...
<TrustEngine>
(zero or more on 2.4+, else required for<ApplicationDefaults>
, optional for<ApplicationOverride>
)- Controls how trust processing is performed to determine whether authentication of messages from identity providers succeeds or fails, including XML and simple signing, and SSL/TLS. In later versions, the default configuration used when none are specified is to chain the ExplicitKey and PKIX engines together.
<AttributeExtractor>
(zero or more on 2.4+, else zero or one)- Controls how SAML attributes are decoded and exposed to applications.
...