-<SPConfig xmlns="urn:mace:shibboleth:sp:config:2.0"
- xmlns:conf="urn:mace:shibboleth:sp:config:2.0"
+<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
+ xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:sp:config:2.0 @-PKGXMLDIR-@/shibboleth-spconfig-2.0.xsd"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
- <!-- Configure handling of outgoing messages. -->
- <DefaultRelyingParty authType="TLS" signRequests="false" encryptRequests="true"/>
+ <!-- Configure handling of outgoing messages and SOAP client authentication. -->
+ <DefaultRelyingParty authType="TLS" signRequests="false" encryptRequests="true">
+ <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
+ <!--
+ <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/>
+ -->
+ </DefaultRelyingParty>
<!-- Chains together all your metadata sources. -->
<MetadataProvider type="Chaining">
<TrustEngine type="PKIX"/>
</TrustEngine>
- <!-- Built-in attribute resolver to extract data from SAML assertions. -->
- <AttributeResolver type="Simple" path="@-PKGSYSCONFDIR-@/resolver-simple.xml"/>
+ <!-- Map to extract attributes from SAML assertions. -->
+ <AttributeExtractor type="XML" path="@-PKGSYSCONFDIR-@/attribute-map.xml"/>
+
+ <!-- Use a SAML query if no attributes are supplied during SSO. -->
+ <AttributeResolver type="Query"/>
+
+ <!-- Default filtering policy for recognized attributes, lets other data pass. -->
+ <AttributeFilter type="XML" path="@-PKGSYSCONFDIR-@/attribute-policy.xml"/>
- <!-- Simple file-based resolver for key/certificate information. -->
+ <!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File">
<Key>
<Path>@-PKGSYSCONFDIR-@/sp-example.key</Path>
<Path>@-PKGSYSCONFDIR-@/sp-example.crt</Path>
</Certificate>
</CredentialResolver>
+
+ <!-- Advanced resolver allowing for multiple keypairs. -->
+ <!--
+ <CredentialResolver type="Chaining">
+ <CredentialResolver type="File">
+ <Key>
+ <Name>DefaultKey</Name>
+ <Path>@-PKGSYSCONFDIR-@/sp-example.key</Path>
+ </Key>
+ <Certificate>
+ <Path>@-PKGSYSCONFDIR-@/sp-example.crt</Path>
+ </Certificate>
+ </CredentialResolver>
+ <CredentialResolver type="File">
+ <Key>
+ <Name>SpecialKey</Name>
+ <Path>@-PKGSYSCONFDIR-@/special.key</Path>
+ </Key>
+ <Certificate>
+ <Path>@-PKGSYSCONFDIR-@/special.crt</Path>
+ </Certificate>
+ </CredentialResolver>
+ </CredentialResolver>
+ -->
</Applications>
<!-- Each policy defines a set of rules to use to secure SAML and SOAP messages. -->