Fix-up some default/example configs
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 3 Jan 2008 12:33:17 +0000 (12:33 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 3 Jan 2008 12:33:17 +0000 (12:33 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2512 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

resources/conf/attribute-resolver.xml
resources/conf/relying-party.xml

index 76a3d69..2560b13 100644 (file)
@@ -2,7 +2,7 @@
 
 <!-- 
     This file is an EXAMPLE configuration file.  Deployers should NOT attempt to use this 
-    without modifying it for their environment.  In paticular, deployers will need to edit 
+    without modifying it for their environment.  In particular, deployers will need to edit 
     data connector configurations.
     
     Not all attribute definitions, data connectors, or principal connectors are demonstrated.
     <resolver:DataConnector id="mySIS" xsi:type="RelationalDatabase" xmlns="urn:mace:shibboleth:2.0:resolver:dc"
         validationQuery="SELECT 1 FROM DUAL">
         <ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
-            jdbcUrl="jdbc:oracle:thin:@db.example.org:1521:SomeDB" jdbcUserName="myid" jdbcPassword="mypassword" />
+            jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB" jdbcUserName="myid" jdbcPassword="mypassword" />
         <QueryTemplate>
             <![CDATA[
                 SELECT * FROM student WHERE gzbtpid = $requestContext.principalName
index a68b82e..e9c6b27 100644 (file)
@@ -11,6 +11,7 @@
                    xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
                    xmlns:security="urn:mace:shibboleth:2.0:security"
                    xmlns:samlsec="urn:mace:shibboleth:2.0:security:saml"
+                   xmlns:samlmd="urn:oasis:names:tc:SAML:2.0:metadata"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                    xsi:schemaLocation="urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
                                        urn:mace:shibboleth:2.0:relying-party:saml classpath:/schema/shibboleth-2.0-relying-party-saml.xsd
     <!-- ========================================== -->
     <!-- MetadataProvider the combining other MetadataProviders -->
     <MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata">
+            
+            <MetadataFilter xsi:type="ChainingFilter" xmlns="urn:mace:shibboleth:2.0:metadata">
+                <MetadataFilter xsi:tpe="SignatureValidation" trustEngineRef="shibboleth.SignatureTrustEngine" />
+                <MetadataFilter xsi:type="EntityRoleWhiteList" xmlns="urn:mace:shibboleth:2.0:metadata">
+                    <RetainedRole>samlmd:SPSSODescriptor</RetainedRole>
+                </MetadataFilter>
+            </MetadataFilter>
+        
         <!-- MetadataProvider reading metadata from a URL. -->
         <!-- Fill in metadataURL and backingFile attributes with deployment specific information -->
         <!--
@@ -75,6 +84,7 @@
             </EntitiesDescriptor>
         </MetadataProvider>
         -->
+        
     </MetadataProvider>
 
     
     <security:SecurityPolicy id="shibboleth.DefaultSecurityPolicy" xsi:type="security:SecurityPolicyType">
         <security:Rule xsi:type="samlsec:Replay"/>
         <security:Rule xsi:type="samlsec:IssueInstant"/>
-        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
         <security:Rule xsi:type="samlsec:ProtocolWithXMLSignature" trustEngineRef="shibboleth.SignatureTrustEngine" />
         <security:Rule xsi:type="samlsec:SAML2HTTPRedirectSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
         <security:Rule xsi:type="samlsec:SAML2HTTPPostSimpleSign" trustEngineRef="shibboleth.SignatureTrustEngine" />
         <security:Rule xsi:type="security:ClientCertAuth" trustEngineRef="shibboleth.CredentialTrustEngine" />
+        <security:Rule xsi:type="samlsec:MandatoryIssuer"/>
+        <Security:Rule xsi:type="security:MandatoryMessageAuthentication" />
     </security:SecurityPolicy>
     
 </RelyingPartyGroup>
\ No newline at end of file