Shibboleth Developers

[Lukas Haemmerle <>]

> - Allow the metadata trust engines to be defined within the metadata
> provider configurations themselves.  References to a separately
> configuration trust engine will still be supported.

Good idea. This is already supported for the SP. Therefore, the IdP
configuration would become more similar to the SP one. If possible, it
would be great if the configuration of the trust engine could be
consistent with the SP's as shown in the example below

-----------------------SP-----------------------------
<MetadataProvider type="XML" uri="http://.../metadata.switchaai.xml";
         backingFilePath="/etc/shibboleth/metadata.switchaai.xml">
  <MetadataFilter type="Signature" verifyName="false">
        <TrustEngine type="StaticPKIX" verifyDepth="5">
          <CredentialResolver type="File">
                <Certificate format="PEM">
                  
<Path>/opt/local/etc/shibboleth/SWITCHaaiRootCA.crt.pem</Path>
                </Certificate>
          </CredentialResolver>
        </TrustEngine>
  </MetadataFilter>
</MetadataProvider>
-----------------------8<-----------------------------


-- 
SWITCH
Serving Swiss Universities
--------------------------
Lukas Haemmerle, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 64, fax +41 44 268 15 68
,
 http://www.switch.ch