/
CASProxyPKIXTrustSimple
CASProxyPKIXTrustSimple
File(s): conf/cas-protocol.xml
Format: Native Spring
The issuer certificates of end-entity certificates used to secure proxy endpoints can be registered by loading the PEM-encoded certificates on the IdP filesystem using the following configuration snippet found in conf/cas-protocol.xml:
<!--
| Define the list of static certificates that you trust to secure CAS proxy callback endpoints.
| Typically these are CA certificates and apply to _all_ CAS proxy callback endpoints.
| This facility complements the capability to supply relying-party-specific certificates in SAML metadata,
| which is the preferred mechanism to specify CAS proxy trust material. In the case of metadata, self-signed
| certificates are recommended.
-->
<util:list id="shibboleth.CASProxyTrustedCertificates">
<!-- <value>%{idp.home}/credentials/your_ca.pem</value> -->
</util:list>
The elements of the above list have a global scope such that if any proxy endpoint presents a certificate issued by a trusted issuer, it will be trusted.
, multiple selections available,
Related content
CasProtocolConfiguration
CasProtocolConfiguration
Read with this
SAML2ProxyTransformPostLoginC14NConfiguration
SAML2ProxyTransformPostLoginC14NConfiguration
More like this
X509InternalAuthnConfiguration
X509InternalAuthnConfiguration
More like this
Using SAML Proxying in the V4 Shibboleth IdP to connect with Azure AD
Using SAML Proxying in the V4 Shibboleth IdP to connect with Azure AD
More like this
X509AuthnConfiguration
X509AuthnConfiguration
More like this
ShibbolethSSOConfiguration
ShibbolethSSOConfiguration
More like this