...
Code Block | ||||
---|---|---|---|---|
| ||||
<security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:SignatureChaining"> <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature" metadataProviderRef="ShibbolethMetadata"/> <!-- This trust engine is commented out and disabled <security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature" metadataProviderRef="ShibbolethMetadata"/> --> </security:TrustEngine> <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:Chaining"> <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey" metadataProviderRef="ShibbolethMetadata"/> <!-- This trust engine is commented out and disabled <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential" metadataProviderRef="ShibbolethMetadata"/> --> </security:TrustEngine> |
Unless configuration reloading of relying-party.xml is enabled, the IdP will need to be restarted for this change to take effect.
Approach 2: Add KeyNames for all entities
...