<!-- Simple file-based resolver for using a single keypair. -->\r
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>\r
\r
- <!-- Example of a second application (using a second vhost) that has a different entityID. -->\r
- <!-- <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/> -->\r
-\r
+ <!--\r
+ The default settings can be overridden by creating ApplicationOverride elements (see\r
+ the https://spaces.internet2.edu/display/SHIB2/NativeSPApplicationOverride topic).\r
+ Resource requests are mapped by web server commands, or the RequestMapper, to an\r
+ applicationId setting.\r
+ \r
+ Example of a second application (for a second vhost) that has a different entityID.\r
+ Resources on the vhost would map to an applicationId of "admin":\r
+ -->\r
+ <!--\r
+ <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>\r
+ -->\r
</ApplicationDefaults>\r
\r
<!-- Policies that determine how to process and authenticate runtime messages. -->\r
<SessionCache type="StorageService" cacheAssertions="false"
cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>
- <!-- To customize behavior, map hostnames and path components to applicationId and other settings. -->
- <RequestMapper type="Native">
- <RequestMap>
- <!--
- The example requires a session for documents in /secure on the containing host with http and
- https on the default ports. Note that the name and port in the <Host> elements MUST match
- Apache's ServerName and Port directives.
- -->
- <Host name="sp.example.org">
- <Path name="secure" authType="shibboleth" requireSession="true"/>
- </Host>
- <!-- Example of a second vhost mapped to a different applicationId. -->
- <!--
- <Host name="admin.example.org" applicationId="admin" authType="shibboleth" requireSession="true"/>
- -->
- </RequestMap>
- </RequestMapper>
-
<!--
- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined.
- Resource requests are mapped by the RequestMapper to an applicationId that
- points into to this section (or to the defaults here).
+ To customize behavior for specific resources on Apache, and to link vhosts or
+ resources to ApplicationOverride settings below, use web server options/commands.
+ See https://spaces.internet2.edu/display/SHIB2/NativeSPConfigurationElements for help.
+
+ For examples with the RequestMap XML syntax instead, see the example-shibboleth2.xml
+ file, and the https://spaces.internet2.edu/display/SHIB2/NativeSPRequestMapHowTo topic.
-->
+
+ <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
<ApplicationDefaults policyId="default"
entityID="https://sp.example.org/shibboleth"
REMOTE_USER="eppn persistent-id targeted-id"
<!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
- <!-- Example of a second application (using a second vhost) that has a different entityID. -->
- <!-- <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/> -->
-
+ <!--
+ The default settings can be overridden by creating ApplicationOverride elements (see
+ the https://spaces.internet2.edu/display/SHIB2/NativeSPApplicationOverride topic).
+ Resource requests are mapped by web server commands, or the RequestMapper, to an
+ applicationId setting.
+
+ Example of a second application (for a second vhost) that has a different entityID.
+ Resources on the vhost would map to an applicationId of "admin":
+ -->
+ <!--
+ <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>
+ -->
</ApplicationDefaults>
<!-- Policies that determine how to process and authenticate runtime messages. -->
<SessionCache type="StorageService" cacheAssertions="false"\r
cacheTimeout="3600" inprocTimeout="900" cleanupInterval="900"/>\r
\r
- <!-- To customize behavior, map hostnames and path components to applicationId and other settings. -->\r
+ <!--\r
+ To customize behavior for specific resources on IIS, and to link vhosts or\r
+ resources to ApplicationOverride settings below, use the XML syntax below.\r
+ See https://spaces.internet2.edu/display/SHIB2/NativeSPRequestMapHowTo for help.\r
+ \r
+ Apache users should rely on web server options/commands in most cases, and can remove the\r
+ RequestMapper element. See https://spaces.internet2.edu/display/SHIB2/NativeSPApacheConfig\r
+ -->\r
<RequestMapper type="Native">\r
<RequestMap>\r
<!--\r
<!-- Simple file-based resolver for using a single keypair. -->\r
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>\r
\r
- <!-- Example of a second application (using a second vhost) that has a different entityID. -->\r
- <!-- <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/> -->\r
-\r
+ <!--\r
+ The default settings can be overridden by creating ApplicationOverride elements (see\r
+ the https://spaces.internet2.edu/display/SHIB2/NativeSPApplicationOverride topic).\r
+ Resource requests are mapped by web server commands, or the RequestMapper, to an\r
+ applicationId setting.\r
+ \r
+ Example of a second application (for a second vhost) that has a different entityID.\r
+ Resources on the vhost would map to an applicationId of "admin":\r
+ -->\r
+ <!--\r
+ <ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>\r
+ -->\r
</ApplicationDefaults>\r
\r
<!-- Policies that determine how to process and authenticate runtime messages. -->\r