...
The trust engine may then contain a single, optional PKIXValidationOptions ValidationOptions element.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<security:TrustEngine xsi:type="security:StaticPKIXSignature" id="UNIQUE_ID"> <TrustedName>CN=idp.example.org,DC=example,DC=org</TrustedName> <TrustedName>idp.example.org</TrustedName> <TrustedName>https://sp.example.org/shibboleth</TrustedName> <ValidationInfo id="UNIQUE_ID" VerifyDepth="5" xsi:type="PKIXFilesystem" xmlns="urn:mace:shibboleth:2.0:security"> <Certificate>/path/to/trusted/cert1</Certificate> <Certificate>/path/to/trusted/cert2</Certificate> <CRL>/path/to/trusted/crl</CRL> </ValidationInfo> </security:TrustEngine> |
...
The trust engine may then contain a single, optional PKIXValidationOptions ValidationOptions element.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<security:TrustEngine xsi:type="security:MetadataPKIXSignature" id="UNIQUE_ID" metadataProviderRef="METADATA_PROVIDER_ID" /> |
...
The trust engine may then contain a single, optional PKIXValidationOptions ValidationOptions element.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<security:TrustEngine xsi:type="security:StaticPKIXX509Credential" id="UNIQUE_ID"> <TrustedName>CN=idp.example.org,DC=example,DC=org</TrustedName> <TrustedName>idp.example.org</TrustedName> <TrustedName>https://sp.example.org/shibboleth</TrustedName> <ValidationInfo id="UNIQUE_ID" VerifyDepth="5" xsi:type="PKIXFilesystem" xmlns="urn:mace:shibboleth:2.0:security"> <Certificate>/path/to/trusted/cert1</Certificate> <Certificate>/path/to/trusted/cert2</Certificate> <CRL>/path/to/trusted/crl</CRL> </ValidationInfo> </security:TrustEngine> |
...
The trust engine may then contain a single, optional PKIXValidationOptions ValidationOptions element.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
<security:TrustEngine xsi:type="security:MetadataPKIXX509Credential" id="UNIQUE_ID" metadataProviderRef="METADATA_PROVIDER_ID" /> |