Add commented delegation rule.

author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Sun, 5 Apr 2009 19:31:22 +0000 (19:31 +0000)

committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Sun, 5 Apr 2009 19:31:22 +0000 (19:31 +0000)
author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Sun, 5 Apr 2009 19:31:22 +0000 (19:31 +0000)
committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Sun, 5 Apr 2009 19:31:22 +0000 (19:31 +0000)
diff --git a/configs/shibboleth2.xml b/configs/shibboleth2.xml

index b1ae6d3..aa2286f 100644 (file)
--- a/configs/shibboleth2.xml
+++ b/configs/shibboleth2.xml
@@ -252,12 +252,15 @@
          -->
          <Policy id="default" validate="false">
              <PolicyRule type="MessageFlow" checkReplay="true" expires="60"/>
-            <PolicyRule type="Conditions"/>
+            <PolicyRule type="Conditions">
+                <PolicyRule type="Audience"/>
+                <!-- Enable Delegation rule to permit delegated access. -->
+                <!-- <PolicyRule type="Delegation"/> -->
+            </PolicyRule>
              <PolicyRule type="ClientCertAuth" errorFatal="true"/>
              <PolicyRule type="XMLSigning" errorFatal="true"/>
              <PolicyRule type="SimpleSigning" errorFatal="true"/>
          </Policy>
      </SecurityPolicies>
  
-</SPConfig>
-
+</SPConfig>
+\ No newline at end of file
author	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Sun, 5 Apr 2009 19:31:22 +0000 (19:31 +0000)
committer	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Sun, 5 Apr 2009 19:31:22 +0000 (19:31 +0000)