Minor tweaks to default config

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2710 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/resources/conf/handler.xml b/resources/conf/handler.xml
index 763d6a7..4dd3586 100644 (file)
--- a/resources/conf/handler.xml
+++ b/resources/conf/handler.xml
@@ -76,10 +76,13 @@
         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
     </LoginHandler>
     
+    <!--  Username/password login handler -->
+    <!-- 
     <LoginHandler xsi:type="UsernamePassword" 
                   jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
     </LoginHandler>
+    -->
     
     <!-- 
         Removal of this login handler will disable SSO support, that is it will require the user to authenticate 

diff --git a/resources/conf/relying-party.xml b/resources/conf/relying-party.xml
index 22b6d04..d3fa1b0 100644 (file)
--- a/resources/conf/relying-party.xml
+++ b/resources/conf/relying-party.xml
@@ -37,23 +37,41 @@
         -->
         <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile" 
                               includeAttributeStatement="false"
-                              assertionLifetime="300000" />
+                              assertionLifetime="300000"
+                              signResponses="conditional"
+                              signAssertions="never" />
                               
         <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"
-                              assertionLifetime="300000" />
+                              assertionLifetime="300000"
+                              signResponses="conditional"
+                              signAssertions="never" />
         
-        <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"
+                              signResponses="conditional"
+                              signAssertions="never" />
         
         <ProfileConfiguration xsi:type="saml:SAML2SSOProfile" 
                               includeAttributeStatement="true"
                               assertionLifetime="300000"
-                              assertionProxyCount="0" />
+                              assertionProxyCount="0" 
+                              signResponses="conditional"
+                              signAssertions="never" 
+                              encryptAssertions="conditional"
+                              encryptNameIds="conditional" />
         
         <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile" 
                               assertionLifetime="300000"
-                              assertionProxyCount="0" />
+                              assertionProxyCount="0" 
+                              signResponses="conditional"
+                              signAssertions="never"
+                              encryptAssertions="conditional"
+                              encryptNameIds="conditional" />
         
-        <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" />
+        <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile" 
+                              signResponses="conditional"
+                              signAssertions="never"
+                              encryptAssertions="conditional"
+                              encryptNameIds="conditional"/>
         
     </DefaultRelyingParty>