Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Reading idp credentials from the keystore

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Reading idp credentials from the keystore


Chronological Thread 
  • From: Chad La Joie <>
  • To:
  • Subject: Re: [Shib-Dev] Reading idp credentials from the keystore
  • Date: Tue, 30 Dec 2008 22:47:45 +0100
  • Openpgp: id=146B2514
  • Organization: SWITCH

The support in the IdP is as it's documentation states. OpenSAML is
meant for use in more than the IdP and so has features not exposed or
used within the IdP. I've considered creating a keystore based
credential resolver, in order to make use of crypto-acceleration
hardware, but have no yet finished this code.

Dharam Veer wrote:
> Hi,
> I was looking for a way of using the credentials from java keystore.
>
> After reading some documentation (
> https://spaces.internet2.edu/display/SHIB2/IdPCredentials) and code it is my
> understanding that currently supported credential (to be used for signing
> and encrypting assertions) configurations are Inline X509 and FileSystem
> X509 as described in document.
>
> However when I look in the opensaml xml tooling library I see some classes
> such as FilesystemCredentialResolver and KeyStoreCredentialResolver I am
> getting confused.
>
> So far my understanding is that shibboleth (common & idp) implementation has
> its own credential resolving logic and does not use above mentioned classes.
> If I want to read from key store I should extend Shibboleth relyinparty
> configuration and/or credential type etc and may be re-use code
> from KeyStoreCredentialResolver.
>
> Please correct me if my understanding is incorrect.
>
> Regards & thanks
> Dharam
>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
http://www.switch.ch




Archive powered by MHonArc 2.6.16.

Top of Page