impact on the security of the SP. Stealing cookies/sessions is much easier with this disabled.\r
-->\r
<Sessions lifetime="28800" timeout="3600" checkAddress="false"\r
- handlerURL="/Shibboleth.sso" handlerSSL="false"\r
+ handlerURL="/Shibboleth.sso" handlerSSL="false" relayState="ss:mem"\r
exportLocation="http://localhost/Shibboleth.sso/GetAssertion" exportACL="127.0.0.1"\r
idpHistory="false" idpHistoryDays="7">\r
- \r
+\r
+ <!--\r
+ The "stripped down" files use the shorthand syntax for configuring handlers.\r
+ This uses the old "every handler specified directly" syntax. You can replace\r
+ or supplement the new syntax following these examples.\r
+ -->\r
+ \r
<!--\r
SessionInitiators handle session requests and relay them to a Discovery page,\r
or to an IdP if possible. Automatic session setup will use the default or first\r
\r
<!-- Default directs to a specific IdP (favoring SAML 2 over Shib 1). -->\r
<SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Login"\r
- relayState="cookie" entityID="https://idp.example.org/shibboleth">\r
+ entityID="https://idp.example.org/shibboleth">\r
\r
- <SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>\r
- <SessionInitiator type="Shib1" acsIndex="5"/>\r
+ <SessionInitiator type="SAML2" template="bindingTemplate.html"/>\r
+ <SessionInitiator type="Shib1"/>\r
<!--\r
To allow for >1 IdP, remove entityID property from Chaining element and add\r
*either* of the SAMLDS or WAYF handlers below:\r
\r
<SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS/WAYF"/>\r
- <SessionInitiator type="WAYF" acsIndex="5" URL="https://wayf.example.org/WAYF"/>\r
+ <SessionInitiator type="WAYF" URL="https://wayf.example.org/WAYF"/>\r
-->\r
</SessionInitiator>\r
\r
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>\r
\r
<!-- LogoutInitiators enable SP-initiated local or global/single logout of sessions. -->\r
- <LogoutInitiator type="Chaining" Location="/Logout" relayState="cookie">\r
+ <LogoutInitiator type="Chaining" Location="/Logout">\r
<LogoutInitiator type="SAML2" template="bindingTemplate.html"/>\r
<LogoutInitiator type="Local"/>\r
</LogoutInitiator>\r
<!-- Policies that determine how to process and authenticate runtime messages. -->\r
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>\r
\r
+ <!-- Low-level configuration about protocols and bindings available for use. -->\r
+ <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>\r
+\r
</SPConfig>\r