Skip to Content.
Sympa Menu

shibboleth-dev - Re: [Shib-Dev] [IdPv3] Security Config and Options

Subject: Shibboleth Developers

List archive

Re: [Shib-Dev] [IdPv3] Security Config and Options


Chronological Thread 
  • From: Lukas Haemmerle <>
  • To:
  • Subject: Re: [Shib-Dev] [IdPv3] Security Config and Options
  • Date: Fri, 06 Aug 2010 14:22:09 +0200
  • Organization: SWITCH - Serving Swiss Universities

> - Allow the metadata trust engines to be defined within the metadata
> provider configurations themselves. References to a separately
> configuration trust engine will still be supported.

Good idea. This is already supported for the SP. Therefore, the IdP
configuration would become more similar to the SP one. If possible, it
would be great if the configuration of the trust engine could be
consistent with the SP's as shown in the example below

-----------------------SP-----------------------------
<MetadataProvider type="XML" uri="http://.../metadata.switchaai.xml";
backingFilePath="/etc/shibboleth/metadata.switchaai.xml">
<MetadataFilter type="Signature" verifyName="false">
<TrustEngine type="StaticPKIX" verifyDepth="5">
<CredentialResolver type="File">
<Certificate format="PEM">

<Path>/opt/local/etc/shibboleth/SWITCHaaiRootCA.crt.pem</Path>
</Certificate>
</CredentialResolver>
</TrustEngine>
</MetadataFilter>
</MetadataProvider>
-----------------------8<-----------------------------


--
SWITCH
Serving Swiss Universities
--------------------------
Lukas Haemmerle, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 64, fax +41 44 268 15 68
,
http://www.switch.ch



Archive powered by MHonArc 2.6.16.

Top of Page