SignatureMetadataFilter

certificate

local pathname

optional

If present, specifies the path to a certificate containing a public key to use to verify signature(s). The certificate's other content is ignored.

verifyRoles

boolean

false

If true, every entity's nested role or affiliation descriptor elements will be examined, and if signed, also verified. This introduces significant overhead to loading large metadata files, and such signing is unusual, so this is off by default.

verifyName

boolean

true

If false, and a trust engine is configured for verification (see below), then the name of the signing certificate is ignored in the case of trust engines that would otherwise require checking of credential names. This is usually a dangerous option to disable.

verifyBackup

boolean

true

If false, then the backing file will not be verified at startup. Setting this option to false will speed up system startup, particularly if the metadata file is large. In any case, it is the deployer's responsibility to ensure that the file stored at the backup location is safe to use. In particular, do not manually replace the backing file with an unverified copy. This attribute is only meaningful when applied to remote metadata providers (XML with url attribute, Dynamic and MDQ)

<CredentialResolver>

Zero or one

Used to resolve public keys to use while verifying signatures. The shorthand attribute syntax above is simpler to use for a single key, but a Chaining resolver can be used to supply multiple signing keys to the filter

<TrustEngine>

Allows signatures to be validated using the more comprehensive trust engine interface, which allows for a richer interpretation of signature and key information. By default, the name of the entity over which a signature is being verified is used as the required certificate name for trust engines that verify credential names.