Fix response and assertion signing defaults - SC-116
[java-idp.git] / src / installer / resources / conf-tmpl / relying-party.xml
index 3406ef6..9477860 100644 (file)
@@ -8,7 +8,7 @@
     when answering requests to a relying party.
 -->
 
-<RelyingPartyGroup xmlns="urn:mace:shibboleth:2.0:relying-party"
+<rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party"
                    xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
                    xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
                    xmlns:resource="urn:mace:shibboleth:2.0:resource"
     <!-- ========================================== -->
     <!--      Relying Party Configurations          -->
     <!-- ========================================== -->
-    <AnonymousRelyingParty provider="$IDP_ENTITY_ID$"
+    <rp:AnonymousRelyingParty provider="$IDP_ENTITY_ID$"
                            defaultSigningCredentialRef="IdPCredential" />
     
-    <DefaultRelyingParty provider="$IDP_ENTITY_ID$"
+    <rp:DefaultRelyingParty provider="$IDP_ENTITY_ID$"
                          defaultSigningCredentialRef="IdPCredential">
         <!-- 
             Each attribute in these profiles configuration is set to its default value,
             We list them here so that people are aware of them (since they seem reluctant to 
             read the documentation).
         -->
-        <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" 
+        <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" 
                               includeAttributeStatement="false"
                               assertionLifetime="PT5M"
                               signResponses="conditional"
                               signAssertions="never" />
                               
-        <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"
+        <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"
                               assertionLifetime="PT5M"
                               signResponses="conditional"
                               signAssertions="never" />
         
-        <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"
+        <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"
                               signResponses="conditional"
                               signAssertions="never" />
         
-        <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" 
+        <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile" 
                               includeAttributeStatement="true"
                               assertionLifetime="PT5M"
                               assertionProxyCount="0" 
-                              signResponses="conditional"
-                              signAssertions="never" 
+                              signResponses="never"
+                              signAssertions="always" 
                               encryptAssertions="conditional"
                               encryptNameIds="never" />
         
-        <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" 
+        <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" 
                               assertionLifetime="PT5M"
                               assertionProxyCount="0" 
                               signResponses="conditional"
                               encryptAssertions="conditional"
                               encryptNameIds="never" />
         
-        <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
-                              signResponses="conditional"
-                              signAssertions="never"
+        <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
+                              signResponses="never"
+                              signAssertions="always"
                               encryptAssertions="conditional"
                               encryptNameIds="never"/>
         
-    </DefaultRelyingParty>
+    </rp:DefaultRelyingParty>
         
     
     <!-- ========================================== -->
         <security:Rule xsi:type="security:MandatoryMessageAuthentication" />
     </security:SecurityPolicy>
     
-</RelyingPartyGroup>
\ No newline at end of file
+</rp:RelyingPartyGroup>
\ No newline at end of file