xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"\r
clockSkew="180">\r
\r
- <!-- The InProcess section conrains settings affecting web server modules/filters. -->\r
+ <!--\r
+ The InProcess section contains settings affecting web server modules.\r
+ Required for IIS, but can be removed when using other web servers.\r
+ -->\r
<InProcess logger="native.logger">\r
<ISAPI normalizeRequest="true" safeHeaderNames="true">\r
<!--\r
</ISAPI>\r
</InProcess>\r
\r
- <!-- By default, in-memory StorageService, ReplayCache, and ArtifactMap are used. -->\r
- <SessionCache type="StorageService" cacheAssertions="false"\r
- cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>\r
+ <!--\r
+ By default, in-memory StorageService, ReplayCache, ArtifactMap, and SessionCache\r
+ are used. See example-shibboleth2.xml for samples of explicitly configuring them.\r
+ -->\r
\r
<!--\r
To customize behavior for specific resources on IIS, and to link vhosts or\r
-->\r
<ApplicationDefaults policyId="default"\r
entityID="https://sp.example.org/shibboleth"\r
- REMOTE_USER="eppn persistent-id targeted-id"\r
- signing="false" encryption="false">\r
+ REMOTE_USER="eppn persistent-id targeted-id">\r
\r
<!--\r
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.\r
impact on the security of the SP. Stealing cookies/sessions is much easier with this disabled.\r
-->\r
<Sessions lifetime="28800" timeout="3600" checkAddress="false"\r
- handlerURL="/Shibboleth.sso" handlerSSL="false"\r
- idpHistory="false" idpHistoryDays="7">\r
+ handlerURL="/Shibboleth.sso" handlerSSL="false">\r
\r
<!--\r
SessionInitiators handle session requests and relay them to a Discovery page,\r
-->\r
</MetadataProvider>\r
\r
- <!-- Chain the two built-in trust engines together. -->\r
- <TrustEngine type="Chaining">\r
- <TrustEngine type="ExplicitKey"/>\r
- <TrustEngine type="PKIX"/>\r
- </TrustEngine>\r
-\r
<!-- Map to extract attributes from SAML assertions. -->\r
<AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/>\r
\r