The <StartTLSTrustCredential>
elements element specifies the X.509 trust information to use when connecting to the a directory over LDAPS or startTLS. This is a targeted alternative to the more typical strategy of loading trust anchors into the global JVM cacert keystore.
Schema Name and Location
This element is defined by the urn:mace:shibboleth:2.0:resolver:dc c
schema, which can be is located at http://shibboleth.net/schema/idp/shibboleth-attribute-resolver-dc.xsd.
The The xsi:type
of the credential referenced is usually defined by the urnthe urn:mace:shibboleth:2.0:security schemasecurity schema, which can be is located at http://shibboleth.net/schema/idp/shibboleth-security.xsd.
Attributes
Attributes may only be provided if required by the specific credential type.
Child Elements
Child Elements may elements may only be provided if required by the specific credential type.
Credential Types
Credentials Credential types are distinguished by their xsi:type
. Only credentials of type sec:X509Filesystem
and sec:X509Inline
can be provided. Further details are available under the metadata providers CredentialsSome of the typical types used with this element are:
sec:X509Filesystem
sec:X509ResourceBacked
sec:X509Inline
See the Credentials topic for details on configuring credentials of various types.