polish up default configs for alpha release
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 13 Jul 2007 17:20:35 +0000 (17:20 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Fri, 13 Jul 2007 17:20:35 +0000 (17:20 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2320 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/attribute-filter.xml
resources/conf/attribute-resolver.xml
resources/conf/handler.xml
resources/conf/relying-party.xml

index e7580f0..d6c188a 100644 (file)
@@ -8,12 +8,25 @@
                                                 urn:mace:shibboleth:2.0:afp:mf:basic classpath:/schema/shibboleth-2.0-afp-mf-basic.xsd ">
 
     <!-- 
+        Release the principal, which is used as our SAML 1 & 2 name identifiers to anyone.
+    -->
+    <AttributeFilterPolicy id="releasePrincipalToAnyone">
+        <PolicyRequirementRule xsi:type="basic:ANY" />
+        
+        <AttributeRule attributeID="principalName">
+            <PermitValueRule xsi:type="basic:ANY" />
+        </AttributeRule>
+        
+    </AttributeFilterPolicy>
+    
+
+    <!-- 
           Releases to anyone:
             * any value of uid
             * only the member value of affiliation
     -->
     <!--
-    <AttributeFilterPolicy id="ReleaseToAnyone">
+    <AttributeFilterPolicy id="releaseToAnyone">
         <PolicyRequirementRule xsi:type="basic:ANY" />
         
         <AttributeRule attributeID="uid">
@@ -37,7 +50,7 @@
             * any value of full name
     -->
     <!--
-    <AttributeFilterPolicy id="ReleaseToSP1">
+    <AttributeFilterPolicy id="releaseToSP1">
         <PolicyRequirementRule value="urn:example.org:myFederation:sp1" 
                                xsi:type="basic:AttributeRequesterString" />
         
index 08dfa74..c3dc5a0 100644 (file)
     <!--      Attribute Definitions                 -->
     <!-- ========================================== -->
     
+    <!-- Release the Principal as an attribute and encode it as the SAML 1 and 2 name IDs -->
+    <resolver:AttributeDefinition id="principalName" xsi:type="ad:PrincipalName">
+        <resolver:AttributeEncoder xsi:type="enc:SAML1StringNameIdentifier"
+                                   nameFormat="urn:mace:shibboleth:1.0:nameIdentifier" />
+
+        <resolver:AttributeEncoder xsi:type="enc:SAML2StringNameID"
+                                   nameFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" />
+   </resolver:AttributeDefinition>
+    
     <!-- Example attribute defintions -->
     <!--
     <resolver:AttributeDefinition id="uid" xsi:type="ad:Simple">
     <!--      Principal Connectors                  -->
     <!-- ========================================== -->
     <resolver:PrincipalConnector xsi:type="pc:Direct" 
-                                 id="directPC"
+                                 id="saml1UnspecDirect"
                                  nameIDFormat="urn:oasis:names:tc:SAML:1.0:nameid-format:unspecified" />
+                                 
+    <resolver:PrincipalConnector xsi:type="pc:Direct" 
+                                 id="saml2UnspecDirect"
+                                 nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified" />
 
 </AttributeResolver>
\ No newline at end of file
index 985d41d..5e0944c 100644 (file)
@@ -1,6 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler"
+                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
 
     <ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" />
     </ProfileHandler>
     
     <ProfileHandler xsi:type="SAML1AttributeQuery">
-        <RequestPath>/saml1/SOAP/SSO</RequestPath>
+        <RequestPath>/saml1/SOAP/AttributeQuery</RequestPath>
     </ProfileHandler>
     
     <ProfileHandler xsi:type="SAML2SSO">
-        <RequestPath>/saml2/SSO</RequestPath>
+        <RequestPath>/saml2/POST/SSO</RequestPath>
+    </ProfileHandler>
+
+    <ProfileHandler xsi:type="SAML2SSO" decodingBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">
+        <RequestPath>/saml2/Redirect/SSO</RequestPath>
     </ProfileHandler>
     
     <ProfileHandler xsi:type="SAML2AttributeQuery">
index 63c28a9..705dfbe 100644 (file)
@@ -20,8 +20,6 @@
     <!-- ========================================== -->
     <!--      Relying Party Configurations          -->
     <!-- ========================================== -->
-    
-    <!--
     <AnonymousRelyingParty provider="http://example.org/IdP" />
     
     <DefaultRelyingParty provider="http://example.org/IdP" />
@@ -33,7 +31,6 @@
         <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
         <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
     </RelyingParty>
-    -->
     
     
     <!-- ========================================== -->