Shibboleth Developers

[Chad La Joie <>]

The configuration syntax will be what it is today in the IdP.  The only 
change will be that you can define it in the metadata provider instead 
of having to define it outside and reference it by name.  I'm not going 
to maintain two different configurations for the same thing.

On 8/6/10 8:22 AM, Lukas Haemmerle wrote:
> > - Allow the metadata trust engines to be defined within the metadata
> > provider configurations themselves.  References to a separately
> > configuration trust engine will still be supported.
>
> Good idea. This is already supported for the SP. Therefore, the IdP
> configuration would become more similar to the SP one. If possible, it
> would be great if the configuration of the trust engine could be
> consistent with the SP's as shown in the example below
>
> -----------------------SP-----------------------------
> <MetadataProvider type="XML" uri="http://.../metadata.switchaai.xml";
>          backingFilePath="/etc/shibboleth/metadata.switchaai.xml">
>    <MetadataFilter type="Signature" verifyName="false">
>         <TrustEngine type="StaticPKIX" verifyDepth="5">
>         <CredentialResolver type="File">
>                 <Certificate format="PEM">
>                 <Path>/opt/local/etc/shibboleth/SWITCHaaiRootCA.crt.pem</Path>
>                 </Certificate>
>         </CredentialResolver>
>         </TrustEngine>
>    </MetadataFilter>
> </MetadataProvider>
> -----------------------8<-----------------------------

--
Chad La Joie
http://itumi.biz
trusted identities, delivered