WIF config: issuerNameRegistry vs. certificateValidation

Question

In the Windows Identity Foundation (WIF) 4.5 config, what is the relationship between issuerNameRegistry and certificateValidation? What portion of

Answer 1

IssuerNameRegistry is a lookup table from Thumbprint to EntityID. Only Issuers in that table will be trusted.

CertificateValidationMode is additional on top of the table requirement. "None" is almost always the best setting. Because the trust is setup through metadata, normally not through chain trust to a CA. So ChainBuilding, CRL etc. is not relevant.