Skip to content
Permalink
3.4-default
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

shib-idp-conftree/conf/credentials.xml

Go to file
 
 
Cannot retrieve contributors at this time
68 lines (58 sloc) 3.53 KB
Raw Blame
Open in GitHub Desktop
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
default-init-method="initialize"
default-destroy-method="destroy">
<!--
NOTE: if you're using a legacy relying-party.xml file from a V2 configuration, this file is ignored.
This defines the signing and encryption key and certificate pairs referenced by your relying-party.xml
configuration. You don't normally need to touch this, unless you have advanced requirements such as
supporting multiple sets of keys for different relying parties, in which case you may want to define
all your credentials here for convenience.
-->
<!--
The list of ALL of your IdP's signing credentials. If you define additional signing credentials,
for example for specific relying parties or different key types, make sure to include them within this list.
-->
<util:list id="shibboleth.SigningCredentials">
<ref bean="shibboleth.DefaultSigningCredential" />
</util:list>
<!-- Your IdP's default signing key, set via property file. -->
<bean id="shibboleth.DefaultSigningCredential"
class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
p:privateKeyResource="%{idp.signing.key}"
p:certificateResource="%{idp.signing.cert}"
p:entityId-ref="entityID" />
<!-- Your IdP's default client TLS credential, by default the same as the default signing credential. -->
<alias alias="shibboleth.DefaultClientTLSCredential" name="shibboleth.DefaultSigningCredential" />
<!--
The list of ALL of your IdP's encryption credentials. By default this is just an alias
for 'shibboleth.DefaultEncryptionCredentials'. It could be re-defined as
a list with additional credentials if needed.
-->
<alias alias="shibboleth.EncryptionCredentials" name="shibboleth.DefaultEncryptionCredentials" />
<!-- Your IdP's default encryption (really decryption) keys, set via property file. -->
<util:list id="shibboleth.DefaultEncryptionCredentials">
<bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
p:privateKeyResource="%{idp.encryption.key}"
p:certificateResource="%{idp.encryption.cert}"
p:entityId-ref="entityID" />
<!--
For key rollover, uncomment and point to your original keypair, and use the one above
to point to your new keypair. Once metadata has propagated, comment this one out again.
-->
<!--
<bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
p:privateKeyResource="%{idp.encryption.key.2}"
p:certificateResource="%{idp.encryption.cert.2}"
p:entityId-ref="entityID" />
-->
</util:list>
</beans>