xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:sp:config:2.0 @-PKGXMLDIR-@/shibboleth-spconfig-2.0.xsd"
- logger="@-PKGSYSCONFDIR-@/shibboleth.logger" clockSkew="180">
+ logger="@-PKGSYSCONFDIR-@/syslog.logger" clockSkew="180">
<!--
<Extensions>
Resource requests are mapped in the Local section into an applicationId that
points into to this section.
-->
- <Applications id="default" providerId="https://sp.example.org/shibboleth"
+ <Applications id="default" policyId="default" providerId="https://sp.example.org/shibboleth"
homeURL="https://sp.example.org/index.html">
<!--
impact on the security of the SP. Stealing cookies/sessions is much easier with this
disabled.
-->
- <Sessions lifetime="7200" timeout="3600" checkAddress="false"
+ <Sessions lifetime="28800" timeout="3600" checkAddress="false"
handlerURL="/Shibboleth.sso" handlerSSL="false" idpHistory="true" idpHistoryDays="7">
<!--
<TrustEngine type="PKIX"/>
</TrustEngine>
+ <AttributeResolver type="Simple" path="@-PKGSYSCONFDIR-@/resolver-simple.xml"/>
</Applications>
<!-- Define all the private keys and certificates here that you reference from <CredentialUse>. -->
</CredentialResolver>
</Credentials>
- <!-- Each policy defines a set of rules to use to secure SAML (and other) messages. -->
- <SecurityPolicies default="full">
- <!-- The predefined policy handles SAML 1 and 2 protocols and permits signing and TLS. -->
- <Policy id="full">
+ <!-- Each policy defines a set of rules to use to secure SAML and SOAP messages. -->
+ <SecurityPolicies>
+ <!-- The predefined policy handles SAML 1 and 2 protocols and permits signing and client TLS. -->
+ <Policy id="default"
+ validate="false"
+ signedAssertions="false"
+ requireConfidentiality="true"
+ requireTransportAuth="true"
+ chunkedEncoding="true"
+ connectTimeout="15" timeout="30"
+ >
<Rule type="SAML1Message"/>
<Rule type="SAML2Message"/>
<Rule type="MessageFlow" checkReplay="true" expires="60"/>