logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
- <!-- Configure handling of outgoing messages. -->
- <DefaultRelyingParty authType="TLS" signRequests="false" encryptRequests="true"/>
+ <!-- Configure handling of outgoing messages and SOAP client authentication. -->
+ <DefaultRelyingParty authType="TLS" signRequests="false" encryptRequests="true">
+ <!-- Uncomment and modify to tweak settings for specific IdPs or groups. -->
+ <!--
+ <RelyingParty Name="SpecialFederation" keyName="SpecialKey"/>
+ -->
+ </DefaultRelyingParty>
<!-- Chains together all your metadata sources. -->
<MetadataProvider type="Chaining">
<!-- Default filtering policy for recognized attributes, lets other data pass. -->
<AttributeFilter type="XML" path="@-PKGSYSCONFDIR-@/attribute-policy.xml"/>
- <!-- Simple file-based resolver for key/certificate information. -->
+ <!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File">
<Key>
<Path>@-PKGSYSCONFDIR-@/sp-example.key</Path>
<Path>@-PKGSYSCONFDIR-@/sp-example.crt</Path>
</Certificate>
</CredentialResolver>
+
+ <!-- Advanced resolver allowing for multiple keypairs. -->
+ <!--
+ <CredentialResolver type="Chaining">
+ <CredentialResolver type="File">
+ <Key>
+ <Name>DefaultKey</Name>
+ <Path>@-PKGSYSCONFDIR-@/sp-example.key</Path>
+ </Key>
+ <Certificate>
+ <Path>@-PKGSYSCONFDIR-@/sp-example.crt</Path>
+ </Certificate>
+ </CredentialResolver>
+ <CredentialResolver type="File">
+ <Key>
+ <Name>SpecialKey</Name>
+ <Path>@-PKGSYSCONFDIR-@/special.key</Path>
+ </Key>
+ <Certificate>
+ <Path>@-PKGSYSCONFDIR-@/special.crt</Path>
+ </Certificate>
+ </CredentialResolver>
+ </CredentialResolver>
+ -->
</Applications>
<!-- Each policy defines a set of rules to use to secure SAML and SOAP messages. -->
</element>\r
\r
<attributeGroup name="RelyingPartyGroup">\r
- <attribute name="authType" type="conf:string" default="TLS"/>\r
+ <attribute name="authType" type="conf:string"/>\r
<attribute name="authUsername" type="conf:string"/>\r
<attribute name="authPassword" type="conf:string"/>\r
- <attribute name="signRequests" type="boolean" default="false"/>
+ <attribute name="signRequests" type="boolean"/>
<attribute name="signatureAlg" type="anyURI"/>\r
<attribute name="digestAlg" type="anyURI"/>\r
- <attribute name="encryptRequests" type="boolean" default="true"/>\r
+ <attribute name="encryptRequests" type="boolean"/>\r
<attribute name="encryptionAlg" type="anyURI"/>\r
+ <attribute name="keyName" type="conf:string"/>\r
</attributeGroup>\r
\r
<element name="SecurityPolicies">
m_credResolver->lock();
// Fill in criteria to use.
peer.setUsage(CredentialCriteria::SIGNING_CREDENTIAL);
+ pair<bool,const char*> keyName = m_relyingParty->getString("keyName");
+ if (keyName.first)
+ peer.getKeyNames().insert(keyName.second);
pair<bool,const XMLCh*> sigalg = m_relyingParty->getXMLString("signatureAlg");
if (sigalg.first)
peer.setXMLAlgorithm(sigalg.second);
}
if (m_credResolver) {
m_criteria->setUsage(CredentialCriteria::TLS_CREDENTIAL);
+ authType = m_relyingParty->getString("keyName");
+ if (authType.first)
+ m_criteria->getKeyNames().insert(authType.second);
const Credential* cred = m_credResolver->resolve(m_criteria);
if (cred) {
if (!transport.setCredential(cred))
>\r
</File>\r
<File\r
- RelativePath=".\attribute\filtering\impl\AndMatchFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AnyMatchFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
RelativePath=".\Application.cpp"\r
>\r
</File>\r
<File\r
- RelativePath=".\attribute\filtering\impl\AttributeFilter.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeIssuerInEntityGroupFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeIssuerRegexFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeIssuerStringFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeRequesterInEntityGroupFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeRequesterRegexFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeRequesterStringFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeScopeMatchesShibMDScopeFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeScopeRegexFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeScopeStringFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeValueRegexFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AttributeValueStringFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AuthenticationMethodRegexFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\AuthenticationMethodStringFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\ChainingAttributeFilter.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\MatchFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\NotMatchFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\NumberOfAttributeValuesFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\OrMatchFunctor.cpp"\r
- >\r
- </File>\r
- <File\r
RelativePath=".\ServiceProvider.cpp"\r
>\r
</File>\r
RelativePath=".\SPConfig.cpp"\r
>\r
</File>\r
- <File\r
- RelativePath=".\attribute\filtering\impl\XMLAttributeFilter.cpp"\r
- >\r
- </File>\r
<Filter\r
Name="util"\r
>\r
<Filter\r
Name="impl"\r
>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AndMatchFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AnyMatchFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeFilter.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeIssuerInEntityGroupFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeIssuerRegexFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeIssuerStringFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeRequesterInEntityGroupFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeRequesterRegexFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeRequesterStringFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeScopeMatchesShibMDScopeFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeScopeRegexFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeScopeStringFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeValueRegexFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AttributeValueStringFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AuthenticationMethodRegexFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\AuthenticationMethodStringFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\ChainingAttributeFilter.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\MatchFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\NotMatchFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\NumberOfAttributeValuesFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\OrMatchFunctor.cpp"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\impl\XMLAttributeFilter.cpp"\r
+ >\r
+ </File>\r
</Filter>\r
</Filter>\r
</Filter>\r
>\r
</File>\r
<File\r
- RelativePath=".\attribute\filtering\BasicFilteringContext.h"\r
- >\r
- </File>\r
- <File\r
RelativePath=".\exceptions.h"\r
>\r
</File>\r
<File\r
- RelativePath=".\attribute\filtering\FilterPolicyContext.h"\r
- >\r
- </File>\r
- <File\r
RelativePath=".\internal.h"\r
>\r
</File>\r
<File\r
- RelativePath=".\attribute\filtering\MatchFunctor.h"\r
- >\r
- </File>\r
- <File\r
RelativePath=".\RequestMapper.h"\r
>\r
</File>\r
>\r
</File>\r
<File\r
+ RelativePath=".\attribute\filtering\BasicFilteringContext.h"\r
+ >\r
+ </File>\r
+ <File\r
RelativePath=".\attribute\filtering\FilteringContext.h"\r
>\r
</File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\FilterPolicyContext.h"\r
+ >\r
+ </File>\r
+ <File\r
+ RelativePath=".\attribute\filtering\MatchFunctor.h"\r
+ >\r
+ </File>\r
</Filter>\r
</Filter>\r
<Filter\r