xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
AAUrl="https://idp.example.org:8443/shibboleth-idp/AA"
resolverConfig="$SHIB_HOME$/etc/resolver.xml"
- defaultRelyingParty="urn:mace:inqueue"
+ defaultRelyingParty="urn:mace:shibboleth:examples"
providerId="https://idp.example.org/shibboleth">
<!-- This section contains configuration options that apply only to a site or group of sites
This would normally be adjusted when a new federation or bilateral trust relationship is established -->
- <RelyingParty name="urn:mace:inqueue" signingCredential="inqueue_cred"> <!-- (signingCredential) must correspond to a <Credential/> element below -->
+ <RelyingParty name="urn:mace:shibboleth:examples" signingCredential="example_cred"> <!-- (signingCredential) must correspond to a <Credential/> element below -->
<NameID nameMapping="shm"/> <!-- (nameMapping) must correspond to a <NameMapping/> element below -->
</RelyingParty>
+ <!-- InQueue example -->
+ <!--
+ <RelyingParty name="urn:mace:inqueue" signingCredential="inqueue_cred">
+ <NameID nameMapping="shm"/>
+ </RelyingParty> -->
+
<!-- Configuration for the attribute release policy engine
For most configurations this won't need adjustment -->
<!--
<Logging>
<Log4JConfig location="file:///tmp/log4j.properties" />
- </Logging>
- -->
+ </Logging> -->
<!-- This configuration section determines how Shibboleth maps between SAML Subjects and local principals.
type="SharedMemoryShibHandle"
handleTTL="1800"/>
+
<!-- Determines how SAML artifacts are stored and retrieved
The (sourceLocation) attribute must be specified when using type 2 artifacts -->
<ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
<!-- This configuration section determines the keys/certs to be used when signing SAML assertions -->
<!-- The credentials listed here are used when referenced within <RelyingParty/> elements above -->
<Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
- <KeyStoreResolver Id="inqueue_cred" storeType="JKS">
- <Path>$SHIB_HOME$/etc/keystore.jks</Path>
- <KeyAlias>example</KeyAlias>
- <CertAlias>example</CertAlias>
- <StorePassword>example</StorePassword>
- <KeyPassword>example</KeyPassword>
- </KeyStoreResolver>
+ <FileResolver Id="example_cred">
+ <Key>
+ <Path>$SHIB_HOME$/etc/idp-example.key</Path>
+ </Key>
+ <Certificate>
+ <Path>$SHIB_HOME$/etc/idp-example.crt</Path>
+ </Certificate>
+ </FileResolver>
+
+ <!-- InQueue example (Deployments would need to generate an InQueue-compatible certificate) -->
+ <!--
+ <FileResolver Id="inqueue_cred">
+ <Key>
+ <Path>$SHIB_HOME$/etc/idp-inqueue.key</Path>
+ </Key>
+ <Certificate>
+ <Path>$SHIB_HOME$/etc/idp-inqueue.crt</Path>
+ </Certificate>
+ </FileResolver>
+ -->
</Credentials>
Metadata can also be placed directly within this these elements. -->
<MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
uri="$SHIB_HOME$/etc/example-metadata.xml"/>
+
+
+ <!-- InQueue example (Deployments would need to get updated InQueue metadata) -->
+ <!--
<MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
- uri="$SHIB_HOME$/etc/IQ-metadata.xml"/>
-
+ uri="$SHIB_HOME$/etc/IQ-metadata.xml"/> -->
</IdPConfig>
projects / java-idp.git / blobdiff