IdP+SP configuration files for Example State U test
[java-idp.git] / src / conf / SP.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <!-- Test SP configuration file for Example State University 
4          There is one Metadata Entity: urn:mace:inqueue:example.edu
5          It has both IdP and SP Roles.
6          It has one server: //shibboleth.example.edu:8080
7          The endpoints are in the /shibboleth context on the server
8          
9          Dependencies:
10          Must agreed with referenced external ExampleMetadata file.
11          Endpoints must agree with Servlet mappings in web.xml
12          Certificates must be generated for these names
13          The "hosts" file maps shibboleth.example.edu to 127.0.0.1
14 -->
15
16 <ShibbolethTargetConfig xmlns="urn:mace:shibboleth:target:config:1.0"
17         logger="/conf/shibboleth.logger" 
18                 clockSkew="180">
19
20     <SHAR>
21                 <TCPListener address="127.0.0.1" port="1600" acl="127.0.0.1"/>
22         <MemorySessionCache cleanupInterval="300" cacheTimeout="3600" AATimeout="30" AAConnectTimeout="15"
23             defaultLifetime="1800" retryInterval="300" strictValidity="false" propagateErrors="true"/>
24      </SHAR>
25
26     <SHIRE>
27         <RequestMapProvider type="edu.internet2.middleware.shibboleth.serviceprovider.XMLRequestMap">
28             <RequestMap applicationId="default">
29                <Host name="shibdev.sample.edu" scheme="https">
30                     <Path name="secure" requireSession="true" exportAssertion="true" />
31                 </Host>
32                 <Host name="shibdev.sample.edu" port="8080" scheme="http">
33                     <Path name="secure" requireSession="true" exportAssertion="true"/>
34                 </Host>
35             </RequestMap>
36         </RequestMapProvider>
37     </SHIRE>
38
39     <Applications xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
40         id="default" providerId="http://shibdev.sample.edu/shibboleth">
41
42         <!--
43         Controls session lifetimes, address checks, cookie handling, WAYF, and the SHIRE location.
44         You MUST supply a unique shireURL value (and a wayfURL that can be the same) for each of your
45         applications. The value can be a relative path, a URL with no hostname (https:///path) or a
46         full URL. The system will compute the value that applies based on the resource. Using
47         shireSSL="true" will force the protocol to be https. You should also add a cookieProps
48         setting of "; secure" in that case. The default wayfURL is the InQueue federation's service.
49         Change to https://localhost/shibboleth/HS for internal testing against your own origin.
50         -->
51         <Sessions lifetime="7200" timeout="3600" checkAddress="true"
52             wayfURL="http://shibdev.sample.edu:8080/shibboleth/HS"
53             shireURL="http://shibdev.sample.edu:8080/shibboleth/Shibboleth.shire" 
54                         shireSSL="false"/>
55
56         <!--
57         You should customize these pages! You can add attributes with values that can be plugged
58         into your templates.
59         -->
60         <Errors shire="shibboleth/shireError.html"
61             rm="shibboleth/rmError.html"
62             access="shibboleth/accessError.html"
63             supportContact="root@localhost"
64             logoLocation="/shibboleth/logo.jpg"
65             styleSheet="/shibboleth/main.css"/>
66
67         <!-- Indicates what credentials to use when communicating -->
68         <CredentialUse TLS="defcreds" Signing="defcreds">
69             <!-- RelyingParty elements customize credentials for specific origins or federations -->
70             <!--
71             <RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
72             -->
73         </CredentialUse>
74
75         <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
76             AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
77         <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
78             AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
79
80         <!-- AAP can be inline or in a separate file -->
81         <AAPProvider type="edu.internet2.middleware.shibboleth.serviceprovider.XMLAAP"
82         uri="/conf/AAP.xml"/>
83
84         <!-- Metadata consists of site/operational metadata, trust, revocation providers. Can be external or inline. -->
85         <FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata"
86             uri="/conf/ExampleMetadata.xml"/>
87                         
88                 <!-- Creater an inline just to test the inline parse logic -->  
89         <FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata">
90                         <SiteGroup Name="https://bogus.org/shibboleth" xmlns="urn:mace:shibboleth:1.0">
91                                 <OriginSite Name="https://bogus.org/shibboleth/origin">
92                                         <Alias>Localhost Test Deployment</Alias>
93                                         <Contact Type="technical" Name="Your Name Here" Email="root@localhost"/>
94                                         <HandleService Location="https://localhost/shibboleth/HS" Name="CN=localhost, O=Shibboleth Project, C=US"/>
95                                         <AttributeAuthority Location="https://localhost/shibboleth/AA" Name="CN=localhost, O=Shibboleth Project, C=US"/>
96                                         <Domain>localhost</Domain>
97                                 </OriginSite>
98                         
99                                 <DestinationSite Name="https://bogus.org/shibboleth/target">
100                                         <Alias>Localhost Test Deployment</Alias>
101                                         <Contact Type="technical" Name="Your Name Here" Email="root@localhost"/>
102                                         <AssertionConsumerServiceURL Location="https://localhost/Shibboleth.shire"/>
103                                         <AttributeRequester Name="CN=localhost, O=Shibboleth Project, C=US"/>
104                                 </DestinationSite>
105                         </SiteGroup>
106                 </FederationProvider>
107                         
108                         
109
110         <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLTrust"
111             uri="/conf/testtrust.xml"/>
112
113         <!--
114         Revocation using X.509 CRLs is an optional feature in some trust metadata or you may
115         supply your own revocation information locally.
116         -->
117         <!--
118         <RevocationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLRevocation"
119             uri="/conf/IQ-trust.xml"/>
120         -->
121
122         <!-- zero or more SAML Audience condition matches -->
123         <saml:Audience>urn:mace:shibdev</saml:Audience>
124
125
126     </Applications>
127
128     <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
129     <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
130         <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
131             <FileResolver Id="defcreds">
132                 <Key format="PEM">
133                     <Path>/conf/localhost.key</Path>
134                 </Key>
135                 <Certificate format="PEM">
136                     <Path>/conf/localhost.crt</Path>
137                 </Certificate>
138             </FileResolver>
139         </Credentials>
140     </CredentialsProvider>
141
142 </ShibbolethTargetConfig>
143