XML 1.1 is not well-supported by XSD at this time and cannot be relied on.
[java-idp.git] / src / conf / dist.idp.xml
index 1e37a3a..b924cd0 100644 (file)
@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="ISO-8859-1"?>
 
 <!-- Shibboleth Identity Provider configuration -->
 
@@ -7,9 +7,9 @@
        xmlns:cred="urn:mace:shibboleth:credentials:1.0" 
        xmlns:name="urn:mace:shibboleth:namemapper:1.0" 
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
-       xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd" 
+       xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 ../schemas/shibboleth-idpconfig-1.0.xsd" 
        AAUrl="https://idp.example.org:8443/shibboleth-idp/AA" 
-       resolverConfig="$SHIB_HOME$/etc/resolver.xml"
+       resolverConfig="$IDP_HOME$/etc/resolver.xml"
        defaultRelyingParty="urn:mace:shibboleth:examples" 
        providerId="https://idp.example.org/shibboleth">
 
                <NameID nameMapping="shm"/> <!-- (nameMapping) must correspond to a <NameMapping/> element below -->
        </RelyingParty>
 
-       <!-- InQueue example -->
+       <!-- InQueue example (the schemaHack is needed for 1.1/1.2 SPs)-->
        <!--
-       <RelyingParty name="urn:mace:inqueue" signingCredential="inqueue_cred"> 
+       <RelyingParty name="urn:mace:inqueue" signingCredential="inqueue_cred"
+                       schemaHack="true"> 
                <NameID nameMapping="shm"/>
        </RelyingParty> -->
        
@@ -31,7 +32,7 @@
                For most configurations this won't need adjustment -->
        <ReleasePolicyEngine>
                <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
-                       <Path>$SHIB_HOME$/etc/arps/</Path>
+                       <Path>$IDP_HOME$/etc/arps/</Path>
                </ArpRepository>
        </ReleasePolicyEngine>
 
@@ -40,8 +41,8 @@
                The defaults work fine in this section, but it is sometimes helpful to use "DEBUG" as the level for 
                the <ErrorLog/> when trying to diagnose problems -->
        <Logging>
-               <ErrorLog level="WARN" location="$SHIB_HOME$/logs/shib-error.log" />
-               <TransactionLog level="INFO" location="$SHIB_HOME$/logs/shib-access.log" />
+               <ErrorLog level="WARN" location="$IDP_HOME$/logs/shib-error.log" />
+               <TransactionLog level="INFO" location="$IDP_HOME$/logs/shib-access.log" />
        </Logging>
        <!-- Uncomment the configuration section below and comment out the one above if you would like to manually configure log4j -->
     <!--
        <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
                <FileResolver Id="example_cred">
                        <Key>
-                               <Path>$SHIB_HOME$/etc/idp-example.key</Path>
+                               <Path>$IDP_HOME$/etc/idp-example.key</Path>
                        </Key>
                        <Certificate>
-                               <Path>$SHIB_HOME$/etc/idp-example.crt</Path>
+                               <Path>$IDP_HOME$/etc/idp-example.crt</Path>
                        </Certificate>
                </FileResolver>
-       </Credentials>
        
-       <!-- InQueue example (Deployments would need to generate an InQueue-compatible certificate) -->
-       <!--
-       <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+               <!-- InQueue example (Deployments would need to generate an InQueue-compatible certificate) -->
+               <!--
                <FileResolver Id="inqueue_cred">
                        <Key>
-                               <Path>$SHIB_HOME$/etc/idp-inqueue.key</Path>
+                               <Path>$IDP_HOME$/etc/idp-inqueue.key</Path>
                        </Key>
                        <Certificate>
-                               <Path>$SHIB_HOME$/etc/idp-inqueue.crt</Path>
+                               <Path>$IDP_HOME$/etc/idp-inqueue.crt</Path>
                        </Certificate>
                </FileResolver>
-       </Credentials> -->
+                -->
+       </Credentials>
 
 
        <!-- Protocol handlers specify what type of requests the IdP can respond to.  The default set listed here should work 
                for most configurations.  Modifications to this section may require modifications to the deployment descriptor -->
        <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
-               <Location>.+/shibboleth-idp/SSO</Location>
+               <Location>https?://[^:/]+(:(443|80))?/$IDP_WEBAPP_NAME$/SSO</Location> <!-- regex works when using default protocol ports -->
        </ProtocolHandler>
        <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
-               <Location>.+:8443/shibboleth-idp/AA</Location>
+               <Location>.+:8443/$IDP_WEBAPP_NAME$/AA</Location>
        </ProtocolHandler>
        <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
-               <Location>.+:8443/shibboleth-idp/Artifact</Location>
+               <Location>.+:8443/$IDP_WEBAPP_NAME$/Artifact</Location>
        </ProtocolHandler>
 
        
                how to authenticate them.  The metadatatool utility can be used to keep federation metadata files in synch.
                Metadata can also be placed directly within this these elements. -->
        <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                uri="$SHIB_HOME$/etc/example-metadata.xml"/>
+                uri="$IDP_HOME$/etc/example-metadata.xml"/>
        
        
        <!-- InQueue example (Deployments would need to get updated InQueue metadata) -->
        <!--
        <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
-                uri="$SHIB_HOME$/etc/IQ-metadata.xml"/> -->
+                uri="$IDP_HOME$/etc/IQ-metadata.xml"/> -->
 </IdPConfig>