identity-assertion-trust
Specifies identity assertion trust domain configuration information according to RFC 3325. P-asserted identity headers received from hosts and domains configured under this element can be trusted. A P-asserted identity header specifies the identity of a user who was authenticated at another node in the network.
If no identity-assertion-trust is defined, this represents presumed trust, that is, any identity assertion that is received is trusted based on a presumption that the network topology would prevent non-trusted assertions from reaching the server.
Superelements
Subelements
The following table describes subelements for the identity-assertion-trust element.
Table 1–87 identity-assertion-trust Subelements|
Element |
Required |
Description |
|---|---|---|
|
zero or more if no trust-handler is defined |
Specifies intermediate hosts and domains according to RFC 3325. |
|
|
zero or one if no trusted-entity is defined |
Specifies a custom trust handler according to RFC 3325. |
Attributes
The following table describes attributes for the identity-assertion-trust element.
Table 1–88 identity-assertion-trust Attributes|
Attribute |
Default |
Description |
|---|---|---|
|
none |
Specifies a unique identifier for the identity-assertion-trust element. |
|
|
false |
If true, specifies that this is the default identity-assertion-trust. There can be only one default identity-assertion-trust. |
- © 2010, Oracle Corporation and/or its affiliates