SIDP-306: Remove ClientCertAuth rule from SAML 2 SSO SecurityPolicy in relying-party.xml

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/branches/REL_2@2845 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/doc/RELEASE-NOTES.txt b/doc/RELEASE-NOTES.txt
index cd2f3e5..e4e10ae 100644 (file)
--- a/doc/RELEASE-NOTES.txt
+++ b/doc/RELEASE-NOTES.txt
@@ -8,6 +8,7 @@ Changes in Release 2.1.3
 [SIDP-280] - when an Idp has no outside (WAN) access Idp fails to collect or release attributes
 [SIDP-285] - Use $IDP_SCOPE$ to populate IdP scope in conf-tmpl\attribute-resolver.xml
 [SIDP-291] - Update libs for 2.1.3 release
+[SIDP-306] - Remove ClientCertAuth rule from SAML 2 SSO SecurityPolicy in relying-party.xml
 
 Changes in Release 2.1.2
 =============================================

diff --git a/src/installer/resources/conf-tmpl/relying-party.xml b/src/installer/resources/conf-tmpl/relying-party.xml
index 6c56b4c..97310af 100644 (file)
--- a/src/installer/resources/conf-tmpl/relying-party.xml
+++ b/src/installer/resources/conf-tmpl/relying-party.xml
@@ -183,7 +183,6 @@
         <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
         <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
         <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
-        <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     </security:SecurityPolicy>