Shibboleth Developers

["Scott Cantor" <>]

Josh Howlett wrote on 2009-03-24:
> Ok. The reason I ask is because the configuration options for the SP
> dynamic metadata provider imply that it is only possible to establish by
> applying a <TrustEngine> to the metadata publisher's server certificate,
> whereas NativeSPApplication permits a broader range of authentication
> options.

Well, the plugin itself documents the use of a TrustEngine or explicitly
specifying a signing key, which collectively mean you can do indirect
evaluation of the signing key through a static list of roots, and some other
options.

The other options you're thinking of are not documented there because they
aren't configured there. When it says "uses the same transport", it means
literally that it's the same code and you configure it the same way (mostly
with ApplicationDefaults properties).

I realize that isn't always sensible, but I wasn't interested enough to
consider duplicating or factoring out so many options.

-- Scott