The Shibboleth V2 IdP and SP software have reached End of Life and are no longer supported. This documentation is available for historical purposes only. See the IDP v4 and SP v3 wiki spaces for current documentation on the supported versions.
PKIX validation information is used to when performing PKIX validation on X.509 certificates. The PKIX validation information represents a trusted set of material (trusted CAs, CRLs, verification depths) within the IdP from which other trust can be derived. There are two ways to define validation information, depending on where the trust material is resident.
Filesystem Validation Information
This validation information deceleration is used when the validation information is resident on the local filesystem in either a PEM or DER encoded file.
This validation information is defined by the element <ValidationInfo xsi:type="PKIXFilesystem"> with the require attribute:
id - provides a unique ID for the validation information set
the following optional attribute:
verifyDepth - the maximum path depth of the PKIX certificate path; default: 1
and the following elements (each of these elements may occur more than once, but must occur in the ordered listed):
<Certificate> - path to the PEM or DER encoded certificate