Update config to synch up with current schema
[java-idp.git] / resources / conf / relying-party.xml
index 8c9abe0..313ea4b 100644 (file)
@@ -9,28 +9,87 @@
 <RelyingPartyGroup xmlns="urn:mace:shibboleth:2.0:relying-party"
                    xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
                    xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
-                   xmlns:credential="urn:mace:shibboleth:2.0:credential"
+                   xmlns:security="urn:mace:shibboleth:2.0:security"
+                   xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
                                        urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
                                        urn:mace:shibboleth:2.0:metadata classpath:/schema/shibboleth-2.0-metadata.xsd
-                                       urn:mace:shibboleth:2.0:credential classpath:/schema/shibboleth-2.0-credential.xsd">
+                                       urn:mace:shibboleth:2.0:security classpath:/schema/shibboleth-2.0-security.xsd
+                                       urn:mace:shibboleth:2.0:security:saml classpath:/schema/shibboleth-2.0-security-policy-saml.xsd
+                                       urn:oasis:names:tc:SAML:2.0:metadata classpath:/schema/saml-schema-metadata-2.0.xsd">
                                        
+    <!-- ========================================== -->
+    <!--      Relying Party Configurations          -->
+    <!-- ========================================== -->
     <AnonymousRelyingParty provider="http://example.org/IdP" />
     
     <DefaultRelyingParty provider="http://example.org/IdP" />
     
-    <RelyingParty id="urn:mace:incommon"
-                  provider="http://example.org/IdP">
-          <!-- 
+    <RelyingParty id="urn:example.org:myFederation"
+                  provider="urn:example.org:myFederation:idp1">
         <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" />
         <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
-        -->
+        <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
     </RelyingParty>
     
-    <MetadataProvider xsi:type="FileBackedURLMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
-                      id="incommon-metadata"
-                      metadataURL="http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml"
-                      backingFile="$IDP_HOME$/temp/metadata/incommon.xml"/>
+    
+    <!-- ========================================== -->
+    <!--      Metadata Configuration                -->
+    <!-- ========================================== -->
 
+    <!-- MetadataProvider reading metadata from a URL. -->
+    <!-- Fill in metadataURL and backingFile attributes with deployment specific information -->
+    <!--
+    <MetadataProvider id="URLMD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
+                      metadataURL="http://example.org/my/metadata/file.xml" backingFile="$IDP_HOME$/temp/metadata/somefile.xml" />
+    -->
+                  
+    <!-- MetadataProvider reading metadata from the filesystem -->
+    <!-- Fill in metadataFile attribute with deployment specific information -->
+    <!--
+    <MetadataProvider id="FSMD" xsi:type="FilesystemMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
+                      metadataFile="$IDP_HOME$/metadata/somefile.xml" />
+    -->
+    
+    <!-- MetadataProvider defining metadata inline -->
+    <!--
+    <MetadataProvider id="InlineMD" xsi:type="InlineMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
+        <EntitiesDescriptor Name="urn:example.org:myFederation" xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+            <EntityDescriptor entityID="urn:example.org:myFederation:idp1">
+                <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+                    <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/myIdP" />
+                </IDPSSODescriptor>
+            </EntityDescriptor>
+            <EntityDescriptor entityID="urn:example.org:myFederation:sp1">
+                <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
+                    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example.org/mySP" index="0" />
+                    <AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example.org/mySP" index="0" />
+                </SPSSODescriptor>
+            </EntityDescriptor>
+        </EntitiesDescriptor>
+    </MetadataProvider>
+    -->
+    
+    <!-- MetadataProvider the combining other MetadataProviders -->
+    <!--
+    <MetadataProvider id="ExampleMD" xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
+        <MetadataProvider id="URLMD" xsi:type="FileBackedHTTPMetadataProvider"
+                      metadataURL="http://example.org/my/metadata" backingFile="/path/to/temp/location" />
+        <MetadataProvider id="FSMD" xsi:type="FilesystemMetadataProvider" metadataFile="/path/to/metadata/file.xml" />
+    </MetadataProvider>
+    -->
+    
+    <!-- ========================================== -->
+    <!--     Security Configurations                -->
+    <!-- ========================================== -->
+    <security:SecurityPolicy id="shibboleth.DefaultSecurityPolicy" xsi:type="security:SecurityPolicyType">
+        <security:Rule xsi:type="samlsec:SAML1Protocol"/>
+        <security:Rule xsi:type="samlsec:SAML2Protocol"/>
+        <security:Rule xsi:type="samlsec:Replay"/>
+        <security:Rule xsi:type="samlsec:IssueInstant"/>
+        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
+    </security:SecurityPolicy>
+    
 </RelyingPartyGroup>
\ No newline at end of file