Partial Service Provider configuration files
authorgilbert <gilbert@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Oct 2004 13:10:35 +0000 (13:10 +0000)
committergilbert <gilbert@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 28 Oct 2004 13:10:35 +0000 (13:10 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1138 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/conf/AAP.xml [new file with mode: 0644]
src/conf/SAML2Metadata.xml [new file with mode: 0644]
src/conf/shibboleth.xml [new file with mode: 0644]

diff --git a/src/conf/AAP.xml b/src/conf/AAP.xml
new file mode 100644 (file)
index 0000000..e3d7459
--- /dev/null
@@ -0,0 +1,280 @@
+<AttributeAcceptancePolicy xmlns="urn:mace:shibboleth:1.0">
+       
+       <!--
+       An AAP is a set of AttributeRule elements, each one
+       referencing a specific attribute by URI. All attributes that
+       should be visible to an application running at the target should
+       be listed, or they will be filtered out.
+       
+       The Header and Alias attributes map an attribute to an HTTP header
+       and to an htaccess rule name respectively. Without Header, the attribute
+       will only be obtainable from the exported SAML assertion in raw XML.
+       
+       Scoped attributes are also filtered on Scope via the Domain elements
+       in the site metadata.
+       -->
+       
+       <!-- First some useful eduPerson attributes that many sites might use. -->
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" Header="Shib-EP-Affiliation" Alias="affiliation">
+               <!-- Filtering rule to limit values to eduPerson-defined enumeration. -->
+        <AnySite>
+            <Value Type="regexp">^[M|m][E|e][M|m][B|b][E|e][R|r]$</Value>
+            <Value Type="regexp">^[F|f][A|a][C|c][U|u][L|l][T|t][Y|y]$</Value>
+            <Value Type="regexp">^[S|s][T|t][U|u][D|d][E|e][N|n][T|t]$</Value>
+            <Value Type="regexp">^[S|s][T|t][A|a][F|f][F|f]$</Value>
+            <Value Type="regexp">^[A|a][L|l][U|u][M|m]$</Value>
+            <Value Type="regexp">^[A|a][F|f][F|f][I|i][L|l][I|i][A|a][T|t][E|e]$</Value>
+            <Value Type="regexp">^[E|e][M|m][P|p][L|l][O|o][Y|y][E|e][E|e]$</Value>
+        </AnySite>
+        
+        <!-- Example of Scope rule to override site metadata. -->
+        <SiteRule Name="urn:mace:inqueue:shibdev.edu">
+               <Scope Accept="false">shibdev.edu</Scope>
+               <Scope Type="regexp">^.+\.shibdev\.edu$</Scope>
+        </SiteRule>
+       </AttributeRule>
+
+       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonAffiliation" Header="Shib-EP-UnscopedAffiliation" Alias="unscoped-affiliation">
+        <AnySite>
+            <Value Type="regexp">^[M|m][E|e][M|m][B|b][E|e][R|r]$</Value>
+            <Value Type="regexp">^[F|f][A|a][C|c][U|u][L|l][T|t][Y|y]$</Value>
+            <Value Type="regexp">^[S|s][T|t][U|u][D|d][E|e][N|n][T|t]$</Value>
+            <Value Type="regexp">^[S|s][T|t][A|a][F|f][F|f]$</Value>
+            <Value Type="regexp">^[A|a][L|l][U|u][M|m]$</Value>
+            <Value Type="regexp">^[A|a][F|f][F|f][I|i][L|l][I|i][A|a][T|t][E|e]$</Value>
+            <Value Type="regexp">^[E|e][M|m][P|p][L|l][O|o][Y|y][E|e][E|e]$</Value>
+        </AnySite>
+       </AttributeRule>
+       
+    <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrincipalName" Header="REMOTE_USER" Alias="user">
+               <!-- Basic rule to pass through any value. -->
+        <AnySite>
+            <AnyValue/>
+        </AnySite>
+    </AttributeRule>
+
+       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonEntitlement" Header="Shib-EP-Entitlement" Alias="entitlement">
+               <!-- Entitlements tend to be filtered per-site. -->
+               
+               <!--
+               Optional site rule that applies to any site
+               <AnySite>
+                       <Value>urn:mace:example.edu:exampleEntitlement</Value>
+               </AnySite>
+               -->
+               
+               <!-- Specific rules for an origin site, these are just development/sample sites. -->
+               <SiteRule Name="urn:mace:inqueue:example.edu">
+                       <Value Type="regexp">^urn:mace:.+$</Value>
+               </SiteRule>
+               <SiteRule Name="urn:mace:inqueue:shibdev.edu">
+                       <Value Type="regexp">^urn:mace:.+$</Value>
+               </SiteRule>
+       </AttributeRule>
+
+       <!-- A persistent id attribute that supports personalized anonymous access. -->
+       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonTargetedID" Header="Shib-TargetedID" Alias="targeted_id">
+        <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <!-- Some more eduPerson attributes, uncomment these to use them... -->
+       <!--
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonNickname">
+        <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+
+       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" Header="Shib-EP-PrimaryAffiliation">
+        <AnySite>
+            <Value Type="regexp">^[M|m][E|e][M|m][B|b][E|e][R|r]$</Value>
+            <Value Type="regexp">^[F|f][A|a][C|c][U|u][L|l][T|t][Y|y]$</Value>
+            <Value Type="regexp">^[S|s][T|t][U|u][D|d][E|e][N|n][T|t]$</Value>
+            <Value Type="regexp">^[S|s][T|t][A|a][F|f][F|f]$</Value>
+            <Value Type="regexp">^[A|a][L|l][U|u][M|m]$</Value>
+            <Value Type="regexp">^[A|a][F|f][F|f][I|i][L|l][I|i][A|a][T|t][E|e]$</Value>
+            <Value Type="regexp">^[E|e][M|m][P|p][L|l][O|o][Y|y][E|e][E|e]$</Value>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN" Header="Shib-EP-PrimaryOrgUnitDN">
+        <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonOrgUnitDN" Header="Shib-EP-OrgUnitDN">
+        <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:eduPersonOrgDN" Header="Shib-EP-OrgDN">
+        <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+
+       -->
+
+
+       <!--Examples of common LDAP-based attributes, uncomment to use these... -->
+       <!--
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:cn" Header="Shib-Person-commonName">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:sn" Header="Shib-Person-surname">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:telephoneNumber" Header="Shib-Person-telephoneNumber">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:title" Header="Shib-OrgPerson-title">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:initials" Header="Shib-InetOrgPerson-initials">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:description" Header="Shib-Person-description">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:carLicense" Header="Shib-InetOrgPerson-carLicense">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:departmentNumber" Header="Shib-InetOrgPerson-deptNum">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:displayName" Header="Shib-InetOrgPerson-displayName">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:employeeNumber" Header="Shib-InetOrgPerson-employeeNum">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:employeeType" Header="Shib-InetOrgPerson-employeeType">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:preferredLanguage" Header="Shib-InetOrgPerson-prefLang">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:manager" Header="Shib-InetOrgPerson-manager">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:roomNumber" Header="Shib-InetOrgPerson-roomNum">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:seeAlso" Header="Shib-OrgPerson-seeAlso">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:facsimileTelephoneNumber" Header="Shib-OrgPerson-fax">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:street" Header="Shib-OrgPerson-street">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:postOfficeBox" Header="Shib-OrgPerson-POBox">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:postalCode" Header="Shib-OrgPerson-postalCode">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:st" Header="Shib-OrgPerson-state">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:givenName" Header="Shib-InetOrgPerson-givenName">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:l" Header="Shib-OrgPerson-locality">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:businessCategory" Header="Shib-InetOrgPerson-businessCat">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:ou" Header="Shib-OrgPerson-orgUnit">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       <AttributeRule Name="urn:mace:dir:attribute-def:physicalDeliveryOfficeName" Header="Shib-OrgPerson-OfficeName">
+               <AnySite>
+            <AnyValue/>
+        </AnySite>
+       </AttributeRule>
+       
+       -->
+
+</AttributeAcceptancePolicy>
diff --git a/src/conf/SAML2Metadata.xml b/src/conf/SAML2Metadata.xml
new file mode 100644 (file)
index 0000000..56a2c45
--- /dev/null
@@ -0,0 +1,81 @@
+<EntitiesDescriptor Name="urn:mace:inqueue"
+    xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd"
+       xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+       xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+
+    <EntityDescriptor entityID="urn:mace:inqueue:example.edu">
+    
+        <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.0:protocol urn:mace:shibboleth:1.0"
+                errorURL="http://wayf.internet2.edu/InQueue/error.html">
+            <KeyDescriptor use="signing">
+                <ds:KeyInfo>
+                    <ds:KeyName>wayf.internet2.edu</ds:KeyName>
+                </ds:KeyInfo>
+            </KeyDescriptor>
+            <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+            <SingleSignOnService Binding="urn:mace:shibboleth:1.0"
+                       Location="https://wayf.internet2.edu/shibboleth-1.2/HS"/>
+        </IDPSSODescriptor>
+        
+        <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.0:protocol"
+                errorURL="http://wayf.internet2.edu/InQueue/error.html">
+            <KeyDescriptor use="signing">
+                <ds:KeyInfo>
+                    <ds:KeyName>wayf.internet2.edu</ds:KeyName>
+                </ds:KeyInfo>
+            </KeyDescriptor>
+            <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+                Location="https://wayf.internet2.edu/shibboleth-1.2/AA"/>
+            <saml:Attribute NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"
+                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" FriendlyName="eduPersonPrincipalName"/>
+            <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+        </AttributeAuthorityDescriptor>
+
+        <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.0:protocol">
+            <KeyDescriptor use="signing">
+                <ds:KeyInfo>
+                    <ds:KeyName>wayf.internet2.edu</ds:KeyName>
+                </ds:KeyInfo>
+            </KeyDescriptor>
+            <AssertionConsumerService isDefault="true" index="0"
+                Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
+                       Location="https://wayf.internet2.edu/Shibboleth.shire"/>
+        </SPSSODescriptor>
+
+        <AttributeConsumerDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.0:protocol">
+            <KeyDescriptor use="signing">
+                <ds:KeyInfo>
+                    <ds:KeyName>wayf.internet2.edu</ds:KeyName>
+                </ds:KeyInfo>
+            </KeyDescriptor>
+            <AttributeConsumingService index="0">
+                <ServiceName xml:lang="en">
+                InQueue Sample Service
+                </ServiceName>
+                <RequestedAttribute NameFormat="urn:mace:shibboleth:1.0:attributeNamespace:uri"
+                    Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" FriendlyName="eduPersonPrincipalName"/>
+            </AttributeConsumingService>
+        </AttributeConsumerDescriptor>
+        
+        <Organization>
+            <OrganizationName xml:lang="en">
+            Example State University
+            </OrganizationName>
+            <OrganizationDisplayName xml:lang="en">
+            Example State University
+            </OrganizationDisplayName>
+            <OrganizationURL xml:lang="en">
+            https://wayf.internet2.edu/
+            </OrganizationURL>
+        </Organization>
+
+        <ContactPerson contactType="technical">
+            <Company>Internet2</Company>
+            <GivenName>InQueue Support</GivenName>
+            <EmailAddress>mailto:inqueue-support@internet2.edu</EmailAddress>
+        </ContactPerson>
+    </EntityDescriptor>
+    
+</EntitiesDescriptor>
diff --git a/src/conf/shibboleth.xml b/src/conf/shibboleth.xml
new file mode 100644 (file)
index 0000000..b09b8e2
--- /dev/null
@@ -0,0 +1,131 @@
+<ShibbolethTargetConfig xmlns="urn:mace:shibboleth:target:config:1.0"
+        logger="/conf/shibboleth.logger" 
+               clockSkew="180">
+
+    <SHAR>
+               <TCPListener address="127.0.0.1" port="1600" acl="127.0.0.1"/>
+        <MemorySessionCache cleanupInterval="300" cacheTimeout="3600" AATimeout="30" AAConnectTimeout="15"
+            defaultLifetime="1800" retryInterval="300" strictValidity="false" propagateErrors="true"/>
+     </SHAR>
+
+    <SHIRE>
+        <RequestMapProvider type="edu.internet2.middleware.shibboleth.target.provider.XMLRequestMap">
+            <RequestMap applicationId="default">
+               <Host name="shibdev.sample.edu" scheme="https">
+                    <Path name="secure" requireSession="true" exportAssertion="true" />
+                </Host>
+                <Host name="shibdev.sample.edu" port="8080" scheme="http">
+                    <Path name="secure" requireSession="true" exportAssertion="true"/>
+                </Host>
+            </RequestMap>
+        </RequestMapProvider>
+    </SHIRE>
+
+    <Applications xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+        id="default" providerId="http://shibdev.sample.edu/shibboleth">
+
+        <!--
+        Controls session lifetimes, address checks, cookie handling, WAYF, and the SHIRE location.
+        You MUST supply a unique shireURL value (and a wayfURL that can be the same) for each of your
+        applications. The value can be a relative path, a URL with no hostname (https:///path) or a
+        full URL. The system will compute the value that applies based on the resource. Using
+        shireSSL="true" will force the protocol to be https. You should also add a cookieProps
+        setting of "; secure" in that case. The default wayfURL is the InQueue federation's service.
+        Change to https://localhost/shibboleth/HS for internal testing against your own origin.
+        -->
+        <Sessions lifetime="7200" timeout="3600" checkAddress="true"
+            wayfURL="http://shibdev.sample.edu:8080/shibboleth/HS"
+            shireURL="http://shibdev.sample.edu:8080/shibboleth/Shibboleth.shire" 
+                       shireSSL="false"/>
+
+        <!--
+        You should customize these pages! You can add attributes with values that can be plugged
+        into your templates.
+        -->
+        <Errors shire="shireError.html"
+            rm="rmError.html"
+            access="accessError.html"
+            supportContact="root@localhost"
+            logoLocation="/shibtarget/logo.jpg"
+            styleSheet="/shibtarget/main.css"/>
+
+        <!-- Indicates what credentials to use when communicating -->
+        <CredentialUse TLS="defcreds" Signing="defcreds">
+            <!-- RelyingParty elements customize credentials for specific origins or federations -->
+            <!--
+            <RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
+            -->
+        </CredentialUse>
+
+        <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
+            AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
+        <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
+            AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
+
+        <!-- AAP can be inline or in a separate file -->
+        <AAPProvider type="edu.internet2.middleware.shibboleth.target.provider.XMLAAP"
+        uri="/conf/AAP.xml"/>
+
+        <!-- Metadata consists of site/operational metadata, trust, revocation providers. Can be external or inline. -->
+        <FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata"
+            uri="/conf/testsites.xml"/>
+                       
+               <FederationProvider type="edu.internet2.middleware.shibboleth.target.SAML2MetadataImpl"
+                       uri="/conf/SAML2Metadata.xml" />        
+                       
+               <!-- Creater an inline just to test the inline parse logic -->  
+        <FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata">
+                       <SiteGroup Name="https://bogus.org/shibboleth" xmlns="urn:mace:shibboleth:1.0">
+                               <OriginSite Name="https://bogus.org/shibboleth/origin">
+                                       <Alias>Localhost Test Deployment</Alias>
+                                       <Contact Type="technical" Name="Your Name Here" Email="root@localhost"/>
+                                       <HandleService Location="https://localhost/shibboleth/HS" Name="CN=localhost, O=Shibboleth Project, C=US"/>
+                                       <AttributeAuthority Location="https://localhost/shibboleth/AA" Name="CN=localhost, O=Shibboleth Project, C=US"/>
+                                       <Domain>localhost</Domain>
+                               </OriginSite>
+                       
+                               <DestinationSite Name="https://bogus.org/shibboleth/target">
+                                       <Alias>Localhost Test Deployment</Alias>
+                                       <Contact Type="technical" Name="Your Name Here" Email="root@localhost"/>
+                                       <AssertionConsumerServiceURL Location="https://localhost/Shibboleth.shire"/>
+                                       <AttributeRequester Name="CN=localhost, O=Shibboleth Project, C=US"/>
+                               </DestinationSite>
+                       </SiteGroup>
+               </FederationProvider>
+                       
+                       
+
+        <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLTrust"
+            uri="/conf/testtrust.xml"/>
+
+        <!--
+        Revocation using X.509 CRLs is an optional feature in some trust metadata or you may
+        supply your own revocation information locally.
+        -->
+        <!--
+        <RevocationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLRevocation"
+            uri="/conf/IQ-trust.xml"/>
+        -->
+
+        <!-- zero or more SAML Audience condition matches -->
+        <saml:Audience>urn:mace:shibdev</saml:Audience>
+
+
+    </Applications>
+
+    <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
+    <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
+        <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+            <FileResolver Id="defcreds">
+                <Key format="PEM">
+                    <Path>/conf/localhost.key</Path>
+                </Key>
+                <Certificate format="PEM">
+                    <Path>/conf/localhost.crt</Path>
+                </Certificate>
+            </FileResolver>
+        </Credentials>
+    </CredentialsProvider>
+
+</ShibbolethTargetConfig>
+