- <!-- An example supporting the new-style of discovery service. -->
- <SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie">
- <SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
- <SessionInitiator type="Shib1" defaultACSIndex="5"/>
- <!-- <SessionInitiator type="ADFS"/> -->
- <SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS"/>
- </SessionInitiator>
-
- <!--
- md:AssertionConsumerService locations handle specific SSO protocol bindings,
- such as SAML 2.0 POST or SAML 1.1 Artifact. The isDefault and index attributes
- are used when sessions are initiated to determine how to tell the IdP where and
- how to return the response.
- -->
- <md:AssertionConsumerService Location="/SAML2/POST" index="1"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
- <md:AssertionConsumerService Location="/SAML2/POST-SimpleSign" index="2"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
- <md:AssertionConsumerService Location="/SAML2/Artifact" index="3"
- Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+ <!-- Default example directs to a specific IdP's SSO service (favoring SAML 2 over Shib 1). -->
+ <SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Intranet"
+ relayState="cookie" entityID="https://idp.example.org/shibboleth">
+ <SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+ <SessionInitiator type="Shib1" defaultACSIndex="5"/>
+ </SessionInitiator>
+
+ <!-- An example using an old-style WAYF, which means Shib 1 only unless an entityID is provided. -->
+ <SessionInitiator type="Chaining" Location="/WAYF" id="WAYF" relayState="cookie">
+ <SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+ <SessionInitiator type="Shib1" defaultACSIndex="5"/>
+ <SessionInitiator type="WAYF" defaultACSIndex="5" URL="https://wayf.example.org/WAYF"/>
+ </SessionInitiator>
+
+ <!-- An example supporting the new-style of discovery service. -->
+ <SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie">
+ <SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+ <SessionInitiator type="Shib1" defaultACSIndex="5"/>
+ <SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS"/>
+ </SessionInitiator>
+
+ <!--
+ md:AssertionConsumerService locations handle specific SSO protocol bindings,
+ such as SAML 2.0 POST or SAML 1.1 Artifact. The isDefault and index attributes
+ are used when sessions are initiated to determine how to tell the IdP where and
+ how to return the response.
+ -->
+ <md:AssertionConsumerService Location="/SAML2/POST" index="1"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+ <md:AssertionConsumerService Location="/SAML2/POST-SimpleSign" index="2"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"/>
+ <md:AssertionConsumerService Location="/SAML2/Artifact" index="3"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>