<ShibbolethTargetConfig xmlns="urn:mace:shibboleth:target:config:1.0"
- logger="@-LOGDIR-@/shibboleth.logger">
+ logger="@-PKGSYSCONFDIR-@/shibboleth.logger" clockSkew="180">
<Extensions>
<Library path="@-LIBEXECDIR-@/xmlproviders.so" fatal="true"/>
<Library path="@-LIBEXECDIR-@/shib-mysql-ccache.so" fatal="false"/>
</Extensions>
+ <!-- only one listener can be defined. -->
<UnixListener address="/tmp/shar-socket"/>
+ <!-- <TCPListener address="127.0.0.1" port="12345" acl="127.0.0.1"/> -->
+
<!--
- <TCPListener address="127.0.0.1" port="12345" acl="127.0.0.1"/>
+ See deploy guide for details, but:
+ cacheTimeout - how long before expired sessions are purged from the cache
+ AATimeout - how long to wait for an AA to respond
+ AAConnectTimeout - how long to wait while connecting to an AA
+ defaultLifetime - if attributes come back without guidance, how long should they last?
+ strictValidity - if we have expired attrs, and can't get new ones, keep using them?
+ propagateErrors - suppress errors while getting attrs or let user see them?
+ retryInterval - if propagateErrors is false and query fails, how long to wait before trying again
-->
-
<!--
<MemorySessionCache cleanupInterval="300" cacheTimeout="3600" AATimeout="30" AAConnectTimeout="15"
- defaultLifetime="1800" retryInterval="300" strictValidity="true" propagateErrors="false"/>
+ defaultLifetime="1800" retryInterval="300" strictValidity="false" propagateErrors="true"/>
-->
-
<MySQLSessionCache cleanupInterval="300" cacheTimeout="3600" AATimeout="30" AAConnectTimeout="15"
- defaultLifetime="1800" retryInterval="300" strictValidity="true" propagateErrors="false"
+ defaultLifetime="1800" retryInterval="300" strictValidity="false" propagateErrors="true"
mysqlTimeout="14400">
- <Argument>--language=@-PREFIX-@/share/english</Argument>
- <Argument>--datadir=@-PREFIX-@/data</Argument>
+ <Argument>--language=@-PREFIX-@/share/english</Argument>
+ <Argument>--datadir=@-PREFIX-@/data</Argument>
</MySQLSessionCache>
</SHAR>
<SHIRE logger="@-PKGSYSCONFDIR-@/shire.logger">
<!--
- To customize behavior, map hostnames and path components to application names.
+ To customize behavior, map hostnames and path components to applicationId and other settings.
Can be either a pointer to an external file or an inline configuration.
-->
<!--
<RequestMapProvider type="edu.internet2.middleware.shibboleth.target.provider.XMLRequestMap">
<RequestMap applicationId="default">
<!--
- If using IIS or apacheConfig is false:
- This requires a session for documents in /secure on the containing host on 80 and 443.
- Note that the name in the <Host> elements MUST match Apache's ServerName directive
- or the IIS host mapping in the <ISAPI> element below.
+ This requires a session for documents in /secure on the containing host with http and
+ https on the default ports. Note that the name and port in the <Host> elements MUST match
+ Apache's ServerName and Port directives or the IIS Site mapping in the <ISAPI> element
+ below.
-->
<Host name="localhost" scheme="https">
<Path name="secure" requireSession="true" exportAssertion="true"/>
<Implementation>
<ISAPI normalizeRequest="true">
- <Site id="1" host="localhost"/> <!-- Maps IIS IID values to the vhost name. -->
+ <!-- Maps IIS IID values to the host scheme/name/port. -->
+ <Site id="1" scheme="http" name="localhost" port="80"/>
</ISAPI>
- <Apache apacheConfig="true"/> <!-- whether httpd.conf or the RequestMap controls session behavior. -->
</Implementation>
</SHIRE>
<Applications xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
- applicationId="default" providerId="https://localhost/shibboleth/target">
+ id="default" providerId="https://example.org/shibboleth/target">
<!--
Controls session lifetimes, address checks, cookie handling, WAYF, and the SHIRE location.
The default wayfURL is the InQueue federation's service. Change to https://localhost/shibboleth/HS
for internal testing against your own origin.
-->
- <Sessions lifetime="7200" timeout="3600" checkAddress="true"
- shireURL="/Shibboleth.shire" shireSSL="false" cookieName="shib-default-app" cookieProps="; path=/"
- wayfURL="https://wayf.internet2.edu/InQueue/WAYF"/>
+ <Sessions lifetime="7200" timeout="3600" checkAddress="true" checkReplay="true"
+ shireURL="/Shibboleth.shire" shireSSL="false" wayfURL="https://wayf.internet2.edu/InQueue/WAYF"/>
<!-- You should customize the pages! You can add attributes with values that can be plugged in. -->
<Errors shire="@-PKGSYSCONFDIR-@/shireError.html"
rm="@-PKGSYSCONFDIR-@/rmError.html"
access="@-PKGSYSCONFDIR-@/accessError.html"
supportContact="root@localhost"
- logoLocation="/logo.gif"/>
+ logoLocation="/shibtarget/logo.jpg"
+ styleSheet="/shibtarget/main.css"/>
<Policy signRequest="false" signedResponse="false" signedAssertions="false">
<!-- use designators to request specific attributes or none to ask for all -->
<FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata"
uri="@-PKGSYSCONFDIR-@/sites.xml"/>
<FederationProvider type="edu.internet2.middleware.shibboleth.common.provider.XMLMetadata">
- <SiteGroup Name="https://localhost/shibboleth" xmlns="urn:mace:shibboleth:1.0">
- <OriginSite Name="https://localhost/shibboleth/origin">
+ <SiteGroup Name="https://example.org/shibboleth" xmlns="urn:mace:shibboleth:1.0">
+ <OriginSite Name="https://example.org/shibboleth/origin">
<Alias>Localhost Test Deployment</Alias>
<Contact Type="technical" Name="Your Name Here" Email="root@localhost"/>
- <HandleService Location="https://localhost/shibboleth/HS" Name="CN=localhost,O=Shibboleth Project,C=US"/>
- <AttributeAuthority Location="https://localhost/shibboleth/AA" Name="CN=localhost,O=Shibboleth Project,C=US"/>
+ <HandleService Location="https://localhost/shibboleth/HS" Name="CN=localhost, O=Shibboleth Project, C=US"/>
+ <AttributeAuthority Location="https://localhost/shibboleth/AA" Name="CN=localhost, O=Shibboleth Project, C=US"/>
<Domain>localhost</Domain>
</OriginSite>
</SiteGroup>
<CredentialUse TLS="defcreds" Signing="defcreds">
<!-- RelyingParty elements customize credentials for specific origins or federations -->
+ <!--
<RelyingParty Name="urn:mace:inqueue" TLS="inqueuecreds" Signing="inqueuecreds"/>
+ -->
</CredentialUse>
<!-- customize behavior of specific applications -->
<!--
<Application id="foo-admin">
- <Sessions shireURL="https://foo.com/admin/Shibboleth.shire</shireURL" cookieName="shib-foo-admin"/>
+ <Sessions shireURL="https:///admin/Shibboleth.shire"/>
<Policy>
<saml:AttributeDesignator AttributeName="urn:mace:dir:attribute-def:eduPersonPrincipalName"
AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri"/>
projects / shibboleth / sp.git / blobdiff