<!--
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
You MUST supply an effectively unique handlerURL value for each of your applications.
- The value can be a relative path, a URL with no hostname (https:///path) or a full URL.
- The system can compute a relative value based on the virtual host. Using handlerSSL="true"
- will force the protocol to be https. You should also add a cookieProps setting of "; path=/; secure"
+ The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing
+ a relative value based on the virtual host. Using handlerSSL="true", the default, will force
+ the protocol to be https. You should also add a cookieProps setting of "; path=/; secure"
in that case. Note that while we default checkAddress to "false", this has a negative
impact on the security of the SP. Stealing cookies/sessions is much easier with this disabled.
-->
- <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem"
- handlerURL="/Shibboleth.sso" handlerSSL="false">
+ <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false">
<!--
Configures SSO for a default IdP. To allow for >1 IdP, remove
<!-- Session diagnostic service. -->
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
+ <!-- JSON feed of discovery information. -->
+ <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<!--
- Allows overriding of error template filenames. You can also add attributes with values
- that can be plugged into the templates.
+ Allows overriding of error template information/filenames. You can
+ also add attributes with values that can be plugged into the templates.
-->
<Errors supportContact="root@localhost"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
- <!-- Chains together all your metadata sources. -->
- <MetadataProvider type="Chaining">
- <!-- Example of remotely supplied batch of signed metadata. -->
- <!--
- <MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml"
- backingFilePath="federation-metadata.xml" reloadInterval="7200">
- <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
- <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
- </MetadataProvider>
- -->
-
- <!-- Example of locally maintained metadata. -->
- <!--
- <MetadataProvider type="XML" file="partner-metadata.xml"/>
- -->
+ <!-- Example of remotely supplied batch of signed metadata. -->
+ <!--
+ <MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml"
+ backingFilePath="federation-metadata.xml" reloadInterval="7200">
+ <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
+ <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
</MetadataProvider>
+ -->
+
+ <!-- Example of locally maintained metadata. -->
+ <!--
+ <MetadataProvider type="XML" file="partner-metadata.xml"/>
+ -->
<!-- Map to extract attributes from SAML assertions. -->
<AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/>
projects / shibboleth / cpp-sp.git / blobdiff