<OutOfProcess logger="@-PKGSYSCONFDIR-@/shibd.logger">
<!--
<Extensions>
- <Library path="@-PKGLIBDIR-@/adfs.so" fatal="true"/>
<Library path="@-PKGLIBDIR-@/odbc-store.so" fatal="true"/>
</Extensions>
-->
<!-- The InProcess section conrains settings affecting web server modules/filters. -->
<InProcess logger="@-PKGSYSCONFDIR-@/native.logger">
- <!--
- <Extensions>
- <Library path="@-PKGLIBDIR-@/adfs-lite.so" fatal="true"/>
- </Extensions>
- -->
-
<ISAPI normalizeRequest="true">
<!--
Maps IIS Instance ID values to the host scheme/name/port/sslport. The name is
</RequestMapper>
<!--
- The Applications section is where most of Shibboleth's SAML bits are defined.
- Resource requests are mapped in the Local section into an applicationId that
+ The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined.
+ Resource requests are mapped by the RequestMapper to an applicationId that
points into to this section.
-->
- <Applications id="default" policyId="default" entityID="https://sp.example.org/shibboleth"
- homeURL="https://sp.example.org/index.html" REMOTE_USER="eppn persistent-id targeted-id"
- localLogout="@-PKGSYSCONFDIR-@/localLogout.html"
- globalLogout="@-PKGSYSCONFDIR-@/globalLogout.html">
+ <ApplicationDefaults id="default" policyId="default"
+ entityID="https://sp.example.org/shibboleth"
+ homeURL="https://sp.example.org/index.html"
+ REMOTE_USER="eppn persistent-id targeted-id"
+ signing="false" encryption="false"
+ >
<!--
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
relayState="cookie" entityID="https://idp.example.org/shibboleth">
<SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
<SessionInitiator type="Shib1" defaultACSIndex="5"/>
- <!-- <SessionInitiator type="ADFS"/> -->
</SessionInitiator>
<!-- An example using an old-style WAYF, which means Shib 1 only unless an entityID is provided. -->
<SessionInitiator type="Chaining" Location="/WAYF" id="WAYF" relayState="cookie">
<SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
<SessionInitiator type="Shib1" defaultACSIndex="5"/>
- <!-- <SessionInitiator type="ADFS"/> -->
<SessionInitiator type="WAYF" defaultACSIndex="5" URL="https://wayf.example.org/WAYF"/>
</SessionInitiator>
<SessionInitiator type="Chaining" Location="/DS" id="DS" relayState="cookie">
<SessionInitiator type="SAML2" defaultACSIndex="1" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
<SessionInitiator type="Shib1" defaultACSIndex="5"/>
- <!-- <SessionInitiator type="ADFS"/> -->
<SessionInitiator type="SAMLDS" URL="https://ds.example.org/DS"/>
</SessionInitiator>
Binding="urn:oasis:names:tc:SAML:1.0:profiles:browser-post"/>
<md:AssertionConsumerService Location="/SAML/Artifact" index="6"
Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01"/>
-
- <!--
- <md:AssertionConsumerService Location="/ADFS" index="7"
- Binding="http://schemas.xmlsoap.org/ws/2003/07/secext"/>
- -->
<!-- LogoutInitiators enable SP-initiated local or global/single logout of sessions. -->
- <LogoutInitiator type="Chaining" Location="/Logout">
+ <LogoutInitiator type="Chaining" Location="/Logout" relayState="cookie">
<LogoutInitiator type="SAML2" template="@-PKGSYSCONFDIR-@/bindingTemplate.html"/>
- <!-- <LogoutInitiator type="ADFS"/> -->
<LogoutInitiator type="Local"/>
</LogoutInitiator>
metadata="@-PKGSYSCONFDIR-@/metadataError.html"
access="@-PKGSYSCONFDIR-@/accessError.html"
ssl="@-PKGSYSCONFDIR-@/sslError.html"
+ localLogout="@-PKGSYSCONFDIR-@/localLogout.html"
+ globalLogout="@-PKGSYSCONFDIR-@/globalLogout.html"
supportContact="root@localhost"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
- <!-- Configure handling of outgoing messages and SOAP authentication. -->
- <DefaultRelyingParty authType="TLS" artifactEndpointIndex="1" signing="false" encryption="false">
- <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
- <!-- <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/> -->
- </DefaultRelyingParty>
+ <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
+ <!-- <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/> -->
<!-- Chains together all your metadata sources. -->
<MetadataProvider type="Chaining">
</Certificate>
</CredentialResolver>
- <!-- Advanced resolver allowing for multiple keypairs. -->
- <!--
- <CredentialResolver type="Chaining">
- <CredentialResolver type="File">
- <Key>
- <Name>DefaultKey</Name>
- <Path>@-PKGSYSCONFDIR-@/sp-example.key</Path>
- </Key>
- <Certificate>
- <Path>@-PKGSYSCONFDIR-@/sp-example.crt</Path>
- </Certificate>
- </CredentialResolver>
- <CredentialResolver type="File">
- <Key>
- <Name>SpecialKey</Name>
- <Path>@-PKGSYSCONFDIR-@/special.key</Path>
- </Key>
- <Certificate>
- <Path>@-PKGSYSCONFDIR-@/special.crt</Path>
- </Certificate>
- </CredentialResolver>
- </CredentialResolver>
- -->
-
</Applications>
<!-- Each policy defines a set of rules to use to secure messages. -->
<SecurityPolicies>
<!-- The predefined policy enforces replay/freshness and permits signing and client TLS. -->
- <Policy id="default"
- validate="false"
- signedAssertions="false"
- requireConfidentiality="true"
- requireTransportAuth="true"
- chunkedEncoding="false"
- connectTimeout="15" timeout="30"
- >
+ <Policy id="default" validate="false">
<Rule type="MessageFlow" checkReplay="true" expires="60"/>
<Rule type="ClientCertAuth" errorFatal="true"/>
<Rule type="XMLSigning" errorFatal="true"/>