<!--
This file is an EXAMPLE configuration file. Deployers should NOT attempt to use this
- without modifying it for their environment. In paticular, deployers will need to edit
+ without modifying it for their environment. In particular, deployers will need to edit
data connector configurations.
Not all attribute definitions, data connectors, or principal connectors are demonstrated.
<resolver:DataConnector id="mySIS" xsi:type="RelationalDatabase" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
validationQuery="SELECT 1 FROM DUAL">
<ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
- jdbcUrl="jdbc:oracle:thin:@db.example.org:1521:SomeDB" jdbcUserName="myid" jdbcPassword="mypassword" />
+ jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB" jdbcUserName="myid" jdbcPassword="mypassword" />
<QueryTemplate>
<![CDATA[
SELECT * FROM student WHERE gzbtpid = $requestContext.principalName
xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
xmlns:security="urn:mace:shibboleth:2.0:security"
xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
+ xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
<!-- ========================================== -->
<!-- MetadataProvider the combining other MetadataProviders -->
<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
+
+ <MetadataFilter xsi:type="ChainingFilter" xmlns="urn:mace:shibboleth:2.0:metadata">
+ <MetadataFilter xsi:tpe="SignatureValidation" trustEngineRef="shibboleth.SignatureTrustEngine" />
+ <MetadataFilter xsi:type="EntityRoleWhiteList" xmlns="urn:mace:shibboleth:2.0:metadata">
+ <RetainedRole>samlmd:SPSSODescriptor</RetainedRole>
+ </MetadataFilter>
+ </MetadataFilter>
+
<!-- MetadataProvider reading metadata from a URL. -->
<!-- Fill in metadataURL and backingFile attributes with deployment specific information -->
<!--
</EntitiesDescriptor>
</MetadataProvider>
-->
+
</MetadataProvider>
<security:SecurityPolicy id="shibboleth.DefaultSecurityPolicy" xsi:type="security:SecurityPolicyType">
<security:Rule xsi:type="samlsec:Replay"/>
<security:Rule xsi:type="samlsec:IssueInstant"/>
- <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
<security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
<security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
<security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
<security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+ <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
+ <Security:Rule xsi:type="security:MandatoryMessageAuthentication" />
</security:SecurityPolicy>
</RelyingPartyGroup>
\ No newline at end of file