Namespace:urn:mace:shibboleth:2.0:metadata
Schema:http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
Overview
...
Expand |
---|
|
Name / Default | Type | Default | Description |
---|
requireSignedRoot | Boolean | true | If true, this fails to load metadata with no signature on the root XML element. | alwaysVerifyTrustedSource | Boolean | false | If true, the root signature of the metadata currently being processed will always be verified. If false, then the root signature will be verified unless the metadata source is "trusted", defined as: | certificateFile | File pathname | | Path to a certificate file whose key is used to verify the signature. Conflicts with trustEngineRef and both allowable child elements. | trustEngineRef | Bean ID of a TrustEngine | | Bean ID of a <security:TrustEngine> defined somewhere else in the configuration. Conflicts with certificateFile and both allowable child elements. | defaultCriteriaRef | Bean ID of CriteriaSet | Internal bean | (ADVANCED, not generally needed) Bean ID of an externally defined CriteriaSet used as input the to the trust engine | signaturePrevalidatorRef | Bean ID of SignaturePrevalidator | SAMLSignatureProfileValidator | (ADVANCED, not generally needed) Bean ID of an externally defined SignaturePrevalidator. Used to perform pre-validation of an XML Signature, for example to validate that the signature conforms to a particular profile of XML Signature. | dynamicTrustedNamesStrategyRef | Bean ID (see desc) | BasicDynamicTrustedNamesStrategy | (ADVANCED, not generally needed) Bean ID of an externally defined Function<XMLObject, Set<String>>. This will be used to extract dynamic trusted names from signed metadata elements. |
|
...