Identified by type="ExplicitKey"
, this Trust Engine extracts keys and certificates directly from Metadata to evaluate signatures or TLS credentials. It is an enhanced version of the original BasicTrustEngine from older versions of the SP and is a superset, meaning that anything permitted by the old engine is still permitted.
It has the following behavior, implications, and problems.
Table of Contents |
---|
Attributes
Name | Type | Default | Description |
---|---|---|---|
| string | Required | Plugin type name. |
Child Elements
Name | Cardinality | Description | |
---|---|---|---|
<KeyInfoResolver> | 0 or 1 | Advanced plugin interface for mapping |
Validating Signatures
Each <md:KeyDescriptor>
is resolved into a key. If the signature can be verified with one of the keys, then the engine returns success.
...