...
The trust engine may then contain a single, optional PKIXValidationOptions ValidationOptions element.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<security:TrustEngine xsi:type="security:StaticPKIXSignature"
id="UNIQUE_ID">
<TrustedName>CN=idp.example.org,DC=example,DC=org</TrustedName>
<TrustedName>idp.example.org</TrustedName>
<TrustedName>https://sp.example.org/shibboleth</TrustedName>
<ValidationInfo id="UNIQUE_ID" VerifyDepth="5" xsi:type="PKIXFilesystem" xmlns="urn:mace:shibboleth:2.0:security">
<Certificate>/path/to/trusted/cert1</Certificate>
<Certificate>/path/to/trusted/cert2</Certificate>
<CRL>/path/to/trusted/crl</CRL>
</ValidationInfo>
</security:TrustEngine>
|
...
The trust engine may then contain a single, optional PKIXValidationOptions ValidationOptions element.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<security:TrustEngine xsi:type="security:MetadataPKIXSignature"
id="UNIQUE_ID"
metadataProviderRef="METADATA_PROVIDER_ID" />
|
...
The trust engine may then contain a single, optional PKIXValidationOptions ValidationOptions element.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<security:TrustEngine xsi:type="security:StaticPKIXX509Credential"
id="UNIQUE_ID">
<TrustedName>CN=idp.example.org,DC=example,DC=org</TrustedName>
<TrustedName>idp.example.org</TrustedName>
<TrustedName>https://sp.example.org/shibboleth</TrustedName>
<ValidationInfo id="UNIQUE_ID" VerifyDepth="5" xsi:type="PKIXFilesystem" xmlns="urn:mace:shibboleth:2.0:security">
<Certificate>/path/to/trusted/cert1</Certificate>
<Certificate>/path/to/trusted/cert2</Certificate>
<CRL>/path/to/trusted/crl</CRL>
</ValidationInfo>
</security:TrustEngine>
|
...
The trust engine may then contain a single, optional PKIXValidationOptions ValidationOptions element.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
<security:TrustEngine xsi:type="security:MetadataPKIXX509Credential"
id="UNIQUE_ID"
metadataProviderRef="METADATA_PROVIDER_ID" />
|