Add in signature validation as default metadata filter
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 21 Jan 2008 13:27:27 +0000 (13:27 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Mon, 21 Jan 2008 13:27:27 +0000 (13:27 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2591 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/relying-party.xml

index 85074ec..0f689f1 100644 (file)
@@ -45,7 +45,7 @@
     <MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
             
             <MetadataFilter xsi:type="ChainingFilter" xmlns="urn:mace:shibboleth:2.0:metadata">
-                <!-- MetadataFilter xsi:type="SignatureValidation" trustEngineRef="shibboleth.SignatureTrustEngine" /-->
+                <MetadataFilter xsi:type="SignatureValidation" trustEngineRef="shibboleth.MetadataTrustEngine" />
             </MetadataFilter>
         
         <!-- MetadataProvider reading metadata from a URL. -->
         <security:Certificate>$IDP_HOME$/credentials/idp.crt</security:Certificate>
     </security:Credential>
     
+    <!-- Shibboleth metadata. -->
+    <security:TrustEngine id="shibboleth.MetadataTrustEngine" xsi:type="security:StaticExplicitKeySignature">
+        <security:Credential id="IdPMetadataCredentials" xsi:type="security:X509Filesystem">
+            <security:Certificate>$IDP_HOME$/credentials/idp.crt</security:Certificate>
+        </security:Credential>
+        <!-- Add additional credentials for each federation signing key -->
+        <!--
+        <security:Credential id="IdPMetadataCredentials" xsi:type="security:X509Filesystem">
+            <security:Certificate>$IDP_HOME$/credentials/federation1.crt</security:Certificate>
+        </security:Credential>
+        -->
+    </security:TrustEngine>
+    
     <!-- DO NOT EDIT BELOW THIS POINT -->
     <!-- 
         The following trust engines and rules control every aspect of security related to incoming messages.