Multiple Credentials

César Bernardini cbernardini at barracuda.com
Fri Sep 7 03:21:52 EDT 2018 

Hi,

I was reading about configuring Multiple Credentials for a Service Provider -- using different certificates for encrypting/decrypting[0][1]. Actually, I am a little bit confused because the default shibboleth2.xml file brings the following configuration:

<!-- Simple file-based resolvers for separate signing/encryption keys. -->
<CredentialResolver type="File" use="signing" key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
<CredentialResolver type="File" use="encryption" key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>

However, the page [1] seems to show that it is possible to set up multiple credentials:

<CredentialResolver type="Chaining">
     <CredentialResolver type="File" key="signing.key" certificate="signing.crt" use="signing"/>
     <CredentialResolver type="File" key="decrypt.key" certificate="decrypt.crt" use="encryption"/>
</CredentialResolver>

Could somebody please explain me what is the difference between creating this chain and the simple file-based resolvers? Are these chains used in different use-cases? Are these two configurations similar?

Thanks in advance,


[0] https://wiki.shibboleth.net/confluence/display/SP3/CredentialResolver
[1] https://wiki.shibboleth.net/confluence/display/SP3/Multiple+Credentials
[2] https://wiki.shibboleth.net/confluence/display/SP3/Multiple+Credentials#MultipleCredentials-MultipleCertificateScenarios
________________________________
Barracuda Networks AG
Vorsitzender des Aufsichtsrates/ Chairman of the supervisory board: Dr. Klaus Perktold
Vorstand/ Executive Board: Dr. Klaus Gheri, Mag. Guenter Klausner
Sitz der Gesellschaft/ Registered office: 6020 Innsbruck, Austria
Handelsgericht Innsbruck Firmenbuch/ Registration Number: 184392s
UID-Nr/ VAT Number: ATU47509003

Zweigniederlassung Deutschland/ Office Germany: Radlkoferstr. 2, 81373 München
Handelsregister München / Registration Number: HRB 171749
UID-Nr/ VAT Number: DE237607533

===========================================================
Forrester names Barracuda WAF a Strong Performer!
Get the free report here!
https://www.barracuda.com/WAFWave

DISCLAIMER:
This e-mail and any attachments to it contain confidential and proprietary material of Barracuda, its affiliates or agents, and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.
===========================================================

More information about the users mailing list