<SessionCache type="StorageService" cacheAssertions="false"
cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>
- <!-- To customize behavior, map hostnames and path components to applicationId and other settings. -->
- <RequestMapper type="Native">
- <RequestMap>
- <!--
- The example requires a session for documents in /secure on the containing host with http and
- https on the default ports. Note that the name and port in the <Host> elements MUST match
- Apache's ServerName and Port directives.
- -->
- <Host name="sp.example.org">
- <Path name="secure" authType="shibboleth" requireSession="true"/>
- </Host>
- <!-- Example of a second vhost mapped to a different applicationId. -->
- <!--
- <Host name="admin.example.org" applicationId="admin" authType="shibboleth" requireSession="true"/>
- -->
- </RequestMap>
- </RequestMapper>
-
<!--
- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined.
- Resource requests are mapped by the RequestMapper to an applicationId that
- points into to this section (or to the defaults here).
+ To customize behavior for specific resources on Apache, and to link vhosts or
+ resources to ApplicationOverride settings below, use web server options/commands.
+ See https://spaces.internet2.edu/display/SHIB2/NativeSPConfigurationElements for help.
+
+ For examples with the RequestMap XML syntax instead, see the example-shibboleth2.xml
+ file, and the https://spaces.internet2.edu/display/SHIB2/NativeSPRequestMapHowTo topic.
-->
+
+ <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
<ApplicationDefaults policyId="default"
entityID="https://sp.example.org/shibboleth"
REMOTE_USER="eppn persistent-id targeted-id"
<!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
- <!-- Example of a second application (using a second vhost) that has a different entityID. -->
- <!-- <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/> -->
-
+ <!--
+ The default settings can be overridden by creating ApplicationOverride elements (see
+ the https://spaces.internet2.edu/display/SHIB2/NativeSPApplicationOverride topic).
+ Resource requests are mapped by web server commands, or the RequestMapper, to an
+ applicationId setting.
+
+ Example of a second application (for a second vhost) that has a different entityID.
+ Resources on the vhost would map to an applicationId of "admin":
+ -->
+ <!--
+ <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>
+ -->
</ApplicationDefaults>
<!-- Policies that determine how to process and authenticate runtime messages. -->