Redo RequestMap comments, remove from Unix version of default file.

[shibboleth/cpp-sp.git] / configs / win-shibboleth2.xml

diff --git a/configs/win-shibboleth2.xml b/configs/win-shibboleth2.xml
index 89316ed..0560824 100644 (file)
--- a/configs/win-shibboleth2.xml
+++ b/configs/win-shibboleth2.xml
@@ -29,9 +29,16 @@
     <SessionCache type="StorageService" cacheAssertions="false"\r
                   cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>\r
 \r
-    <!-- To customize behavior, map hostnames and path components to applicationId and other settings. -->\r
+    <!--\r
+    To customize behavior for specific resources on IIS, and to link vhosts or\r
+    resources to ApplicationOverride settings below, use the XML syntax below.\r
+    See https://spaces.internet2.edu/display/SHIB2/NativeSPRequestMapHowTo for help.\r
+    \r
+    Apache users should rely on web server options/commands in most cases, and can remove the\r
+    RequestMapper element. See https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig\r
+    -->\r
     <RequestMapper type="Native">\r
-        <RequestMap applicationId="default">\r
+        <RequestMap>\r
             <!--\r
             The example requires a session for documents in /secure on the containing host with http and\r
             https on the default ports. Note that the name and port in the <Host> elements MUST match\r
@@ -50,9 +57,9 @@
     <!--\r
     The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined.\r
     Resource requests are mapped by the RequestMapper to an applicationId that\r
-    points into to this section.\r
+    points into to this section (or to the defaults here).\r
     -->\r
-    <ApplicationDefaults id="default" policyId="default"\r
+    <ApplicationDefaults policyId="default"\r
         entityID="https://sp.example.org/shibboleth"\r
         REMOTE_USER="eppn persistent-id targeted-id"\r
         signing="false" encryption="false">\r
@@ -199,9 +206,18 @@
         <!-- Simple file-based resolver for using a single keypair. -->\r
         <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>\r
 \r
-        <!-- Example of a second application (using a second vhost) that has a different entityID. -->\r
-        <!-- <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/> -->\r
-\r
+        <!--\r
+        The default settings can be overridden by creating ApplicationOverride elements (see\r
+        the https://spaces.internet2.edu/display/SHIB2/NativeSPApplicationOverride topic).\r
+        Resource requests are mapped by web server commands, or the RequestMapper, to an\r
+        applicationId setting.\r
+        \r
+        Example of a second application (for a second vhost) that has a different entityID.\r
+        Resources on the vhost would map to an applicationId of "admin":\r
+        -->\r
+        <!--\r
+        <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>\r
+        -->\r
     </ApplicationDefaults>\r
     \r
     <!-- Policies that determine how to process and authenticate runtime messages. -->\r