...
Code Block | ||
---|---|---|
| ||
<!-- inside the ChainingMetadataProvider --> <MetadataProvider id="ICMD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata" id="ICMD" xsi:type="FileBackedHTTPMetadataProvider" metadataURL="http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml" backingFile="/opt/shibboleth-idp/metadata/InCommon-metadata.xml"> <MetadataFilter xsi:type="ChainingFilter"> <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="2419200" /> <MetadataFilter xsi:type="SignatureValidation" trustEngineRef="ICTrust" requireSignedMetadata="true" /> <MetadataFilter xsi:type="EntityRoleWhiteList"> <RetainedRole>samlmd:SPSSODescriptor</RetainedRole> </MetadataFilter> </MetadataFilter> </MetadataProvider> ... <!- underneath the Security Configuration section --> <security:TrustEngine id="ICTrust" xsi:type="security:StaticExplicitKeySignature"> <security:Credential id="MyFederation1Credentials" xsi:type="security:X509Filesystem"> <security:Certificate>/opt/shibboleth-idp/credentials/incommon.pem</security:Certificate> </security:Credential> </security:TrustEngine> |
...