Versions Compared

Old Version 21

changes.mady.by.user Brent Putman

Saved on

compared with

New Version Current

changes.mady.by.user Marvin Addison

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add PKIX signature validation example

...

Code Block
languagexml
titleMetadata Provider with inline trust engine with multiple validation credentials
<MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true">
    <security:TrustEngine id="SignerTrustEngine" xsi:type="security:StaticExplicitKeySignature">
        <security:Credential id="SignerCredential_1" xsi:type="security:X509ResourceBacked">
            <security:Certificate>${idp.home}/credentials/signer1.pem</security:Certificate>
        </security:Credential>
        <security:Credential id="SignerCredential_2" xsi:type="security:X509ResourceBacked">
            <security:Certificate>${idp.home}/credentials/signer2.pem</security:Certificate>
        </security:Credential>
    </security:TrustEngine>
</MetadataFilter>
Code Block
languagexml
titlePKIX signature validation with static trust anchors
<MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true">
    <security:TrustEngine id="VTSignerTrustEngine" xsi:type="security:StaticPKIXSignature">
        <security:TrustedName>shib</security:TrustedName>
        <security:ValidationInfo id="VTPKIXValidationInfo" xsi:type="security:PKIXResourceBacked">
            <security:Certificate>${idp.home}/credentials/vtmwca.pem</security:Certificate>
        </security:ValidationInfo>
    </security:TrustEngine>
</MetadataFilter>