...
- the attribute
defaultSigningCredentialRef
located on aRelyingParty
element - the attribute
signingCredentialRef
located on aProfileConfiguration
element
As you may have guessed, thedefaultSigningCredentialRef
attribute is used to specify a default signing credential for every profile configuration contained with theRelyingParty
while thesigningCredentialRef
attribute is used to specify a signing credential only for theProfileConfiguration
upon which it appears and it always overrides a default signing credential if one is specified. The value for both attributes is the ID of a credential defined within the $IDP_HOME/conf/relying-party.xml file. Note: the referenced credentials MUST contain a private key as this is what is actually used to sign the XML.
...