Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] Reading idp credentials from the keystore

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] Reading idp credentials from the keystore


Chronological Thread 
  • From: "Dharam Veer" <>
  • To:
  • Subject: Re: [Shib-Dev] Reading idp credentials from the keystore
  • Date: Tue, 30 Dec 2008 16:01:13 -0600
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=qGK4AxDzXy8+hile2lCcrTAsmOwh4D1dJUkwhFtPzrMEXr8Ya+AVgvskWOqZNvq41Y JTZ0Q9CtZUxGRMxgbaPqCEnh85Dz1avwezcZgfiUzDvGBNsHekYBfKMuBZZXwSuYnjAH X8Y+JColqtC3VLtYbPV5Hb30Dl2oxu+ICY07Q=

Thanks Chad.

Would appreciate if you can share it even if incomplete ..... I would complete it (if I could, not an expert of Shibboleth yet) and would post it back to you.

Regards
Dharam

On Tue, Dec 30, 2008 at 3:47 PM, Chad La Joie <> wrote:
The support in the IdP is as it's documentation states.  OpenSAML is
meant for use in more than the IdP and so has features not exposed or
used within the IdP.  I've considered creating a keystore based
credential resolver, in order to make use of crypto-acceleration
hardware, but have no yet finished this code.

Dharam Veer wrote:
> Hi,
> I was looking for a way of using the credentials from java keystore.
>
> After reading some documentation (
> https://spaces.internet2.edu/display/SHIB2/IdPCredentials) and code it is my
> understanding that currently supported credential (to be used for signing
> and encrypting assertions) configurations are Inline X509 and FileSystem
> X509 as described in document.
>
> However when I look in the opensaml xml tooling library I see some classes
> such as FilesystemCredentialResolver and KeyStoreCredentialResolver I am
> getting confused.
>
> So far my understanding is that shibboleth (common & idp) implementation has
> its own credential resolving logic and does not use above mentioned classes.
> If I want to read from key store I should extend Shibboleth relyinparty
> configuration and/or credential type etc and may be re-use code
> from KeyStoreCredentialResolver.
>
> Please correct me if my understanding is incorrect.
>
> Regards & thanks
> Dharam
>

--
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
, http://www.switch.ch





Archive powered by MHonArc 2.6.16.

Top of Page