projects / shibboleth / sp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Parameterize config namespace for message plugins.
[shibboleth/sp.git] / configs / shibboleth2.xml.in
diff --git a/configs/shibboleth2.xml.in b/configs/shibboleth2.xml.in
index 083cee4..bce69d1 100644 (file)
--- a/configs/shibboleth2.xml.in
+++ b/configs/shibboleth2.xml.in
@@ -126,7 +126,7 @@
 
                        <!-- An example supporting the new-style of discovery service. -->
                        <SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie">
-                               <SessionInitiator type="SAML2" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+                               <SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
                                <SessionInitiator type="Shib1" defaultACSIndex="3"/>
                                <SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS"/>
                        </SessionInitiator>
@@ -146,11 +146,27 @@
                        <md:AssertionConsumerService Location="/SAML/Artifact" index="4"
                                Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
 
+                       <!-- LogoutInitiators enable SP-initiated local or global/single logout of sessions. -->
+                       <LogoutInitiator type="Chaining" Location="/Logout">
+                               <LogoutInitiator type="SAML2" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
+                               <LogoutInitiator type="Local"/>
+                       </LogoutInitiator>
+
+                       <!-- md:SingleLogoutService locations handle single logout (SLO) protocol messages. -->
+                       <md:SingleLogoutService Location="/SLO/SOAP"
+                               Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+                       <md:SingleLogoutService Location="/SLO/Redirect" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+                               Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
+                       <md:SingleLogoutService Location="/SLO/POST" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+                               Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
+                       <md:SingleLogoutService Location="/SLO/Artifact" conf:template="@-PKGSYSCONFDIR-@/bindingTemplate.html"
+                               Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"/>
+
                        <!--
                        md:ArtifactResolutionService locations resolve artifacts issued when using the
                        SAML 2.0 HTTP-Artifact binding on outgoing messages, generally uses SOAP.
                        -->
-                       <md:ArtifactResolutionService Location="/SOAP/Artifact" index="1"
+                       <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
                                Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
 
                </Sessions>
@@ -171,7 +187,7 @@
                
                <!-- Configure handling of outgoing messages and SOAP authentication. -->
                <DefaultRelyingParty authType="TLS" artifactEndpointIndex="1"
-                       signRequests="true" encryptRequests="true" signResponses="true" encryptResponses="true">
+                       signRequests="front" encryptRequests="front" signResponses="true" encryptResponses="true">
                        <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
                        <!--
                        <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/>
Shibboleth SP