Enabled fallback PKIX validation in default config
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 3 Mar 2008 16:18:00 +0000 (16:18 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 3 Mar 2008 16:18:00 +0000 (16:18 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2675 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/relying-party.xml

index e33ee3b..37f84dc 100644 (file)
         secure.  Naturally some of these checks require the validation of the tokens evaluated by the trust 
         engines and so you'll see some rules that reference the declared trust engines.
     -->
-    
-    <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
-                              metadataProviderRef="ShibbolethMetadata" />
-                              
-    <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:MetadataExplicitKey"
-                              metadataProviderRef="ShibbolethMetadata" />
-                              
-<!--
-    <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:Chaining">
+    <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:SignatureChaining">
         <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
                               metadataProviderRef="ShibbolethMetadata" />                              
         <security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature"
         <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential"
                               metadataProviderRef="ShibbolethMetadata" />
     </security:TrustEngine>
--->                      
      
     <security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:IssueInstant" required="false"/>