Was miscomputing the Accept attribute in various rules.
[java-idp.git] / data / spconfig.xml
1 <?xml version="1.1" encoding="ISO-8859-1"?>
2
3 <SPConfig xmlns="urn:mace:shibboleth:target:config:1.0"
4         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5         xsi:schemaLocation="urn:mace:shibboleth:target:config:1.0 ../src/schemas/shibboleth-targetconfig-1.0.xsd"
6         clockSkew="180">
7
8         <Global logger="file:///usr/local/shibboleth-sp/etc/shibd.logger">
9                 <UnixListener address="bogus"/>
10                 <MemorySessionCache 
11                         cleanupInterval="300" 
12                         cacheTimeout="3600" 
13                         AATimeout="30" 
14                         AAConnectTimeout="15"
15                         defaultLifetime="1800" 
16                         retryInterval="300" 
17                         strictValidity="false" 
18                         propagateErrors="false"
19                         />
20         </Global>
21     
22         <Local localRelayState="true">
23                 <RequestMapProvider type="edu.internet2.middleware.shibboleth.sp.provider.NativeRequestMapProvider">
24                         <RequestMap applicationId="default">
25                                 <Host name="sp.example.org">
26                                         <Path name="secure" authType="shibboleth" requireSession="true" exportAssertion="true" />
27                                 </Host>
28                         </RequestMap>
29                 </RequestMapProvider>
30                 
31         </Local>
32
33         <Applications id="default" 
34                 providerId="https://sp.example.org/shibboleth"
35                 homeURL="https://sp.example.org/index.html"
36                 xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
37                 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata">
38
39                 <Sessions lifetime="7200" timeout="3600" checkAddress="false"
40                         handlerURL="/Shibboleth.sso" handlerSSL="false" idpHistory="true" idpHistoryDays="7">
41                         <SessionInitiator isDefault="true" id="example" Location="/WAYF/idp.example.org"
42                                 Binding="urn:mace:shibboleth:sp:1.3:SessionInit"
43                                 wayfURL="https://idp.example.org:8443/shibboleth-idp/SSO"
44                                 wayfBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"/>
45                         <md:AssertionConsumerService Location="/SAML/POST" isDefault="true" index="1"
46                                 Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
47                         <md:AssertionConsumerService Location="/SAML/Artifact" index="2"
48                                 Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
49                         <md:SingleLogoutService Location="/Logout" Binding="urn:mace:shibboleth:sp:1.3:Logout"/>
50
51                 </Sessions>
52
53                 <Errors session="file:///usr/local/shibboleth-sp/etc/sessionError.html"
54                         metadata="file:///usr/local/shibboleth-sp/etc/metadataError.html"
55                         rm="file:///usr/local/shibboleth-sp/etc/rmError.html"
56                         access="file:///usr/local/shibboleth-sp/etc/accessError.html"
57                         supportContact="root@localhost"
58                         logoLocation="/shibtarget/logo.jpg"
59                         styleSheet="/shibtarget/main.css"/>
60
61                 <CredentialUse TLS="defcreds" Signing="defcreds">
62                         <!-- RelyingParty elements can customize credentials for specific IdPs/sets. -->
63                         <!--
64                         <RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
65                         -->
66                 </CredentialUse>
67                         
68                 <!-- Use designators to request specific attributes or none to ask for all -->
69                 <!--
70                 <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
71                         AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
72                 <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
73                         AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
74                 -->
75
76                 <AAPProvider type="edu.internet2.middleware.shibboleth.aap.provider.XMLAAP" uri="file:///usr/local/shibboleth-sp/etc/AAP.xml"/>
77                 
78                 <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
79                         uri="file:///usr/local/shibboleth-sp/etc/example-metadata.xml"/>
80
81                 <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.ShibbolethTrust"/>
82                                         
83                 <saml:Audience>urn:mace:inqueue</saml:Audience>
84                 
85                 <Application id="bogus">
86                         <Sessions lifetime="7200" timeout="3600" checkAddress="true"
87                                 handlerURL="/secure/admin/Shibboleth.sso" handlerSSL="true"
88                                 cookieProps="; path=/secure/admin; secure"/>
89                         <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName"
90                                 AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
91                 </Application>
92
93         </Applications>
94         
95         <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
96         <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
97                 <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
98                         <FileResolver Id="defcreds">
99                                 <Key format="PEM">
100                                         <Path>file:///usr/local/shibboleth-sp/etc/sp-example.key</Path>
101                                 </Key>
102                                 <Certificate format="PEM">
103                                         <Path>file:///usr/local/shibboleth-sp/etc/sp-example.crt</Path>
104                                 </Certificate>
105                         </FileResolver>
106                         
107                 </Credentials>
108         </CredentialsProvider>
109
110         <!-- Specialized attribute handling for cases with complex syntax. -->
111         <AttributeFactory AttributeName="urn:oid:1.3.6.1.4.1.5923.1.1.1.10"
112                 type="edu.internet2.middleware.shibboleth.common.provider.TargetedIDFactory"/>
113
114 </SPConfig>
115