Multiple Credentials

César Bernardini cbernardini at
Fri Sep 7 03:21:52 EDT 2018


I was reading about configuring Multiple Credentials for a Service Provider -- using different certificates for encrypting/decrypting[0][1]. Actually, I am a little bit confused because the default shibboleth2.xml file brings the following configuration:

<!-- Simple file-based resolvers for separate signing/encryption keys. -->
<CredentialResolver type="File" use="signing" key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
<CredentialResolver type="File" use="encryption" key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>

However, the page [1] seems to show that it is possible to set up multiple credentials:

<CredentialResolver type="Chaining">
     <CredentialResolver type="File" key="signing.key" certificate="signing.crt" use="signing"/>
     <CredentialResolver type="File" key="decrypt.key" certificate="decrypt.crt" use="encryption"/>

Could somebody please explain me what is the difference between creating this chain and the simple file-based resolvers? Are these chains used in different use-cases? Are these two configurations similar?

Thanks in advance,

Barracuda Networks AG
Vorsitzender des Aufsichtsrates/ Chairman of the supervisory board: Dr. Klaus Perktold
Vorstand/ Executive Board: Dr. Klaus Gheri, Mag. Guenter Klausner
Sitz der Gesellschaft/ Registered office: 6020 Innsbruck, Austria
Handelsgericht Innsbruck Firmenbuch/ Registration Number: 184392s
UID-Nr/ VAT Number: ATU47509003

Zweigniederlassung Deutschland/ Office Germany: Radlkoferstr. 2, 81373 München
Handelsregister München / Registration Number: HRB 171749
UID-Nr/ VAT Number: DE237607533

Forrester names Barracuda WAF a Strong Performer!
Get the free report here!

This e-mail and any attachments to it contain confidential and proprietary material of Barracuda, its affiliates or agents, and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed.

More information about the users mailing list