diff options
Diffstat (limited to 'conf-from-container/conf/credentials.xml')
| -rw-r--r-- | conf-from-container/conf/credentials.xml | 65 |
1 files changed, 65 insertions, 0 deletions
diff --git a/conf-from-container/conf/credentials.xml b/conf-from-container/conf/credentials.xml new file mode 100644 index 0000000..7462879 --- /dev/null +++ b/conf-from-container/conf/credentials.xml @@ -0,0 +1,65 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:util="http://www.springframework.org/schema/util" + xmlns:p="http://www.springframework.org/schema/p" + xmlns:c="http://www.springframework.org/schema/c" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" + + default-init-method="initialize" + default-destroy-method="destroy"> + + <!-- + NOTE: if you're using a legacy relying-party.xml file from a V2 configuration, this file is ignored. + + This defines the signing and encryption key and certificate pairs referenced by your relying-party.xml + configuration. You don't normally need to touch this, unless you have advanced requirements such as + supporting multiple sets of keys for different relying parties, in which case you may want to define + all your credentials here for convenience. + --> + + <!-- + The list of ALL of your IdP's signing credentials. If you define additional signing credentials, + for example for specific relying parties or different key types, make sure to include them within this list. + --> + <util:list id="shibboleth.SigningCredentials"> + <ref bean="shibboleth.DefaultSigningCredential" /> + </util:list> + + <!-- Your IdP's default signing key, set via property file. --> + <bean id="shibboleth.DefaultSigningCredential" + class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean" + p:privateKeyResource="%{idp.signing.key}" + p:certificateResource="%{idp.signing.cert}" + p:entityId-ref="entityID" /> + + <!-- + The list of ALL of your IdP's encryption credentials. By default this is just an alias + for 'shibboleth.DefaultEncryptionCredentials'. It could be re-defined as + a list with additional credentials if needed. + --> + <alias alias="shibboleth.EncryptionCredentials" name="shibboleth.DefaultEncryptionCredentials" /> + + <!-- Your IdP's default encryption (really decryption) keys, set via property file. --> + <util:list id="shibboleth.DefaultEncryptionCredentials"> + <bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean" + p:privateKeyResource="%{idp.encryption.key}" + p:certificateResource="%{idp.encryption.cert}" + p:entityId-ref="entityID" /> + + <!-- + For key rollover, uncomment and point to your original keypair, and use the one above + to point to your new keypair. Once metadata has propagated, comment this one out again. + --> + <!-- + <bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean" + p:privateKeyResource="%{idp.encryption.key.2}" + p:certificateResource="%{idp.encryption.cert.2}" + p:entityId-ref="entityID" /> + --> + </util:list> + +</beans> |