REMOTE_USER="eppn persistent-id targeted-id"
metadataAttributePrefix="Meta-"
sessionHook="/Shibboleth.sso/AttrChecker"
- signing="false" encryption="false">
+ cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2">
<!--
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
<!-- Example of remotely supplied batch of signed metadata. -->
<!--
- <MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml"
+ <MetadataProvider type="XML" validate="true"
+ uri="http://federation.org/federation-metadata.xml"
backingFilePath="federation-metadata.xml" reloadInterval="7200">
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
<MetadataFilter type="Signature" certificate="fedsigner.pem"/>
<!-- Example of locally maintained metadata. -->
<!--
- <MetadataProvider type="XML" file="partner-metadata.xml"/>
+ <MetadataProvider type="XML" validate="true" file="partner-metadata.xml"/>
-->
<!-- TrustEngines run in order to evaluate peer keys and certificates. -->
<TrustEngine type="ExplicitKey"/>
- <TrustEngine type="PKIX"/>
+ <!-- <TrustEngine type="PKIX"/> -->
<!-- Map to extract attributes from SAML assertions. -->
<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>