xsi:schemaLocation="urn:mace:shibboleth:2.0:native:sp:config @-PKGXMLDIR-@/shibboleth-2.0-native-sp-config.xsd"
logger="@-PKGSYSCONFDIR-@/syslog.logger" clockSkew="180">
- <!--
- <Extensions>
- <Library path="@-LIBEXECDIR-@/adfs.so" fatal="true"/>
- </Extensions>
- -->
-
<!-- The OutOfProcess section pertains to components that run in the shibd daemon. -->
<OutOfProcess logger="@-PKGSYSCONFDIR-@/shibd.logger">
<!--
<Extensions>
+ <Library path="@-LIBEXECDIR-@/adfs.so" fatal="true"/>
<Library path="@-LIBEXECDIR-@/odbc-store.so" fatal="true"/>
</Extensions>
-->
<!-- Only one listener can be defined. -->
- <UnixListener address="@-VARRUNDIR-@/shib-shar.sock"/>
+ <UnixListener address="@-PKGRUNDIR-@/shibd.sock"/>
<!-- <TCPListener address="127.0.0.1" port="12345" acl="127.0.0.1"/> -->
-
<StorageService type="Memory" id="memory" cleanupInterval="900"/>
<SessionCache type="StorageService" StorageService="memory" cacheTimeout="3600"/>
<ReplayCache StorageService="memory"/>
<!-- The InProcess section pertains to components that run inside the web server. -->
<InProcess logger="@-PKGSYSCONFDIR-@/native.logger">
+
+ <!--
+ <Extensions>
+ <Library path="@-LIBEXECDIR-@/adfs-lite.so" fatal="true"/>
+ </Extensions>
+ -->
+
<SessionCache type="Remoted" cleanupInterval="900" cacheTimeout="900"/>
<!--
points into to this section.
-->
<Applications id="default" policyId="default" entityID="https://sp.example.org/shibboleth"
- homeURL="https://sp.example.org/index.html" REMOTE_USER="eppn persistent-id"
+ homeURL="https://sp.example.org/index.html" REMOTE_USER="eppn persistent-id targeted-id"
localLogout="@-PKGSYSCONFDIR-@/localLogout.html"
globalLogout="@-PKGSYSCONFDIR-@/globalLogout.html">
disabled.
-->
<Sessions lifetime="28800" timeout="3600" checkAddress="false"
- handlerURL="/Shibboleth.sso" handlerSSL="false" exportLocation="/GetAssertion"
+ handlerURL="/Shibboleth.sso" handlerSSL="false"
+ exportLocation="http://localhost/Shibboleth.sso/GetAssertion"
idpHistory="true" idpHistoryDays="7">
<!--
<md:SingleLogoutService Location="/SLO/Artifact" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+ <!-- md:ManageNameIDService locations handle NameID management (NIM) protocol messages. -->
+ <md:ManageNameIDService Location="/NIM/SOAP"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+ <md:ManageNameIDService Location="/NIM/Redirect" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
+ <md:ManageNameIDService Location="/NIM/POST" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+ <md:ManageNameIDService Location="/NIM/Artifact" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+ Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+
<!--
md:ArtifactResolutionService locations resolve artifacts issued when using the
SAML 2.0 HTTP-Artifact binding on outgoing messages, generally uses SOAP.
<md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+ <!-- Extension service that generates "approximate" metadata based on SP configuration. -->
+ <Handler type="MetadataGenerator" Location="/Metadata" signing="true"/>
+
</Sessions>
<!--
chunkedEncoding="false"
connectTimeout="15" timeout="30"
>
- <Rule type="SAML1Message"/>
- <Rule type="SAML2Message"/>
<Rule type="MessageFlow" checkReplay="true" expires="60"/>
<Rule type="ClientCertAuth" errorFatal="true"/>
<Rule type="XMLSigning" errorFatal="true"/>