--- /dev/null
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- Shibboleth Identity Provider configuration -->
+
+ <IdPConfig
+ xmlns="urn:mace:shibboleth:idp:config:1.0"
+ xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+ xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+ AAUrl="https://idp.example.org:8443/shibboleth-idp/AA"
+ resolverConfig="$SHIB_HOME$/etc/resolver.xml"
+ defaultRelyingParty="urn:mace:inqueue"
+ providerId="https://idp.example.org/shibboleth-idp">
+
+
+ <!-- This section contains configuration options that apply only to a site or group of sites
+ This would normally be adjusted when a new federation or bilateral trust relationship is established -->
+ <RelyingParty name="urn:mace:inqueue" signingCredential="inqueue_cred"> <!-- (signingCredential) must correspond to a <Credential/> element below -->
+ <NameID nameMapping="shm"/> <!-- (nameMapping) must correspond to a <NameMapping/> element below -->
+ </RelyingParty>
+
+
+ <!-- Configuration for the attribute release policy engine
+ For most configurations this won't need adjustment -->
+ <ReleasePolicyEngine>
+ <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+ <Path>$SHIB_HOME$/etc/arps/</Path>
+ </ArpRepository>
+ </ReleasePolicyEngine>
+
+
+ <!-- Logging Configuration
+ The defaults work fine in this section, but it is sometimes helpful to use "DEBUG" as the level for
+ the <ErrorLog/> when trying to diagnose problems -->
+ <Logging>
+ <ErrorLog level="WARN" location="$SHIB_HOME$/logs/shib-error.log" />
+ <TransactionLog level="INFO" location="$SHIB_HOME$/logs/shib-access.log" />
+ </Logging>
+ <!-- Uncomment the configuration section below and comment out the one above if you would like to manually configure log4j -->
+ <!--
+ <Logging>
+ <Log4JConfig location="file:///tmp/log4j.properties" />
+ </Logging>
+ -->
+
+
+ <!-- This configuration section determines how Shibboleth maps between SAML Subjects and local principals.
+ The default mapping uses shibboleth handles, but other formats can be added.
+ The mappings listed here are only active when they are referenced within a <RelyingParty/> element above -->
+ <NameMapping
+ xmlns="urn:mace:shibboleth:namemapper:1.0"
+ id="shm"
+ format="urn:mace:shibboleth:1.0:nameIdentifier"
+ type="SharedMemoryShibHandle"
+ handleTTL="1800"/>
+
+ <!-- Determines how SAML artifacts are stored and retrieved
+ The (sourceLocation) attribute must be specified when using type 2 artifacts -->
+ <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+
+ <!-- This configuration section determines the keys/certs to be used when signing SAML assertions -->
+ <!-- The credentials listed here are used when referenced within <RelyingParty/> elements above -->
+ <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+ <KeyStoreResolver Id="inqueue_cred" storeType="JKS">
+ <Path>$SHIB_HOME$/etc/keystore.jks</Path>
+ <KeyAlias>example</KeyAlias>
+ <CertAlias>example</CertAlias>
+ <StorePassword>example</StorePassword>
+ <KeyPassword>example</KeyPassword>
+ </KeyStoreResolver>
+ </Credentials>
+
+
+ <!-- Protocol handlers specify what type of requests the IdP can respond to. The default set listed here should work
+ for most configurations. Modifications to this section may require modifications to the deployment descriptor -->
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+ <Location>.+/shibboleth-idp/SSO</Location>
+ </ProtocolHandler>
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+ <Location>.+:8443/shibboleth-idp/AA</Location>
+ </ProtocolHandler>
+ <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+ <Location>.+:8443/shibboleth-idp/Artifact</Location>
+ </ProtocolHandler>
+
+
+ <!-- This section configures the loading of SAML2 metadata, which contains information about system entities and
+ how to authenticate them. The metadatatool utility can be used to keep federation metadata files in synch.
+ Metadata can also be placed directly within this these elements. -->
+ <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ uri="$SHIB_HOME$/etc/example-sites.xml"/>
+ <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+ uri="$SHIB_HOME$/etc/example-sites.xml"/>
+
+</IdPConfig>
+