Shibboleth Identity Provider Security Advisory [4 October 2017]

[Cantor, Scott]

> Put the CA in a file, point trustFile at it, done. It's that simple. That's what the
> advisory says, or at least it's what I thought it said.

Specifically, it says:

2. Copy the server's certificate (or more typically a CA) to a file
and reference it with the trustFile attribute.

Is the problem the lack of context for "trustFile attribute"? I can certainly clarify it when I have a moment.

-- Scott