Versions Compared

Old Version 14

changes.mady.by.user Brent Putman

Saved on

compared with

New Version 15

changes.mady.by.user Brent Putman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
titlerelying-party.xml configuration with PKIX trust engines disabled
 <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:SignatureChaining">
  <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature" metadataProviderRef="ShibbolethMetadata"/>                              
  <!-- This trust engine is commented out and disabled
  <security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature" metadataProviderRef="ShibbolethMetadata"/> 
  -->
</security:TrustEngine>
    
<security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:Chaining">
  <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey" metadataProviderRef="ShibbolethMetadata"/>
  <!-- This trust engine is commented out and disabled
  <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential" metadataProviderRef="ShibbolethMetadata"/>
  -->
</security:TrustEngine>

 

Unless configuration reloading of relying-party.xml is enabled, the IdP will need to be restarted for this change to take effect.

 

Approach 2: Add KeyNames for all entities

...