Make extension script a little more friendly. It will fail and print an error when...
[java-idp.git] / data / spconfig.xml
1 <?xml version="1.1" encoding="ISO-8859-1"?>
2
3 <SPConfig xmlns="urn:mace:shibboleth:target:config:1.0"
4         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5         xsi:schemaLocation="urn:mace:shibboleth:target:config:1.0 ../src/schemas/shibboleth-targetconfig-1.0.xsd"
6         clockSkew="180">
7
8         <Global logger="file:///usr/local/shibboleth-sp/etc/shibd.logger">
9                 <UnixListener address="bogus"/>
10                 <MemorySessionCache 
11                         cleanupInterval="300" 
12                         cacheTimeout="3600" 
13                         AATimeout="30" 
14                         AAConnectTimeout="15"
15                         defaultLifetime="1800" 
16                         retryInterval="300" 
17                         strictValidity="false" 
18                         propagateErrors="false"
19                         />
20         </Global>
21     
22         <Local localRelayState="true">
23                 <RequestMapProvider type="edu.internet2.middleware.shibboleth.sp.provider.NativeRequestMapProvider">
24                         <RequestMap applicationId="default">
25                                 <Host name="sp.example.org">
26                                         <Path name="secure" authType="shibboleth" requireSession="true" exportAssertion="true" />
27                                 </Host>
28                         </RequestMap>
29                 </RequestMapProvider>
30                 
31         </Local>
32
33         <Applications id="default" 
34                 providerId="https://sp.example.org/shibboleth"
35                 homeURL="https://sp.example.org/index.html"
36                 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
37                 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
38
39                 <Sessions lifetime="7200" timeout="3600" checkAddress="false"
40                         handlerURL="/Shibboleth.sso" handlerSSL="false" idpHistory="true" idpHistoryDays="7">
41                         <SessionInitiator isDefault="true" id="example" Location="/WAYF/idp.example.org"
42                                 Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
43                                 wayfURL="https://idp.example.org:8443/shibboleth-idp/SSO"
44                                 wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/>
45                         <SessionInitiator id="IQ" Location="/WAYF/InQueue"
46                                 Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
47                                 wayfURL="https://wayf.internet2.edu/InQueue/WAYF"
48                                 wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/>
49                         <md:AssertionConsumerService Location="/SAML/POST" isDefault="true" index="1"
50                                 Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
51                         <md:AssertionConsumerService Location="/SAML/Artifact" index="2"
52                                 Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
53                         <md:SingleLogoutService Location="/Logout" Binding="urn:mace:shibboleth:sp:1.3:Logout"/>
54
55                 </Sessions>
56
57                 <Errors session="file:///usr/local/shibboleth-sp/etc/sessionError.html"
58                         metadata="file:///usr/local/shibboleth-sp/etc/metadataError.html"
59                         rm="file:///usr/local/shibboleth-sp/etc/rmError.html"
60                         access="file:///usr/local/shibboleth-sp/etc/accessError.html"
61                         supportContact="root@localhost"
62                         logoLocation="/shibtarget/logo.jpg"
63                         styleSheet="/shibtarget/main.css"/>
64
65                 <CredentialUse TLS="defcreds" Signing="defcreds">
66                         <!-- RelyingParty elements can customize credentials for specific IdPs/sets. -->
67                         <!--
68                         <RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
69                         -->
70                 </CredentialUse>
71                         
72                 <!-- Use designators to request specific attributes or none to ask for all -->
73                 <!--
74                 <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
75                         AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
76                 <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
77                         AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
78                 -->
79
80                 <AAPProvider type="edu.internet2.middleware.shibboleth.aap.provider.XMLAAP" uri="file:///usr/local/shibboleth-sp/etc/AAP.xml"/>
81                 
82                 <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
83                         uri="file:///usr/local/shibboleth-sp/etc/example-metadata.xml"/>
84
85                 <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust"/>
86                                         
87                 <saml:Audience>urn:mace:inqueue</saml:Audience>
88                 
89                 <Application id="bogus">
90                         <Sessions lifetime="7200" timeout="3600" checkAddress="true"
91                                 handlerURL="/secure/admin/Shibboleth.sso" handlerSSL="true"
92                                 cookieProps="; path=/secure/admin; secure"/>
93                         <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName"
94                                 AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
95                 </Application>
96
97         </Applications>
98         
99         <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
100         <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
101                 <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
102                         <FileResolver Id="defcreds">
103                                 <Key format="PEM">
104                                         <Path>file:///usr/local/shibboleth-sp/etc/sp-example.key</Path>
105                                 </Key>
106                                 <Certificate format="PEM">
107                                         <Path>file:///usr/local/shibboleth-sp/etc/sp-example.crt</Path>
108                                 </Certificate>
109                         </FileResolver>
110                         
111                 </Credentials>
112         </CredentialsProvider>
113
114         <!-- Specialized attribute handling for cases with complex syntax. -->
115         <AttributeFactory AttributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
116                 type="edu.internet2.middleware.shibboleth.common.provider.TargetedIDFactory"/>
117
118 </SPConfig>
119