Currently verification is just based on the defined trust store - this is to take it one step further and allow an optional additional verification.

As a first step will need to ensure we have a suitable Callback from the authenticator to the realm to verify the identity and then this can be passed on to the plug-in.