1 <?xml version="1.0" encoding="UTF-8"?>
4 This file specifies relying party dependent configurations for the IdP, for example, whether SAML assertions to a
5 particular relying party should be signed. It also includes metadata provider and credential definitions used
6 when answering requests to a relying party.
9 <RelyingPartyGroup xmlns="urn:mace:shibboleth:2.0:relying-party"
10 xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
11 xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
12 xmlns:credential="urn:mace:shibboleth:2.0:credential"
13 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
14 xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
15 urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
16 urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
17 urn:mace:shibboleth:2.0:credential classpath:/schema/shibboleth-2.0-credential.xsd
18 urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
20 <!-- ========================================== -->
21 <!-- Relying Party Configurations -->
22 <!-- ========================================== -->
23 <AnonymousRelyingParty provider="http://example.org/IdP" />
25 <DefaultRelyingParty provider="http://example.org/IdP" />
27 <RelyingParty id="urn:example.org:myFederation"
28 provider="urn:example.org:myFederation:idp1">
29 <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
30 <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" />
31 <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
32 <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
36 <!-- ========================================== -->
37 <!-- Metadata Configuration -->
38 <!-- ========================================== -->
40 <!-- MetadataProvider reading metadata from a URL. -->
41 <!-- Fill in metadataURL and backingFile attributes with deployment specific information -->
43 <MetadataProvider id="URLMD" xsi:type="FileBackedURLMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
44 metadataURL="http://example.org/my/metadata/file.xml" backingFile="/path/to/temp/location" />
47 <!-- MetadataProvider reading metadata from the filesystem -->
48 <!-- Fill in metadataFile attribute with deployment specific information -->
50 <MetadataProvider id="FSMD" xsi:type="FilesystemMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
51 metadataFile="/path/to/metadata/file.xml" />
54 <!-- MetadataProvider defining metadata inline -->
56 <MetadataProvider id="InlineMD" xsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
57 <EntitiesDescriptor Name="urn:example.org:myFederation" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
58 <EntityDescriptor entityID="urn:example.org:myFederation:idp1">
59 <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
60 <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/myIdP" />
63 <EntityDescriptor entityID="urn:example.org:myFederation:sp1">
64 <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
65 <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/mySP" index="0" />
66 <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.org/mySP" index="0" />
73 <!-- MetadataProvider the combining other MetadataProviders -->
75 <MetadataProvider id="ExampleMD" xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
76 <MetadataProvider id="URLMD" xsi:type="FileBackedURLMetadataProvider"
77 metadataURL="http://example.org/my/metadata" backingFile="/path/to/temp/location" />
78 <MetadataProvider id="FSMD" xsi:type="FilesystemMetadataProvider" metadataFile="/path/to/metadata/file.xml" />