Enable PKIX based trust evaluation
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 27 Feb 2008 05:45:12 +0000 (05:45 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Wed, 27 Feb 2008 05:45:12 +0000 (05:45 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2662 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/relying-party.xml

index 5ef5398..def13f8 100644 (file)
         secure.  Naturally some of these checks require the validation of the tokens evaluated by the trust 
         engines and so you'll see some rules that reference the declared trust engines.
     -->
         secure.  Naturally some of these checks require the validation of the tokens evaluated by the trust 
         engines and so you'll see some rules that reference the declared trust engines.
     -->
-    <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
-                          metadataProviderRef="ShibbolethMetadata" />
+    
+    <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:Chaining">
+        <security:TrustEngine id="shibboleth.SignatureMetadataExplicitKeyTrustEngine" xsi:type="security:MetadataExplicitKeySignature"
+                              metadataProviderRef="ShibbolethMetadata" />                              
+        <security:TrustEngine id="shibboleth.SignatureMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXSignature"
+                              metadataProviderRef="ShibbolethMetadata" />
+    </security:TrustEngine>
+    
+    
+    <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:Chaining">
+        <security:TrustEngine id="shibboleth.CredentialMetadataExplictKeyTrustEngine" xsi:type="security:MetadataExplicitKey"
+                              metadataProviderRef="ShibbolethMetadata" />
+        <security:TrustEngine id="shibboleth.CredentialMetadataPKIXTrustEngine" xsi:type="security:MetadataPKIXX509Credential"
+                              metadataProviderRef="ShibbolethMetadata" />
+    </security:TrustEngine>
                           
                           
-    <security:TrustEngine id="shibboleth.CredentialTrustEngine" xsi:type="security:MetadataExplicitKey"
-                          metadataProviderRef="ShibbolethMetadata" />
+    
     
     <security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:IssueInstant" required="false"/>
     
     <security:SecurityPolicy id="shibboleth.ShibbolethSSOSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:IssueInstant" required="false"/>