Removed SP locations that only apply to IQ testing.
[java-idp.git] / src / conf / shibboleth.xml
1 <ShibbolethTargetConfig xmlns="urn:mace:shibboleth:target:config:1.0"
2         logger="/conf/shibboleth.logger" 
3                 clockSkew="180">
4
5     <SHAR>
6                 <TCPListener address="127.0.0.1" port="1600" acl="127.0.0.1"/>
7         <MemorySessionCache cleanupInterval="300" cacheTimeout="3600" AATimeout="30" AAConnectTimeout="15"
8             defaultLifetime="1800" retryInterval="300" strictValidity="false" propagateErrors="true"/>
9      </SHAR>
10
11     <SHIRE>
12         <RequestMapProvider type="edu.internet2.middleware.shibboleth.serviceprovider.XMLRequestMap">
13             <RequestMap applicationId="default">
14                <Host name="shibdev.sample.edu" scheme="https">
15                     <Path name="secure" requireSession="true" exportAssertion="true" />
16                 </Host>
17                 <Host name="shibdev.sample.edu" port="8080" scheme="http">
18                     <Path name="secure" requireSession="true" exportAssertion="true"/>
19                 </Host>
20             </RequestMap>
21         </RequestMapProvider>
22     </SHIRE>
23
24     <Applications xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
25         id="default" providerId="http://shibdev.sample.edu/shibboleth">
26
27         <!--
28         Controls session lifetimes, address checks, cookie handling, WAYF, and the SHIRE location.
29         You MUST supply a unique shireURL value (and a wayfURL that can be the same) for each of your
30         applications. The value can be a relative path, a URL with no hostname (https:///path) or a
31         full URL. The system will compute the value that applies based on the resource. Using
32         shireSSL="true" will force the protocol to be https. You should also add a cookieProps
33         setting of "; secure" in that case. The default wayfURL is the InQueue federation's service.
34         Change to https://localhost/shibboleth/HS for internal testing against your own origin.
35         -->
36         <Sessions lifetime="7200" timeout="3600" checkAddress="true"
37             wayfURL="http://shibdev.sample.edu:8080/shibboleth/HS"
38             shireURL="http://shibdev.sample.edu:8080/shibboleth/Shibboleth.shire" 
39                         shireSSL="false"/>
40
41         <!--
42         You should customize these pages! You can add attributes with values that can be plugged
43         into your templates.
44         -->
45         <Errors shire="shibboleth/shireError.html"
46             rm="shibboleth/rmError.html"
47             access="shibboleth/accessError.html"
48             supportContact="root@localhost"
49             logoLocation="/shibboleth/logo.jpg"
50             styleSheet="/shibboleth/main.css"/>
51
52         <!-- Indicates what credentials to use when communicating -->
53         <CredentialUse TLS="defcreds" Signing="defcreds">
54             <!-- RelyingParty elements customize credentials for specific origins or federations -->
55             <!--
56             <RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
57             -->
58         </CredentialUse>
59
60         <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
61             AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
62         <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
63             AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
64
65         <!-- AAP can be inline or in a separate file -->
66         <AAPProvider type="edu.internet2.middleware.shibboleth.serviceprovider.XMLAAP"
67         uri="/conf/AAP.xml"/>
68
69         <!-- Metadata consists of site/operational metadata, trust, revocation providers. Can be external or inline. -->
70         <FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata"
71             uri="/conf/testsites.xml"/>
72                         
73                 <FederationProvider type="edu.internet2.middleware.shibboleth.serviceprovider.SAML2MetadataImpl"
74                         uri="/conf/SAML2Metadata.xml" />        
75                         
76                 <!-- Creater an inline just to test the inline parse logic -->  
77         <FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata">
78                         <SiteGroup Name="https://bogus.org/shibboleth" xmlns="urn:mace:shibboleth:1.0">
79                                 <OriginSite Name="https://bogus.org/shibboleth/origin">
80                                         <Alias>Localhost Test Deployment</Alias>
81                                         <Contact Type="technical" Name="Your Name Here" Email="root@localhost"/>
82                                         <HandleService Location="https://localhost/shibboleth/HS" Name="CN=localhost, O=Shibboleth Project, C=US"/>
83                                         <AttributeAuthority Location="https://localhost/shibboleth/AA" Name="CN=localhost, O=Shibboleth Project, C=US"/>
84                                         <Domain>localhost</Domain>
85                                 </OriginSite>
86                         
87                                 <DestinationSite Name="https://bogus.org/shibboleth/target">
88                                         <Alias>Localhost Test Deployment</Alias>
89                                         <Contact Type="technical" Name="Your Name Here" Email="root@localhost"/>
90                                         <AssertionConsumerServiceURL Location="https://localhost/Shibboleth.shire"/>
91                                         <AttributeRequester Name="CN=localhost, O=Shibboleth Project, C=US"/>
92                                 </DestinationSite>
93                         </SiteGroup>
94                 </FederationProvider>
95                         
96                         
97
98         <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLTrust"
99             uri="/conf/testtrust.xml"/>
100
101         <!--
102         Revocation using X.509 CRLs is an optional feature in some trust metadata or you may
103         supply your own revocation information locally.
104         -->
105         <!--
106         <RevocationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLRevocation"
107             uri="/conf/IQ-trust.xml"/>
108         -->
109
110         <!-- zero or more SAML Audience condition matches -->
111         <saml:Audience>urn:mace:shibdev</saml:Audience>
112
113
114     </Applications>
115
116     <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
117     <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
118         <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
119             <FileResolver Id="defcreds">
120                 <Key format="PEM">
121                     <Path>/conf/localhost.key</Path>
122                 </Key>
123                 <Certificate format="PEM">
124                     <Path>/conf/localhost.crt</Path>
125                 </Certificate>
126             </FileResolver>
127         </Credentials>
128     </CredentialsProvider>
129
130 </ShibbolethTargetConfig>
131