IdP+SP configuration files for Example State U test
authorgilbert <gilbert@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 22 Mar 2005 04:04:57 +0000 (04:04 +0000)
committergilbert <gilbert@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Tue, 22 Mar 2005 04:04:57 +0000 (04:04 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1326 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/conf/ExampleMetadata.xml [new file with mode: 0644]
src/conf/IdP.xml [new file with mode: 0644]
src/conf/SP.xml [new file with mode: 0644]

diff --git a/src/conf/ExampleMetadata.xml b/src/conf/ExampleMetadata.xml
new file mode 100644 (file)
index 0000000..e673852
--- /dev/null
@@ -0,0 +1,52 @@
+<EntitiesDescriptor
+    xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd"
+    Name="urn:mace:inqueue"
+    validUntil="2010-01-01T00:00:00Z">
+
+       <EntityDescriptor entityID="urn:mace:inqueue:example.edu">
+               <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
+                       <Extensions>
+                       <shib:Scope xmlns:shib="urn:mace:shibboleth:metadata:1.0">example.edu</shib:Scope>
+                       </Extensions>
+                       <KeyDescriptor use="signing">
+                           <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                               <ds:KeyName>wayf.internet2.edu</ds:KeyName>
+                           </ds:KeyInfo>
+                       </KeyDescriptor>
+                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                       <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+                           Location="https://shibboleth.example.edu:8080/shibboleth/HS"/>
+               </IDPSSODescriptor>
+               <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                       <Extensions>
+                       <shib:Scope xmlns:shib="urn:mace:shibboleth:metadata:1.0">example.edu</shib:Scope>
+                       </Extensions>
+                       <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+                           Location="https://shibboleth.example.edu:8080/shibboleth/AA"/>
+                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+               </AttributeAuthorityDescriptor>
+               <SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                       <KeyDescriptor>
+                           <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                               <ds:KeyName>wayf.internet2.edu</ds:KeyName>
+                           </ds:KeyInfo>
+                       </KeyDescriptor>
+                       <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                   <AssertionConsumerService index="0"
+                       Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"
+                       Location="https://shibboleth.example.edu:8080/shibboleth/Shibboleth.shire"/>
+               </SPSSODescriptor>
+               <Organization>
+                   <OrganizationName xml:lang="en">Example State University</OrganizationName>
+                   <OrganizationDisplayName xml:lang="en">Example State University</OrganizationDisplayName>
+                   <OrganizationURL xml:lang="en">http://shibboleth.internet2.edu/</OrganizationURL>
+               </Organization>
+               <ContactPerson contactType="technical">
+                   <SurName>InQueue Support</SurName>
+                   <EmailAddress>inqueue-support@internet2.edu</EmailAddress>
+               </ContactPerson>
+       </EntityDescriptor>
+
+</EntitiesDescriptor>
diff --git a/src/conf/IdP.xml b/src/conf/IdP.xml
new file mode 100644 (file)
index 0000000..39471fa
--- /dev/null
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Test IdP configuration file for Example State University 
+        There is one Metadata Entity: urn:mace:inqueue:example.edu
+        It has both IdP and SP Roles.
+        It has one server: //shibboleth.example.edu:8080
+        The endpoints are in the /shibboleth context on the server
+        
+        Dependencies:
+        Must agreed with referenced external ExampleMetadata file.
+        Endpoints must agree with Servlet mappings in web.xml
+        Certificates must be generated for these names
+        The "hosts" file maps shibboleth.example.edu to 127.0.0.1
+-->
+
+<IdPConfig 
+       xmlns="urn:mace:shibboleth:idp:config:1.0" 
+       xmlns:cred="urn:mace:shibboleth:credentials:1.0" 
+       xmlns:name="urn:mace:shibboleth:namemapper:1.0" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd" 
+       AAUrl="https://shibboleth.example.edu:8080/shibboleth/AA" 
+       resolverConfig="/conf/resolver.xml"
+       defaultRelyingParty="urn:mace:inqueue:example.edu" 
+       providerId="urn:mace:inqueue:example.edu">
+
+       <RelyingParty name="urn:mace:inqueue:example.edu" signingCredential="foo">
+               <HSNameFormat nameMapping="shm"/>
+       </RelyingParty>
+
+       <!-- You'll need to get a test credential from an InQueue CA -->
+       <!--
+       <RelyingParty name="urn:mace:inqueue" signingCredential="inqueue_cred">
+               <HSNameFormat nameMapping="shm"/>
+       </RelyingParty>
+       -->
+       
+       <ReleasePolicyEngine>
+               <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+                       <Path>/conf/arps/</Path>
+               </ArpRepository>
+       </ReleasePolicyEngine>
+
+       <!-- Uncomment one of the following configuration sections to customize the logging behavior -->
+       <!--
+       <Logging>
+               <Log4JConfig location="file:///tmp/log4j.properties" />
+       </Logging>
+       -->
+       <!--
+       <Logging>
+               <ErrorLog level="DEBUG" location="file:///tmp/shib-error.log" />
+               <TransactionLog location="file:///tmp/shib-access.log" />
+       </Logging>
+       -->
+
+       <NameMapping 
+               xmlns="urn:mace:shibboleth:namemapper:1.0" 
+               id="shm" 
+               format="urn:mace:shibboleth:1.0:nameIdentifier" 
+               type="SharedMemoryShibHandle" 
+               handleTTL="1800"/>
+
+       <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+               <FileResolver Id="foo">
+                       <Key format="PEM">
+                               <Path>/conf/localhost.key</Path>
+                       </Key>
+                       <Certificate format="PEM">
+                               <Path>/conf/localhost.crt</Path>
+                       </Certificate>
+               </FileResolver>
+       </Credentials>
+       
+       <FederationProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataLoadWrapper"
+                uri="/conf/ExampleMetadata.xml"/>
+                
+</IdPConfig>
+
diff --git a/src/conf/SP.xml b/src/conf/SP.xml
new file mode 100644 (file)
index 0000000..0fef6e3
--- /dev/null
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Test SP configuration file for Example State University 
+        There is one Metadata Entity: urn:mace:inqueue:example.edu
+        It has both IdP and SP Roles.
+        It has one server: //shibboleth.example.edu:8080
+        The endpoints are in the /shibboleth context on the server
+        
+        Dependencies:
+        Must agreed with referenced external ExampleMetadata file.
+        Endpoints must agree with Servlet mappings in web.xml
+        Certificates must be generated for these names
+        The "hosts" file maps shibboleth.example.edu to 127.0.0.1
+-->
+
+<ShibbolethTargetConfig xmlns="urn:mace:shibboleth:target:config:1.0"
+        logger="/conf/shibboleth.logger" 
+               clockSkew="180">
+
+    <SHAR>
+               <TCPListener address="127.0.0.1" port="1600" acl="127.0.0.1"/>
+        <MemorySessionCache cleanupInterval="300" cacheTimeout="3600" AATimeout="30" AAConnectTimeout="15"
+            defaultLifetime="1800" retryInterval="300" strictValidity="false" propagateErrors="true"/>
+     </SHAR>
+
+    <SHIRE>
+        <RequestMapProvider type="edu.internet2.middleware.shibboleth.serviceprovider.XMLRequestMap">
+            <RequestMap applicationId="default">
+               <Host name="shibdev.sample.edu" scheme="https">
+                    <Path name="secure" requireSession="true" exportAssertion="true" />
+                </Host>
+                <Host name="shibdev.sample.edu" port="8080" scheme="http">
+                    <Path name="secure" requireSession="true" exportAssertion="true"/>
+                </Host>
+            </RequestMap>
+        </RequestMapProvider>
+    </SHIRE>
+
+    <Applications xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
+        id="default" providerId="http://shibdev.sample.edu/shibboleth">
+
+        <!--
+        Controls session lifetimes, address checks, cookie handling, WAYF, and the SHIRE location.
+        You MUST supply a unique shireURL value (and a wayfURL that can be the same) for each of your
+        applications. The value can be a relative path, a URL with no hostname (https:///path) or a
+        full URL. The system will compute the value that applies based on the resource. Using
+        shireSSL="true" will force the protocol to be https. You should also add a cookieProps
+        setting of "; secure" in that case. The default wayfURL is the InQueue federation's service.
+        Change to https://localhost/shibboleth/HS for internal testing against your own origin.
+        -->
+        <Sessions lifetime="7200" timeout="3600" checkAddress="true"
+            wayfURL="http://shibdev.sample.edu:8080/shibboleth/HS"
+            shireURL="http://shibdev.sample.edu:8080/shibboleth/Shibboleth.shire" 
+                       shireSSL="false"/>
+
+        <!--
+        You should customize these pages! You can add attributes with values that can be plugged
+        into your templates.
+        -->
+        <Errors shire="shibboleth/shireError.html"
+            rm="shibboleth/rmError.html"
+            access="shibboleth/accessError.html"
+            supportContact="root@localhost"
+            logoLocation="/shibboleth/logo.jpg"
+            styleSheet="/shibboleth/main.css"/>
+
+        <!-- Indicates what credentials to use when communicating -->
+        <CredentialUse TLS="defcreds" Signing="defcreds">
+            <!-- RelyingParty elements customize credentials for specific origins or federations -->
+            <!--
+            <RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
+            -->
+        </CredentialUse>
+
+        <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"
+            AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
+        <saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonTargetedID"
+            AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
+
+        <!-- AAP can be inline or in a separate file -->
+        <AAPProvider type="edu.internet2.middleware.shibboleth.serviceprovider.XMLAAP"
+        uri="/conf/AAP.xml"/>
+
+        <!-- Metadata consists of site/operational metadata, trust, revocation providers. Can be external or inline. -->
+        <FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata"
+            uri="/conf/ExampleMetadata.xml"/>
+                       
+               <!-- Creater an inline just to test the inline parse logic -->  
+        <FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata">
+                       <SiteGroup Name="https://bogus.org/shibboleth" xmlns="urn:mace:shibboleth:1.0">
+                               <OriginSite Name="https://bogus.org/shibboleth/origin">
+                                       <Alias>Localhost Test Deployment</Alias>
+                                       <Contact Type="technical" Name="Your Name Here" Email="root@localhost"/>
+                                       <HandleService Location="https://localhost/shibboleth/HS" Name="CN=localhost, O=Shibboleth Project, C=US"/>
+                                       <AttributeAuthority Location="https://localhost/shibboleth/AA" Name="CN=localhost, O=Shibboleth Project, C=US"/>
+                                       <Domain>localhost</Domain>
+                               </OriginSite>
+                       
+                               <DestinationSite Name="https://bogus.org/shibboleth/target">
+                                       <Alias>Localhost Test Deployment</Alias>
+                                       <Contact Type="technical" Name="Your Name Here" Email="root@localhost"/>
+                                       <AssertionConsumerServiceURL Location="https://localhost/Shibboleth.shire"/>
+                                       <AttributeRequester Name="CN=localhost, O=Shibboleth Project, C=US"/>
+                               </DestinationSite>
+                       </SiteGroup>
+               </FederationProvider>
+                       
+                       
+
+        <TrustProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLTrust"
+            uri="/conf/testtrust.xml"/>
+
+        <!--
+        Revocation using X.509 CRLs is an optional feature in some trust metadata or you may
+        supply your own revocation information locally.
+        -->
+        <!--
+        <RevocationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLRevocation"
+            uri="/conf/IQ-trust.xml"/>
+        -->
+
+        <!-- zero or more SAML Audience condition matches -->
+        <saml:Audience>urn:mace:shibdev</saml:Audience>
+
+
+    </Applications>
+
+    <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
+    <CredentialsProvider type="edu.internet2.middleware.shibboleth.common.Credentials">
+        <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+            <FileResolver Id="defcreds">
+                <Key format="PEM">
+                    <Path>/conf/localhost.key</Path>
+                </Key>
+                <Certificate format="PEM">
+                    <Path>/conf/localhost.crt</Path>
+                </Certificate>
+            </FileResolver>
+        </Credentials>
+    </CredentialsProvider>
+
+</ShibbolethTargetConfig>
+