Working version of new handler configuration and supporting files.

[shibboleth/cpp-sp.git] / configs / example-shibboleth2.xml

diff --git a/configs/example-shibboleth2.xml b/configs/example-shibboleth2.xml
index 25cd37b..33df42c 100644 (file)
--- a/configs/example-shibboleth2.xml
+++ b/configs/example-shibboleth2.xml
@@ -105,10 +105,16 @@
         impact on the security of the SP. Stealing cookies/sessions is much easier with this disabled.\r
         -->\r
         <Sessions lifetime="28800" timeout="3600" checkAddress="false"\r
-            handlerURL="/Shibboleth.sso" handlerSSL="false"\r
+            handlerURL="/Shibboleth.sso" handlerSSL="false" relayState="ss:mem"\r
             exportLocation="http://localhost/Shibboleth.sso/GetAssertion" exportACL="127.0.0.1"\r
             idpHistory="false" idpHistoryDays="7">\r
-            \r
+\r
+            <!--\r
+            The "stripped down" files use the shorthand syntax for configuring handlers.\r
+            This uses the old "every handler specified directly" syntax. You can replace\r
+            or supplement the new syntax following these examples.\r
+            -->\r
+          \r
             <!--\r
             SessionInitiators handle session requests and relay them to a Discovery page,\r
             or to an IdP if possible. Automatic session setup will use the default or first\r
@@ -117,16 +123,16 @@
 \r
             <!-- Default directs to a specific IdP (favoring SAML 2 over Shib 1). -->\r
             <SessionInitiator type="Chaining" Location="/Login" isDefault="true" id="Login"\r
-                              relayState="cookie" entityID="https://idp.example.org/shibboleth">\r
+                              entityID="https://idp.example.org/shibboleth">\r
               \r
-                <SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>\r
-                <SessionInitiator type="Shib1" acsIndex="5"/>\r
+                <SessionInitiator type="SAML2" template="bindingTemplate.html"/>\r
+                <SessionInitiator type="Shib1"/>\r
                 <!--\r
                 To allow for >1 IdP, remove entityID property from Chaining element and add\r
                 *either* of the SAMLDS or WAYF handlers below:\r
                 \r
                 <SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS/WAYF"/>\r
-                <SessionInitiator type="WAYF" acsIndex="5" URL="https://wayf.example.org/WAYF"/>\r
+                <SessionInitiator type="WAYF" URL="https://wayf.example.org/WAYF"/>\r
                 -->\r
             </SessionInitiator>\r
             \r
@@ -150,7 +156,7 @@
                 Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>\r
 \r
             <!-- LogoutInitiators enable SP-initiated local or global/single logout of sessions. -->\r
-            <LogoutInitiator type="Chaining" Location="/Logout" relayState="cookie">\r
+            <LogoutInitiator type="Chaining" Location="/Logout">\r
                 <LogoutInitiator type="SAML2" template="bindingTemplate.html"/>\r
                 <LogoutInitiator type="Local"/>\r
             </LogoutInitiator>\r
@@ -261,4 +267,7 @@
     <!-- Policies that determine how to process and authenticate runtime messages. -->\r
     <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>\r
 \r
+    <!-- Low-level configuration about protocols and bindings available for use. -->\r
+    <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>\r
+\r
 </SPConfig>\r