|
|
|
|
|
|
by grawity
1779 days ago
|
|
|
We do retrieve SAML federation metadata daily, but the metadata feed is signed using a pinned long-term key of the federation manager, so there's no reliance on WebPKI or even TLS. (Not Shibboleth, but it would be SignatureValidationFilter there.) |
|
|