+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- A single-entity "Federation" consisting of example.org.
+ Defines both an IdP and an SP.
+ All Role Endpoints are hosted on shibboleth.example.org,
+ which should appear in the "hosts" file mapped to 127.0.0.1
+ You may change the protocol and port to switch to/from https.
+-->
+
<EntitiesDescriptor
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
</KeyDescriptor>
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
- Location="https://shibboleth.example.org:8080/shibboleth/HS"/>
+ Location="http://shibboleth.example.org:8080/shibboleth/SSO"/>
</IDPSSODescriptor>
<AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
<Extensions>
<shib:Scope xmlns:shib="urn:mace:shibboleth:metadata:1.0">example.org</shib:Scope>
</Extensions>
<AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
- Location="https://shibboleth.example.org:8080/shibboleth/AA"/>
+ Location="http://shibboleth.example.org:8080/shibboleth/AA"/>
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
</AttributeAuthorityDescriptor>
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
<NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
<AssertionConsumerService index="0"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
- Location="https://shibboleth.example.org:8080/shibboleth/Shibboleth.shire"/>
+ Location="http://shibboleth.example.org:8080/shibboleth/Shibboleth.shire"/>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="en">Example Entity</OrganizationName>
- <OrganizationDisplayName xml:lang="en">Example State University</OrganizationDisplayName>
+ <OrganizationDisplayName xml:lang="en">Example Entity</OrganizationDisplayName>
<OrganizationURL xml:lang="en">http://shibboleth.internet2.edu/</OrganizationURL>
</Organization>
<ContactPerson contactType="technical">
<?xml version="1.0" encoding="UTF-8"?>
-<!-- Test IdP configuration file for Example State University
+<!-- Test IdP configuration file for Example Entity
There is one Metadata Entity: urn:mace:inqueue:example.org
It has both IdP and SP Roles.
It has one server: //shibboleth.example.org:8080
xmlns:name="urn:mace:shibboleth:namemapper:1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
- AAUrl="https://shibboleth.example.org:8080/shibboleth/AA"
+ AAUrl="http://shibboleth.example.org:8080/shibboleth/AA"
resolverConfig="/conf/resolver.xml"
defaultRelyingParty="urn:mace:inqueue:example.org"
providerId="urn:mace:inqueue:example.org">
</Certificate>
</FileResolver>
</Credentials>
+
+
+ <ProtocolHandler
+ implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+ <Location>http://shibboleth.example.org:8080/shibboleth/SSO</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler
+ implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+ <Location>http://shibboleth.example.org:8080/shibboleth/AA</Location>
+ </ProtocolHandler>
+
+ <ProtocolHandler
+ implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+ <Location>http://shibboleth.example.org:8080/shibboleth/Artifact</Location>
+ </ProtocolHandler>
+
<FederationProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataLoadWrapper"
uri="/conf/ExampleMetadata.xml"/>
<?xml version="1.0" encoding="UTF-8"?>
-<!-- Test SP configuration file for Example State University
+<!-- Test SP configuration file for Example Entity
There is one Metadata Entity: urn:mace:inqueue:example.org
It has both IdP and SP Roles.
It has one server: //shibboleth.example.org:8080
<SHIRE>
<RequestMapProvider type="edu.internet2.middleware.shibboleth.serviceprovider.XMLRequestMap">
<RequestMap applicationId="default">
- <Host name="shibboleth.example.org" scheme="https">
+ <Host name="shibboleth.example.org" port="8443" scheme="https">
<Path name="secure" requireSession="true" exportAssertion="true" />
</Host>
<Host name="shibboleth.example.org" port="8080" scheme="http">
</SHIRE>
<Applications xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
- id="default" providerId="http://shibboleth.example.org/shibboleth">
+ id="default" providerId="urn:mace:inqueue:example.org">
<!--
Controls session lifetimes, address checks, cookie handling, WAYF, and the SHIRE location.
Change to https://localhost/shibboleth/HS for internal testing against your own origin.
-->
<Sessions lifetime="7200" timeout="3600" checkAddress="true"
- wayfURL="http://shibboleth.example.org:8080/shibboleth/HS"
+ wayfURL="http://shibboleth.example.org:8080/shibboleth/SSO"
shireURL="http://shibboleth.example.org:8080/shibboleth/Shibboleth.shire"
shireSSL="false"/>
<FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata"
uri="/conf/ExampleMetadata.xml"/>
- <!--
- Revocation using X.509 CRLs is an optional feature in some trust metadata or you may
- supply your own revocation information locally.
- -->
- <!--
- <RevocationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLRevocation"
- uri="/conf/IQ-trust.xml"/>
- -->
<!-- zero or more SAML Audience condition matches -->
- <saml:Audience>urn:mace:shibdev</saml:Audience>
+ <saml:Audience>urn:mace:inqueue:example.org</saml:Audience>
</Applications>
<!-- A Servlet deployment descriptor (WEB-INF/web.xml) file
defining Servlets, Filters, and Listeners for a /shibboleth
- context containing both an IdP and an SP -->
+ context containing both an IdP and an SP.
+-->
<web-app>
<display-name>Shibboleth</display-name>
</init-param>
</filter>
-->
- <!-- Frontend the IdP SSO Servlet with the institution's
- locally selected WebISO Filter. -->
- <!-- CAS Example
- <filter-mapping>
- <filter-name>CAS Filter</filter-name>
- <servlet-name>HS</servlet-name>
- </filter-mapping>
- -->
<!-- Frontend any protocol endpoints with the RequestLogFilter
<!-- Servlets for Shibboleth/SAML Protocol endpoints -->
<servlet>
- <!-- IdP SSO -->
- <servlet-name>HS</servlet-name>
- <display-name>Shibboleth Handle Service</display-name>
- <servlet-class>
- edu.internet2.middleware.shibboleth.hs.HandleServlet
- </servlet-class>
- </servlet>
- <servlet>
- <!-- IdP AttributeAuthority -->
- <servlet-name>AA</servlet-name>
- <display-name>Shibboleth Attribute Authority</display-name>
+ <!-- IdP SSO and AA -->
+ <servlet-name>IdP</servlet-name>
+ <display-name>Shibboleth Identity Provider</display-name>
<servlet-class>
- edu.internet2.middleware.shibboleth.aa.AAServlet
+ edu.internet2.middleware.shibboleth.idp.IdPResponder
</servlet-class>
</servlet>
<servlet>
<!-- Mapping for SAML/Shibboleth protocol endpoints -->
<servlet-mapping>
- <servlet-name>HS</servlet-name>
- <url-pattern>/HS</url-pattern>
+ <servlet-name>IdP</servlet-name>
+ <url-pattern>/SSO</url-pattern>
</servlet-mapping>
<servlet-mapping>
- <servlet-name>AA</servlet-name>
+ <servlet-name>IdP</servlet-name>
<url-pattern>/AA</url-pattern>
</servlet-mapping>
<servlet-mapping>
+ <servlet-name>IdP</servlet-name>
+ <url-pattern>/Artifact</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
<servlet-name>AssertionConsumer</servlet-name>
- <url-pattern>*.SHIRE</url-pattern>
+ <url-pattern>*.shire</url-pattern>
</servlet-mapping>
<!-- Mapping for administrative functions -->
<extension>css</extension>
<mime-type>text/css</mime-type>
</mime-mapping>
+
+
+<!-- If you don't have a real SSO, then this code triggers
+ Basic Authentication against the {tomcat}/conf/tomcat-users file
+-->
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>Shibboleth SSO</web-resource-name>
+ <url-pattern>/SSO</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>user</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <!-- Define the Login Configuration for this Application -->
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ </login-config>
</web-app>
projects / java-idp.git / commitdiff