Minor tweaks to default config
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 18 Mar 2008 13:37:31 +0000 (13:37 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 18 Mar 2008 13:37:31 +0000 (13:37 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2710 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/handler.xml
resources/conf/relying-party.xml

index 763d6a7..4dd3586 100644 (file)
         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
     </LoginHandler>
     
+    <!--  Username/password login handler -->
+    <!-- 
     <LoginHandler xsi:type="UsernamePassword" 
                   jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
     </LoginHandler>
+    -->
     
     <!-- 
         Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
index 22b6d04..d3fa1b0 100644 (file)
         -->
         <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" 
                               includeAttributeStatement="false"
-                              assertionLifetime="300000" />
+                              assertionLifetime="300000"
+                              signResponses="conditional"
+                              signAssertions="never" />
                               
         <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"
-                              assertionLifetime="300000" />
+                              assertionLifetime="300000"
+                              signResponses="conditional"
+                              signAssertions="never" />
         
-        <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"
+                              signResponses="conditional"
+                              signAssertions="never" />
         
         <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" 
                               includeAttributeStatement="true"
                               assertionLifetime="300000"
-                              assertionProxyCount="0" />
+                              assertionProxyCount="0" 
+                              signResponses="conditional"
+                              signAssertions="never" 
+                              encryptAssertions="conditional"
+                              encryptNameIds="conditional" />
         
         <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" 
                               assertionLifetime="300000"
-                              assertionProxyCount="0" />
+                              assertionProxyCount="0" 
+                              signResponses="conditional"
+                              signAssertions="never"
+                              encryptAssertions="conditional"
+                              encryptNameIds="conditional" />
         
-        <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
+                              signResponses="conditional"
+                              signAssertions="never"
+                              encryptAssertions="conditional"
+                              encryptNameIds="conditional"/>
         
     </DefaultRelyingParty>