Namespace: urn:mace:shibboleth:2.0:resolver
Schema: http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd
Warning |
---|
This element has been DEPRECATED and should be avoided. |
Overview
The <StartTLSTrustCredential>
element specifies X.509 trust information to use when connecting to a directory over LDAPS or StartTLS. This is a targeted alternative to the unsupported strategy of loading trust anchors into the global JVM cacert keystore.
The xsi:type
of the credential referenced is usually defined in the urn:mace:shibboleth:2.0:security
namespace, the schema for which is located at http://shibboleth.net/schema/idp/shibboleth-security.xsd
Note |
---|
This namespace must be declared in the file (it was not collapsed into the |
Reference
The XML Attributes and Elements supported will vary based on the specific credential type.
Credential Types
Credential types are distinguished by their xsi:type
. Some of the typical types used with this element are:
sec:X509ResourceBacked
sec:X509Inline
See the Credentials topic for details on configuring credentials of various types.
Example
A certificate loaded from a file specified in a property.
Code Block | ||
---|---|---|
| ||
<resolver:StartTLSTrustCredential id="LDAPtoIdPCredential" xsi:type="sec:X509ResourceBacked"> <sec:Certificate>%{idp.attribute.resolver.LDAP.trustCertificates}</sec:Certificate> </resolver:StartTLSTrustCredential> |