Will shibboleth IDP check whether the SP's cert is issued by a trusted CA ?
Adam Dong
adamdong at vidder.com
Tue Nov 25 21:01:08 EST 2014
Hi,
When Shibboleth IDP verifies the signature of a AuthnRequest from the SP, it will use the SP's signing cert in sp-metadata.xml file to verify the signature.
Now my questions are: During the validation, will IDP check that SP's signing cert (non-self-signed) is issued by a trusted root CA ? If yes, where is the truststore so that I could import the root CA cert ? Or the fact that the SP's signing cert is in sp-metadata.xml file (placed under metadata/ in shibboleth IDP's installation directory) is enough of a trust already, and Shibboleth IDP code won't check the issuer and there is no need to import root CA cert ?
Thanks,
Adam Dong
Vidder, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20141126/77ac0a4d/attachment.html
More information about the users
mailing list