
| to point to your new keypair. Once metadata has propagated, comment this one out again. | |
| --> | |
| <!-- | |
| <bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean" | |
| p:privateKeyResource="%{idp.encryption.key.2}" | |
| p:certificateResource="%{idp.encryption.cert.2}" | |
| p:entityId-ref="entityID" /> | |
| --> | |
| </util:list> | |
| </beans> |