projects / java-idp.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
example.org
[java-idp.git] / src / conf / SP.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <!-- Test SP configuration file for Example State University 
4          There is one Metadata Entity: urn:mace:inqueue:example.org
5          It has both IdP and SP Roles.
6          It has one server: //shibboleth.example.org:8080
7          The endpoints are in the /shibboleth context on the server
8          
9          Dependencies:
10          Must agreed with referenced external ExampleMetadata file.
11          Endpoints must agree with Servlet mappings in web.xml
12          Certificates must be generated for these names
13          The "hosts" file maps shibboleth.example.org to 127.0.0.1
14 -->
15
16 <ShibbolethTargetConfig xmlns="urn:mace:shibboleth:target:config:1.0"
17         logger="/conf/shibboleth.logger" 
18                 clockSkew="180">
19
20     <SHAR>
21                 <TCPListener address="127.0.0.1" port="1600" acl="127.0.0.1"/>
22         <MemorySessionCache cleanupInterval="300" cacheTimeout="3600" AATimeout="30" AAConnectTimeout="15"
23             defaultLifetime="1800" retryInterval="300" strictValidity="false" propagateErrors="true"/>
24      </SHAR>
25
26     <SHIRE>
27         <RequestMapProvider type="edu.internet2.middleware.shibboleth.serviceprovider.XMLRequestMap">
28             <RequestMap applicationId="default">
29                <Host name="shibboleth.example.org" scheme="https">
30                     <Path name="secure" requireSession="true" exportAssertion="true" />
31                 </Host>
32                 <Host name="shibboleth.example.org" port="8080" scheme="http">
33                     <Path name="secure" requireSession="true" exportAssertion="true"/>
34                 </Host>
35             </RequestMap>
36         </RequestMapProvider>
37     </SHIRE>
38
39     <Applications xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
40         id="default" providerId="http://shibboleth.example.org/shibboleth">
41
42         <!--
43         Controls session lifetimes, address checks, cookie handling, WAYF, and the SHIRE location.
44         You MUST supply a unique shireURL value (and a wayfURL that can be the same) for each of your
45         applications. The value can be a relative path, a URL with no hostname (https:///path) or a
46         full URL. The system will compute the value that applies based on the resource. Using
47         shireSSL="true" will force the protocol to be https. You should also add a cookieProps
48         setting of "; secure" in that case. The default wayfURL is the InQueue federation's service.
49         Change to https://localhost/shibboleth/HS for internal testing against your own origin.
50         -->
51         <Sessions lifetime="7200" timeout="3600" checkAddress="true"
52             wayfURL="http://shibboleth.example.org:8080/shibboleth/HS"
53             shireURL="http://shibboleth.example.org:8080/shibboleth/Shibboleth.shire" 
54                         shireSSL="false"/>
55
56         <!--
57         You should customize these pages! You can add attributes with values that can be plugged
58         into your templates.
59         -->
60         <Errors shire="shibboleth/shireError.html"
61             rm="shibboleth/rmError.html"
62             access="shibboleth/accessError.html"
63             supportContact="root@localhost"
64             logoLocation="/shibboleth/logo.jpg"
65             styleSheet="/shibboleth/main.css"/>
66
67         <!-- Indicates what credentials to use when communicating -->
68         <CredentialUse TLS="defcreds" Signing="defcreds">
69             <!-- RelyingParty elements customize credentials for specific origins or federations -->
70             <!--
71             <RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
72             -->
73         </CredentialUse>
74
75         <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
76             AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
77         <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
78             AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
79
80         <!-- AAP can be inline or in a separate file -->
81         <AAPProvider type="edu.internet2.middleware.shibboleth.serviceprovider.XMLAAP"
82         uri="/conf/AAP.xml"/>
83
84         <!-- Metadata consists of site/operational metadata, trust, revocation providers. Can be external or inline. -->
85         <FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata"
86             uri="/conf/ExampleMetadata.xml"/>
87
88         <!--
89         Revocation using X.509 CRLs is an optional feature in some trust metadata or you may
90         supply your own revocation information locally.
91         -->
92         <!--
93         <RevocationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLRevocation"
94             uri="/conf/IQ-trust.xml"/>
95         -->
96
97         <!-- zero or more SAML Audience condition matches -->
98         <saml:Audience>urn:mace:shibdev</saml:Audience>
99
100
101     </Applications>
102
103     <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
104     <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
105         <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
106             <FileResolver Id="defcreds">
107                 <Key format="PEM">
108                     <Path>/conf/localhost.key</Path>
109                 </Key>
110                 <Certificate format="PEM">
111                     <Path>/conf/localhost.crt</Path>
112                 </Certificate>
113             </FileResolver>
114         </Credentials>
115     </CredentialsProvider>
116
117 </ShibbolethTargetConfig>
118
Shibboleth 2 Java IdP