projects / shibboleth / sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Rework decoder handling in simple resolver, add IdP/SP names to decoder API, hook...
[shibboleth/sp.git] / configs / shibboleth.xml.in
diff --git a/configs/shibboleth.xml.in b/configs/shibboleth.xml.in
index b41fda3..0eac855 100644 (file)
--- a/configs/shibboleth.xml.in
+++ b/configs/shibboleth.xml.in
@@ -3,7 +3,7 @@
        xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="urn:mace:shibboleth:sp:config:2.0 @-PKGXMLDIR-@/shibboleth-spconfig-2.0.xsd"
-       logger="@-PKGSYSCONFDIR-@/shibboleth.logger" clockSkew="180">
+       logger="@-PKGSYSCONFDIR-@/syslog.logger" clockSkew="180">
 
        <!--
        <Extensions>
@@ -106,7 +106,7 @@
        Resource requests are mapped in the Local section into an applicationId that
        points into to this section.
        -->
-       <Applications id="default" providerId="https://sp.example.org/shibboleth"
+       <Applications id="default" policyId="default" providerId="https://sp.example.org/shibboleth"
                homeURL="https://sp.example.org/index.html">
 
                <!--
@@ -119,7 +119,7 @@
                impact on the security of the SP. Stealing cookies/sessions is much easier with this
                disabled.
                -->
-               <Sessions lifetime="7200" timeout="3600" checkAddress="false"
+               <Sessions lifetime="28800" timeout="3600" checkAddress="false"
                        handlerURL="/Shibboleth.sso" handlerSSL="false" idpHistory="true" idpHistoryDays="7">
                        
                        <!--
@@ -190,6 +190,7 @@
                        <TrustEngine type="PKIX"/>
                </TrustEngine>
 
+               <AttributeResolver type="Simple" path="@-PKGSYSCONFDIR-@/resolver-simple.xml"/>
        </Applications>
        
        <!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
@@ -204,10 +205,17 @@
                </CredentialResolver>
        </Credentials>
 
-       <!-- Each policy defines a set of rules to use to secure SAML (and other) messages. -->
-       <SecurityPolicies default="full">
-               <!-- The predefined policy handles SAML 1 and 2 protocols and permits signing and TLS. -->
-               <Policy id="full">
+       <!-- Each policy defines a set of rules to use to secure SAML and SOAP messages. -->
+       <SecurityPolicies>
+               <!-- The predefined policy handles SAML 1 and 2 protocols and permits signing and client TLS. -->
+               <Policy id="default"
+                       validate="false"
+                       signedAssertions="false"
+                       requireConfidentiality="true"
+                       requireTransportAuth="true"
+                       chunkedEncoding="true"
+                       connectTimeout="15" timeout="30"
+                       >
                        <Rule type="SAML1Message"/>
                        <Rule type="SAML2Message"/>
                        <Rule type="MessageFlow" checkReplay="true" expires="60"/>
Shibboleth SP