revert to use non-PKIX rules until type mismatches are resolved
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 27 Feb 2008 06:43:04 +0000 (06:43 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 27 Feb 2008 06:43:04 +0000 (06:43 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2663 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/relying-party.xml

index def13f8..e33ee3b 100644 (file)
         engines and so you'll see some rules that reference the declared trust engines.
     -->
     
         engines and so you'll see some rules that reference the declared trust engines.
     -->
     
+    <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
+                              metadataProviderRef="ShibbolethMetadata" />
+                              
+    <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:MetadataExplicitKey"
+                              metadataProviderRef="ShibbolethMetadata" />
+                              
+<!--
     <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:Chaining">
         <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
                               metadataProviderRef="ShibbolethMetadata" />                              
     <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:Chaining">
         <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
                               metadataProviderRef="ShibbolethMetadata" />                              
                               metadataProviderRef="ShibbolethMetadata" />
     </security:TrustEngine>
     
                               metadataProviderRef="ShibbolethMetadata" />
     </security:TrustEngine>
     
-    
     <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:Chaining">
         <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey"
                               metadataProviderRef="ShibbolethMetadata" />
         <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential"
                               metadataProviderRef="ShibbolethMetadata" />
     </security:TrustEngine>
     <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:Chaining">
         <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey"
                               metadataProviderRef="ShibbolethMetadata" />
         <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential"
                               metadataProviderRef="ShibbolethMetadata" />
     </security:TrustEngine>
-                          
-    
-    
+-->                      
+     
     <security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:IssueInstant" required="false"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
     <security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:IssueInstant" required="false"/>
         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>