Synch up with schema changes
[java-idp.git] / resources / conf / relying-party.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <!--
4     This file specifies relying party dependent configurations for the IdP, for example, whether SAML assertions to a 
5     particular relying party should be signed.  It also includes metadata provider and credential definitions used 
6     when answering requests to a relying party.
7 -->
8
9 <RelyingPartyGroup xmlns="urn:mace:shibboleth:2.0:relying-party"
10                    xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
11                    xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
12                    xmlns:security="urn:mace:shibboleth:2.0:security"
13                    xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
14                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
15                    xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
16                                        urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
17                                        urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
18                                        urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd
19                                        urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
20                                        urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
21                                        
22     <!-- ========================================== -->
23     <!--     Security Configurations                -->
24     <!-- ========================================== -->
25     <security:SecurityPolicy id="shibboleth.DefaultSecurityPolicy" xsi:type="security:SecurityPolicyType">
26         <security:Rule xsi:type="samlsec:SAML1Protocol"/>
27         <security:Rule xsi:type="samlsec:SAML2Protocol"/>
28         <security:Rule xsi:type="samlsec:Replay"/>
29         <security:Rule xsi:type="samlsec:IssueInstant"/>
30         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
31     </security:SecurityPolicy>
32     
33                                        
34     <!-- ========================================== -->
35     <!--      Relying Party Configurations          -->
36     <!-- ========================================== -->
37     <AnonymousRelyingParty provider="http://example.org/IdP" />
38     
39     <DefaultRelyingParty provider="http://example.org/IdP" />
40     
41     <RelyingParty id="urn:example.org:myFederation"
42                   provider="urn:example.org:myFederation:idp1">
43         <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
44         <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" />
45         <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
46         <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
47     </RelyingParty>
48     
49     
50     <!-- ========================================== -->
51     <!--      Metadata Configuration                -->
52     <!-- ========================================== -->
53
54     <!-- MetadataProvider reading metadata from a URL. -->
55     <!-- Fill in metadataURL and backingFile attributes with deployment specific information -->
56     <!--
57     <MetadataProvider id="URLMD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
58                       metadataURL="http://example.org/my/metadata/file.xml" backingFile="$IDP_HOME$/temp/metadata/somefile.xml" />
59     -->
60                   
61     <!-- MetadataProvider reading metadata from the filesystem -->
62     <!-- Fill in metadataFile attribute with deployment specific information -->
63     <!--
64     <MetadataProvider id="FSMD" xsi:type="FilesystemMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
65                       metadataFile="$IDP_HOME$/metadata/somefile.xml" />
66     -->
67     
68     <!-- MetadataProvider defining metadata inline -->
69     <!--
70     <MetadataProvider id="InlineMD" xsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
71         <EntitiesDescriptor Name="urn:example.org:myFederation" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
72             <EntityDescriptor entityID="urn:example.org:myFederation:idp1">
73                 <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
74                     <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/myIdP" />
75                 </IDPSSODescriptor>
76             </EntityDescriptor>
77             <EntityDescriptor entityID="urn:example.org:myFederation:sp1">
78                 <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
79                     <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/mySP" index="0" />
80                     <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.org/mySP" index="0" />
81                 </SPSSODescriptor>
82             </EntityDescriptor>
83         </EntitiesDescriptor>
84     </MetadataProvider>
85     -->
86     
87     <!-- MetadataProvider the combining other MetadataProviders -->
88     <!--
89     <MetadataProvider id="ExampleMD" xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
90         <MetadataProvider id="URLMD" xsi:type="FileBackedHTTPMetadataProvider"
91                       metadataURL="http://example.org/my/metadata" backingFile="/path/to/temp/location" />
92         <MetadataProvider id="FSMD" xsi:type="FilesystemMetadataProvider" metadataFile="/path/to/metadata/file.xml" />
93     </MetadataProvider>
94     -->
95     
96 </RelyingPartyGroup>