-<SPConfig xmlns="urn:mace:shibboleth:sp:config:2.0"
- xmlns:conf="urn:mace:shibboleth:sp:config:2.0"
+<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
+ xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:sp:config:2.0 @-PKGXMLDIR-@/shibboleth-spconfig-2.0.xsd"
* forceAuthn insist on user reauthentication at IdP
* isPassive preclude interaction at IdP or discovery service
* authnContextClassRef URI reference of an AuthnContextClass to request
- * authnContextDeclRef URI reference of an AuthnContextDecl to request
* authnContextComparison comparison operator to apply to AuthnContext reference
-->
<TrustEngine type="PKIX"/>
</TrustEngine>
- <!-- Built-in attribute resolver to extract data from SAML assertions. -->
- <AttributeResolver type="Simple" path="@-PKGSYSCONFDIR-@/resolver-simple.xml"/>
+ <!-- Map to extract attributes from SAML assertions. -->
+ <AttributeExtractor type="XML" path="@-PKGSYSCONFDIR-@/attribute-map.xml"/>
+
+ <!-- Use a SAML query if no attributes are supplied during SSO. -->
+ <AttributeResolver type="Query"/>
+
+ <!-- Default filtering policy for recognized attributes, lets other data pass. -->
+ <AttributeFilter type="XML" path="@-PKGSYSCONFDIR-@/attribute-policy.xml"/>
<!-- Simple file-based resolver for key/certificate information. -->
<CredentialResolver type="File">