Enable SAML profiles on default endpoint
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 8 Jan 2008 19:30:08 +0000 (19:30 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 8 Jan 2008 19:30:08 +0000 (19:30 +0000)
Set conventional IdP credential name
  - Only thing people should have to change in this file now is the entity ID and the metadata provider

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2529 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/relying-party.xml

index ec69970..0f612d8 100644 (file)
     <!-- ========================================== -->
     <AnonymousRelyingParty provider="http://example.org/IdP" />
     
-    <DefaultRelyingParty provider="http://example.org/IdP" />
+    <DefaultRelyingParty provider="http://example.org/IdP"
+                         defaultSigningCredentialRef="IdPCredential">
+        <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" />
+    </DefaultRelyingParty>
     
+    <!-- 
+        Example of relying party specific configuration
+     -->
+     <!--
     <RelyingParty id="urn:example.org"
                   provider="http://idp.example.org"
                   defaultSigningCredentialRef="ExampleOrgCred">
@@ -37,6 +49,7 @@
         <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" />
         <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" />
     </RelyingParty>
+     -->
     
     
     <!-- ========================================== -->
@@ -49,7 +62,7 @@
                 <!--
                     This filter should generally not be used as many XML documents contain small schema violations.  This 
                     violations often do not effect message processing.  This filter may be used when debugging a problem 
-                    with incomming metadata though.
+                    with incoming metadata though.
                 -->
                 <!-- MetadataFilter xsi:type="SchemaValidation" xmlns="urn:mace:shibboleth:2.0:metadata"-->
                 <!-- MetadataFilter xsi:type="SignatureValidation" trustEngineRef="shibboleth.SignatureTrustEngine" /-->
     <!-- ========================================== -->
     <!--     Security Configurations                -->
     <!-- ========================================== -->
-    <security:Credential id="ExampleOrgCred" xsi:type="security:X509Filesystem">
-        <security:PrivateKey password="changeit">$IDP_HOME$/credentials/example.org.key</security:PrivateKey>
-        <security:Certificate>$IDP_HOME$/credentials/example.org.cert</security:Certificate>
+    <security:Credential id="IdPCredential" xsi:type="security:X509Filesystem">
+        <security:PrivateKey password="changeit">$IDP_HOME$/credentials/idp.key</security:PrivateKey>
+        <security:Certificate>$IDP_HOME$/credentials/idp.crt</security:Certificate>
     </security:Credential>
     
     <security:TrustEngine id="shibboleth.SignatureTrustEngine" xsi:type="security:ExplicitKeySignature"