resources/conf/relying-party.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <!--
   4     This file specifies relying party dependent configurations for the IdP, for example, whether SAML assertions to a
   5     particular relying party should be signed.  It also includes metadata provider and credential definitions used
   6     when answering requests to a relying party.
   7 -->
   8
   9 <RelyingPartyGroup xmlns="urn:mace:shibboleth:2.0:relying-party"
  10                    xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
  11                    xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
  12                    xmlns:security="urn:mace:shibboleth:2.0:security"
  13                    xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
  14                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  15                    xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
  16                                        urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
  17                                        urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
  18                                        urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd
  19                                        urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
  20                                        urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
  21
  22     <!-- ========================================== -->
  23     <!--      Relying Party Configurations          -->
  24     <!-- ========================================== -->
  25     <AnonymousRelyingParty provider="http://example.org/IdP" />
  26
  27     <DefaultRelyingParty provider="http://example.org/IdP" />
  28
  29     <RelyingParty id="urn:example.org:myFederation"
  30                   provider="urn:example.org:myFederation:idp1">
  31         <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
  32         <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" />
  33         <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
  34         <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
  35     </RelyingParty>
  36
  37
  38     <!-- ========================================== -->
  39     <!--      Metadata Configuration                -->
  40     <!-- ========================================== -->
  41
  42     <!-- MetadataProvider reading metadata from a URL. -->
  43     <!-- Fill in metadataURL and backingFile attributes with deployment specific information -->
  44     <!--
  45     <MetadataProvider id="URLMD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
  46                       metadataURL="http://example.org/my/metadata/file.xml" backingFile="$IDP_HOME$/temp/metadata/somefile.xml" />
  47     -->
  48
  49     <!-- MetadataProvider reading metadata from the filesystem -->
  50     <!-- Fill in metadataFile attribute with deployment specific information -->
  51     <!--
  52     <MetadataProvider id="FSMD" xsi:type="FilesystemMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
  53                       metadataFile="$IDP_HOME$/metadata/somefile.xml" />
  54     -->
  55
  56     <!-- MetadataProvider defining metadata inline -->
  57     <!--
  58     <MetadataProvider id="InlineMD" xsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
  59         <EntitiesDescriptor Name="urn:example.org:myFederation" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
  60             <EntityDescriptor entityID="urn:example.org:myFederation:idp1">
  61                 <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
  62                     <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/myIdP" />
  63                 </IDPSSODescriptor>
  64             </EntityDescriptor>
  65             <EntityDescriptor entityID="urn:example.org:myFederation:sp1">
  66                 <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
  67                     <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/mySP" index="0" />
  68                     <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.org/mySP" index="0" />
  69                 </SPSSODescriptor>
  70             </EntityDescriptor>
  71         </EntitiesDescriptor>
  72     </MetadataProvider>
  73     -->
  74
  75     <!-- MetadataProvider the combining other MetadataProviders -->
  76     <!--
  77     <MetadataProvider id="ExampleMD" xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
  78         <MetadataProvider id="URLMD" xsi:type="FileBackedHTTPMetadataProvider"
  79                       metadataURL="http://example.org/my/metadata" backingFile="/path/to/temp/location" />
  80         <MetadataProvider id="FSMD" xsi:type="FilesystemMetadataProvider" metadataFile="/path/to/metadata/file.xml" />
  81     </MetadataProvider>
  82     -->
  83
  84     <security:SecurityPolicy id="DefaultPolicy" xsi:type="security:SecurityPolicyType">
  85         <security:Rule xsi:type="samlsec:SAML1Protocol"/>
  86         <security:Rule xsi:type="samlsec:SAML2Protocol"/>
  87         <security:Rule xsi:type="samlsec:Replay"/>
  88         <security:Rule xsi:type="samlsec:IssueInstant"/>
  89         <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
  90     </security:SecurityPolicy>
  91
  92 </RelyingPartyGroup>