/
CASProxyPKIXTrustSimple
CASProxyPKIXTrustSimple
- Scott Cantor
Owned by Scott Cantor
May 02, 2023
1 min read
File(s): conf/cas-protocol.xml
Format: Native Spring
The issuer certificates of end-entity certificates used to secure proxy endpoints can be registered by loading the PEM-encoded certificates on the IdP filesystem using the following configuration snippet found in conf/cas-protocol.xml:
<!--
| Define the list of static certificates that you trust to secure CAS proxy callback endpoints.
| Typically these are CA certificates and apply to _all_ CAS proxy callback endpoints.
| This facility complements the capability to supply relying-party-specific certificates in SAML metadata,
| which is the preferred mechanism to specify CAS proxy trust material. In the case of metadata, self-signed
| certificates are recommended.
-->
<util:list id="shibboleth.CASProxyTrustedCertificates">
<!-- <value>%{idp.home}/credentials/your_ca.pem</value> -->
</util:list>The elements of the above list have a global scope such that if any proxy endpoint presents a certificate issued by a trusted issuer, it will be trusted.
, multiple selections available,
Related content
CasProtocolConfiguration
CasProtocolConfiguration
Read with this
SAMLAuthnConfiguration
SAMLAuthnConfiguration
More like this
CASServiceRegistry
CASServiceRegistry
Read with this
SecurityConfiguration
SecurityConfiguration
More like this
CASServiceSAMLMetadata
CASServiceSAMLMetadata
Read with this
SAML2ProxyTransformPostLoginC14NConfiguration
SAML2ProxyTransformPostLoginC14NConfiguration
More like this