Versions Compared

Old Version 3

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 4

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
titleConfigure the IdP
<!-- inside the ChainingMetadataProvider -->
<MetadataProvider id="ICMD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" 
    id="ICMD" xsi:type="FileBackedHTTPMetadataProvider"
    metadataURL="http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml"
        backingFile="/opt/shibboleth-idp/metadata/InCommon-metadata.xml">
    <MetadataFilter xsi:type="ChainingFilter">
        <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="2419200" />
        <MetadataFilter xsi:type="SignatureValidation" 
        trustEngineRef="ICTrust" requireSignedMetadata="true" />
        <MetadataFilter xsi:type="EntityRoleWhiteList">
            <RetainedRole>samlmd:SPSSODescriptor</RetainedRole>
        </MetadataFilter>
    </MetadataFilter>
</MetadataProvider>

...

<!- underneath the Security Configuration section -->
<security:TrustEngine id="ICTrust" xsi:type="security:StaticExplicitKeySignature">
    <security:Credential id="MyFederation1Credentials" xsi:type="security:X509Filesystem">
        <security:Certificate>/opt/shibboleth-idp/credentials/incommon.pem</security:Certificate>
    </security:Credential>
</security:TrustEngine>

...