secure. Naturally some of these checks require the validation of the tokens evaluated by the trust
engines and so you'll see some rules that reference the declared trust engines.
-->
-
- <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
- metadataProviderRef="ShibbolethMetadata" />
-
- <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:MetadataExplicitKey"
- metadataProviderRef="ShibbolethMetadata" />
-
-<!--
- <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:Chaining">
+ <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:SignatureChaining">
<security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
metadataProviderRef="ShibbolethMetadata" />
<security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature"
<security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential"
metadataProviderRef="ShibbolethMetadata" />
</security:TrustEngine>
--->
<security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
<security:Rule xsi:type="samlsec:IssueInstant" required="false"/>