Page tree

Previous Stable Release

Please note that the V3 release branch is now the previous stable release, with the current stable releases from the V4 branch.
Support for V3 will end on Dec 31, 2020.

Skip to end of metadata
Go to start of metadata

File(s): conf/cas-protocol.xml

Format: Native Spring

This configuration method applies to IdP V3.4.2 and later.

The issuer certificates of end-entity certificates used to secure proxy endpoints can be registered by loading the PEM-encoded certificates on the IdP filesystem using the following configuration snippet found in conf/cas-protocol.xml:

<!--
   | Define the list of static certificates that you trust to secure CAS proxy callback endpoints.
   | Typically these are CA certificates and apply to _all_ CAS proxy callback endpoints.
   | This facility complements the capability to supply relying-party-specific certificates in SAML metadata,
   | which is the preferred mechanism to specify CAS proxy trust material. In the case of metadata, self-signed
   | certificates are recommended.
   -->
<util:list id="shibboleth.CASProxyTrustedCertificates">
    <!-- <value>%{idp.home}/credentials/your_ca.pem</value> -->
</util:list>

The elements of the above list have a global scope such that if any proxy endpoint presents a certificate issued by a trusted issuer, it will be trusted.

  • No labels