69 lines
3.5 KiB
XML
69 lines
3.5 KiB
XML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
||
|
xmlns:context="http://www.springframework.org/schema/context"
|
||
|
xmlns:util="http://www.springframework.org/schema/util"
|
||
|
xmlns:p="http://www.springframework.org/schema/p"
|
||
|
xmlns:c="http://www.springframework.org/schema/c"
|
||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||
|
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
|
||
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
|
||
|
|
||
|
default-init-method="initialize"
|
||
|
default-destroy-method="destroy">
|
||
|
|
||
|
<!--
|
||
|
NOTE: if you're using a legacy relying-party.xml file from a V2 configuration, this file is ignored.
|
||
|
|
||
|
This defines the signing and encryption key and certificate pairs referenced by your relying-party.xml
|
||
|
configuration. You don't normally need to touch this, unless you have advanced requirements such as
|
||
|
supporting multiple sets of keys for different relying parties, in which case you may want to define
|
||
|
all your credentials here for convenience.
|
||
|
-->
|
||
|
|
||
|
<!--
|
||
|
The list of ALL of your IdP's signing credentials. If you define additional signing credentials,
|
||
|
for example for specific relying parties or different key types, make sure to include them within this list.
|
||
|
-->
|
||
|
<util:list id="shibboleth.SigningCredentials">
|
||
|
<ref bean="shibboleth.DefaultSigningCredential" />
|
||
|
</util:list>
|
||
|
|
||
|
<!-- Your IdP's default signing key, set via property file. -->
|
||
|
<bean id="shibboleth.DefaultSigningCredential"
|
||
|
class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
|
||
|
p:privateKeyResource="%{idp.signing.key}"
|
||
|
p:certificateResource="%{idp.signing.cert}"
|
||
|
p:entityId-ref="entityID" />
|
||
|
|
||
|
<!-- Your IdP's default client TLS credential, by default the same as the default signing credential. -->
|
||
|
<alias alias="shibboleth.DefaultClientTLSCredential" name="shibboleth.DefaultSigningCredential" />
|
||
|
|
||
|
<!--
|
||
|
The list of ALL of your IdP's encryption credentials. By default this is just an alias
|
||
|
for 'shibboleth.DefaultEncryptionCredentials'. It could be re-defined as
|
||
|
a list with additional credentials if needed.
|
||
|
-->
|
||
|
<alias alias="shibboleth.EncryptionCredentials" name="shibboleth.DefaultEncryptionCredentials" />
|
||
|
|
||
|
<!-- Your IdP's default encryption (really decryption) keys, set via property file. -->
|
||
|
<util:list id="shibboleth.DefaultEncryptionCredentials">
|
||
|
<bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
|
||
|
p:privateKeyResource="%{idp.encryption.key}"
|
||
|
p:certificateResource="%{idp.encryption.cert}"
|
||
|
p:entityId-ref="entityID" />
|
||
|
|
||
|
<!--
|
||
|
For key rollover, uncomment and point to your original keypair, and use the one above
|
||
|
to point to your new keypair. Once metadata has propagated, comment this one out again.
|
||
|
-->
|
||
|
<!--
|
||
|
<bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
|
||
|
p:privateKeyResource="%{idp.encryption.key.2}"
|
||
|
p:certificateResource="%{idp.encryption.cert.2}"
|
||
|
p:entityId-ref="entityID" />
|
||
|
-->
|
||
|
</util:list>
|
||
|
|
||
|
</beans>
|