First cut at an examle config for the 1.3 IdP.

git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1526 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

diff --git a/src/conf/idp.xml.dist b/src/conf/idp.xml.dist
new file mode 100644 (file)
index 0000000..2bf9ca8
--- /dev/null
+++ b/src/conf/idp.xml.dist
@@ -0,0 +1,98 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Shibboleth Identity Provider configuration -->
+
+       <IdPConfig 
+       xmlns="urn:mace:shibboleth:idp:config:1.0" 
+       xmlns:cred="urn:mace:shibboleth:credentials:1.0" 
+       xmlns:name="urn:mace:shibboleth:namemapper:1.0" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd" 
+       AAUrl="https://idp.example.org:8443/shibboleth-idp/AA" 
+       resolverConfig="$SHIB_HOME$/etc/resolver.xml"
+       defaultRelyingParty="urn:mace:inqueue" 
+       providerId="https://idp.example.org/shibboleth-idp">
+
+
+       <!-- This section contains configuration options that apply only to a site or group of sites
+               This would normally be adjusted when a new federation or bilateral trust relationship is established -->
+       <RelyingParty name="urn:mace:inqueue" signingCredential="inqueue_cred"> <!-- (signingCredential) must correspond to a <Credential/> element below -->
+               <NameID nameMapping="shm"/> <!-- (nameMapping) must correspond to a <NameMapping/> element below -->
+       </RelyingParty>
+
+       
+       <!-- Configuration for the attribute release policy engine
+               For most configurations this won't need adjustment -->
+       <ReleasePolicyEngine>
+               <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+                       <Path>$SHIB_HOME$/etc/arps/</Path>
+               </ArpRepository>
+       </ReleasePolicyEngine>
+
+       
+    <!-- Logging Configuration
+               The defaults work fine in this section, but it is sometimes helpful to use "DEBUG" as the level for 
+               the <ErrorLog/> when trying to diagnose problems -->
+       <Logging>
+               <ErrorLog level="WARN" location="$SHIB_HOME$/logs/shib-error.log" />
+               <TransactionLog level="INFO" location="$SHIB_HOME$/logs/shib-access.log" />
+       </Logging>
+       <!-- Uncomment the configuration section below and comment out the one above if you would like to manually configure log4j -->
+    <!--
+       <Logging>
+               <Log4JConfig location="file:///tmp/log4j.properties" />
+       </Logging>
+        -->
+
+
+       <!-- This configuration section determines how Shibboleth maps between SAML Subjects and local principals.
+               The default mapping uses shibboleth handles, but other formats can be added.
+               The mappings listed here are only active when they are referenced within a <RelyingParty/> element above -->
+       <NameMapping 
+               xmlns="urn:mace:shibboleth:namemapper:1.0" 
+               id="shm" 
+               format="urn:mace:shibboleth:1.0:nameIdentifier" 
+               type="SharedMemoryShibHandle" 
+               handleTTL="1800"/>
+
+       <!-- Determines how SAML artifacts are stored and retrieved
+               The (sourceLocation) attribute must be specified when using type 2 artifacts -->
+       <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+
+       <!-- This configuration section determines the keys/certs to be used when signing SAML assertions -->
+       <!-- The credentials listed here are used when referenced within <RelyingParty/> elements above -->
+       <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+               <KeyStoreResolver Id="inqueue_cred" storeType="JKS">
+                       <Path>$SHIB_HOME$/etc/keystore.jks</Path>
+                       <KeyAlias>example</KeyAlias>
+                       <CertAlias>example</CertAlias>
+                       <StorePassword>example</StorePassword>
+                       <KeyPassword>example</KeyPassword>
+               </KeyStoreResolver>
+       </Credentials>
+
+
+       <!-- Protocol handlers specify what type of requests the IdP can respond to.  The default set listed here should work 
+               for most configurations.  Modifications to this section may require modifications to the deployment descriptor -->
+       <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+               <Location>.+/shibboleth-idp/SSO</Location>
+       </ProtocolHandler>
+       <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+               <Location>.+:8443/shibboleth-idp/AA</Location>
+       </ProtocolHandler>
+       <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+               <Location>.+:8443/shibboleth-idp/Artifact</Location>
+       </ProtocolHandler>
+
+       
+       <!-- This section configures the loading of SAML2 metadata, which contains information about system entities and 
+               how to authenticate them.  The metadatatool utility can be used to keep federation metadata files in synch.
+               Metadata can also be placed directly within this these elements. -->
+       <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+                uri="$SHIB_HOME$/etc/example-sites.xml"/>
+       <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+                uri="$SHIB_HOME$/etc/example-sites.xml"/>
+
+</IdPConfig>
+