SSPCPP-641 - add ability to set SOAP cipher suites

[shibboleth/cpp-sp.git] / configs / example-shibboleth2.xml

diff --git a/configs/example-shibboleth2.xml b/configs/example-shibboleth2.xml
index efc378d..48d65c4 100644 (file)
--- a/configs/example-shibboleth2.xml
+++ b/configs/example-shibboleth2.xml
@@ -95,7 +95,7 @@
                          REMOTE_USER="eppn persistent-id targeted-id"
                          metadataAttributePrefix="Meta-"
                          sessionHook="/Shibboleth.sso/AttrChecker"
-                         signing="false" encryption="false">
+                         cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
 
         <!--
         Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
@@ -225,7 +225,8 @@
 
         <!-- Example of remotely supplied batch of signed metadata. -->
         <!--
-        <MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml"
+        <MetadataProvider type="XML" validate="true"
+             uri="http://federation.org/federation-metadata.xml"
               backingFilePath="federation-metadata.xml" reloadInterval="7200">
             <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
             <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
@@ -238,12 +239,12 @@
 
         <!-- Example of locally maintained metadata. -->
         <!--
-        <MetadataProvider type="XML" file="partner-metadata.xml"/>
+        <MetadataProvider type="XML" validate="true" file="partner-metadata.xml"/>
         -->
 
         <!-- TrustEngines run in order to evaluate peer keys and certificates. -->
         <TrustEngine type="ExplicitKey"/>
-        <TrustEngine type="PKIX"/>
+        <!-- <TrustEngine type="PKIX"/> -->
 
         <!-- Map to extract attributes from SAML assertions. -->
         <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>