...
Since certificate trust underpins the last point, it requires adequate treatment to garner meaningful security. The IdP offers two approaches to proxy trust configuration in order of decreasing security:
- Registering Registration of service-specific end-entity certificates via SAML metadata.3.4
- PKIX validation of issuer certificatesend-entity certificates based on a set of CA trust anchors.
- Configure via relying-party.xml 3.0,3.1,3.2,3.3
- Configure via cas-protocol.xml 3.4
...