...
Additionally the trust engine contains one or more IdP credentials.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example Explicit Key Static Signature Trust Enginexml |
---|
|
<security:TrustEngine xsi:type="security:StaticExplicitKeySignature"
id="UNIQUE_ID">
<Credential xsi:type="X509Filesystem" xmlns="urn:mace:shibboleth:2.0:security"
id="MyCredential">
<KeyName>key.example.org</KeyName>
<PrivateKey password="myKeyPa$$word">/path/to/my/private.key</PrivateKey>
<Certificate>/path/to/my/public.crt</Certificate>
</Credential>
</security:TrustEngine>
|
...
The trust engine may then contain a single, optional ValidationOptions element.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example Static PKIX Signature Trust Enginexml |
---|
|
<security:TrustEngine xsi:type="security:StaticPKIXSignature"
id="UNIQUE_ID">
<TrustedName>CN=idp.example.org,DC=example,DC=org</TrustedName>
<TrustedName>idp.example.org</TrustedName>
<TrustedName>https://sp.example.org/shibboleth</TrustedName>
<ValidationInfo id="UNIQUE_ID" VerifyDepth="5" xsi:type="PKIXFilesystem" xmlns="urn:mace:shibboleth:2.0:security">
<Certificate>/path/to/trusted/cert1</Certificate>
<Certificate>/path/to/trusted/cert2</Certificate>
<CRL>/path/to/trusted/crl</CRL>
</ValidationInfo>
</security:TrustEngine>
|
...
- id - gives the trust engine a unique, within the relying party configuration, identifier which may be used by other components to refer to the engine
- metadataProviderRef - the ID of the metadata provider that contains the trusted metadata
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example Explicit Key Metadata Signaturexml |
---|
|
<security:TrustEngine xsi:type="security:MetadataExplicitKeySignature"
id="UNIQUE_ID"
metadataProviderRef="METADATA_PROVIDER_ID" />
|
...
The trust engine may then contain a single, optional ValidationOptions element.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example PKIX Metadata Signature Trust Enginexml |
---|
|
<security:TrustEngine xsi:type="security:MetadataPKIXSignature"
id="UNIQUE_ID"
metadataProviderRef="METADATA_PROVIDER_ID" />
|
...
Additionally the trust engine contains one or more IdP credentials.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example Static X.509 Credential Trust Enginexml |
---|
|
<security:TrustEngine xsi:type="security:StaticExplicitKey"
id="UNIQUE_ID">
<Credential xsi:type="X509Filesystem" xmlns="urn:mace:shibboleth:2.0:security"
id="MyCredential">
<KeyName>key.example.org</KeyName>
<PrivateKey password="myKeyPa$$word">/path/to/my/private.key</PrivateKey>
<Certificate>/path/to/my/public.crt</Certificate>
</Credential>
</security:TrustEngine>
|
...
The trust engine may then contain a single, optional ValidationOptions element.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example Static PKIX X.509 Trust Enginexml |
---|
|
<security:TrustEngine xsi:type="security:StaticPKIXX509Credential"
id="UNIQUE_ID">
<TrustedName>CN=idp.example.org,DC=example,DC=org</TrustedName>
<TrustedName>idp.example.org</TrustedName>
<TrustedName>https://sp.example.org/shibboleth</TrustedName>
<ValidationInfo id="UNIQUE_ID" VerifyDepth="5" xsi:type="PKIXFilesystem" xmlns="urn:mace:shibboleth:2.0:security">
<Certificate>/path/to/trusted/cert1</Certificate>
<Certificate>/path/to/trusted/cert2</Certificate>
<CRL>/path/to/trusted/crl</CRL>
</ValidationInfo>
</security:TrustEngine>
|
...
- id - gives the trust engine a unique, within the relying party configuration, identifier which may be used by other components to refer to the engine
- metadataProviderRef - the ID of the metadata provider that contains the trusted metadata
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example Explicit Key Metadata X.509 Credential Trust Enginexml |
---|
|
<security:TrustEngine xsi:type="security:MetadataExplicitKey"
id="UNIQUE_ID"
metadataProviderRef="METADATA_PROVIDER_ID" />
|
...
The trust engine may then contain a single, optional ValidationOptions element.
Code Block |
---|
| xml |
---|
| xml |
---|
title | Example PKIX Metadata X.509 Credential Trust Enginexml |
---|
|
<security:TrustEngine xsi:type="security:MetadataPKIXX509Credential"
id="UNIQUE_ID"
metadataProviderRef="METADATA_PROVIDER_ID" />
|