Encrypting/Hashing clear text passwords in Java Bean

Wessel, Keith kwessel at illinois.edu
Mon Jan 25 20:15:14 UTC 2021

Yes, I was going to mention that. I saw that in the stock Dockerized version. That file's useful, though not at all obvious to upgraders.


-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Monday, January 25, 2021 2:02 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Encrypting/Hashing clear text passwords in Java Bean

Ninja'd but FWIW, this is part of the standard install now, there's a dedicated file for passwords in credentials/secrets.properties (or something close to that).

-- Scott

On 1/25/21, 2:56 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:

    You might consider putting the password in a properties file that’s not stored in Git. It could contain any passwords that you don’t want in Git. You could add it to the list of property files to add at the top of idp.properties. Then, you could reference the properties in places like this bean in global.xml.


For Consortium Member technical support, see https://urldefense.com/v3/__https://wiki.shibboleth.net/confluence/x/coFAAg__;!!DZ3fjg!oizSR4bQdTswKItenoRP2XhRV_bpvREL5V7sK0X2-cf5U9r2HUz-lmXDBcnBAcb0-A$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list