Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor reword.


Since certificate trust underpins the last point, it requires adequate treatment to garner meaningful security. The IdP offers two approaches to proxy trust configuration in order of decreasing security:

  1. Registering Registration of service-specific end-entity certificates via SAML metadata.3.4
  2. PKIX validation of issuer certificatesend-entity certificates based on a set of CA trust anchors.
    1. Configure via relying-party.xml 3.0,3.1,3.2,3.3
    2. Configure via cas-protocol.xml 3.4