</Extensions>\r
-->\r
</OutOfProcess>\r
- \r
- <!-- The InProcess section conrains settings affecting web server modules/filters. -->\r
+\r
+ <!--\r
+ The InProcess section contains settings affecting web server modules.\r
+ Required for IIS, but can be removed when using other web servers.\r
+ -->\r
<InProcess logger="native.logger">\r
<ISAPI normalizeRequest="true" safeHeaderNames="true">\r
<!--\r
\r
<!-- This set of components stores sessions and other persistent data in daemon memory. -->\r
<StorageService type="Memory" id="mem" cleanupInterval="900"/>\r
- <SessionCache type="StorageService" StorageService="mem" cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>\r
+ <SessionCache type="StorageService" StorageService="mem" cacheAssertions="false"\r
+ cacheAllowance="900" inprocTimeout="900" cleanupInterval="900"/>\r
<ReplayCache StorageService="mem"/>\r
<ArtifactMap artifactTTL="180"/>\r
\r
DRIVER=drivername;SERVER=dbserver;UID=shibboleth;PWD=password;DATABASE=shibboleth;APP=Shibboleth\r
</ConnectionString>\r
</StorageService>\r
- <SessionCache type="StorageService" StorageService="db" cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>\r
+ <SessionCache type="StorageService" StorageService="db" cacheAssertions="false"\r
+ cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>\r
<ReplayCache StorageService="db"/>\r
<ArtifactMap StorageService="db" artifactTTL="180"/>\r
-->\r
\r
- <!-- To customize behavior, map hostnames and path components to applicationId and other settings. -->\r
+ <!--\r
+ To customize behavior for specific resources on Apache, and to link vhosts or\r
+ resources to ApplicationOverride settings below, use web server options/commands.\r
+ See https://spaces.internet2.edu/display/SHIB2/NativeSPConfigurationElements for help.\r
+ \r
+ For examples with the RequestMap XML syntax instead, see the example-shibboleth2.xml\r
+ file, and the https://spaces.internet2.edu/display/SHIB2/NativeSPRequestMapHowTo topic.\r
+ -->\r
<RequestMapper type="Native">\r
<RequestMap>\r
<!--\r
Resource requests are mapped by the RequestMapper to an applicationId that\r
points into to this section (or to the defaults here).\r
-->\r
- <ApplicationDefaults policyId="default"\r
- entityID="https://sp.example.org/shibboleth"\r
- REMOTE_USER="eppn persistent-id targeted-id"\r
- signing="false" encryption="false">\r
+ <ApplicationDefaults entityID="https://sp.example.org/shibboleth"\r
+ REMOTE_USER="eppn persistent-id targeted-id"\r
+ signing="false" encryption="false">\r
\r
<!--\r
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.\r
\r
<!-- Default directs to a specific IdP (favoring SAML 2 over Shib 1). -->\r
<SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Login"\r
- relayState="cookie" entityID="https://idp.example.org/shibboleth">\r
+ relayState="cookie" entityID="https://idp.example.org/shibboleth">\r
+ \r
<SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>\r
<SessionInitiator type="Shib1" acsIndex="5"/>\r
<!--\r
logoLocation="/shibboleth-sp/logo.jpg"\r
styleSheet="/shibboleth-sp/main.css"/>\r
\r
- <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->\r
- <!-- <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/> -->\r
+ <!--\r
+ Uncomment and modify to tweak settings for specific IdPs or groups. Settings here\r
+ generally match those allowed by the <ApplicationDefaults> element.\r
+ -->\r
+ <!--\r
+ <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/>\r
+ -->\r
\r
<!-- Chains together all your metadata sources. -->\r
<MetadataProvider type="Chaining">\r
<!-- Simple file-based resolver for using a single keypair. -->\r
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>\r
\r
- <!-- Example of a second application (using a second vhost) that has a different entityID. -->\r
- <!-- <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/> -->\r
-\r
+ <!--\r
+ The default settings can be overridden by creating ApplicationOverride elements (see\r
+ the https://spaces.internet2.edu/display/SHIB2/NativeSPApplicationOverride topic).\r
+ Resource requests are mapped by web server commands, or the RequestMapper, to an\r
+ applicationId setting.\r
+ \r
+ Example of a second application (for a second vhost) that has a different entityID.\r
+ Resources on the vhost would map to an applicationId of "admin":\r
+ -->\r
+ <!--\r
+ <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>\r
+ -->\r
</ApplicationDefaults>\r
\r
<!-- Policies that determine how to process and authenticate runtime messages. -->\r