Shibboleth/3.x

From EPrints Documentation
Jump to: navigation, search

Below is an example shibboleth2.xml configuration for Shibboleth version 3.0 and later.

<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config" clockSkew="180">

   <OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" />

   <ApplicationDefaults entityID="https://sp.example.org/shibboleth"
       REMOTE_USER="eppn subject-id pairwise-id persistent-id"
       cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">

       <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
                 checkAddress="false" handlerSSL="true" cookieProps="https"
                 redirectLimit="exact">
           <SSO entityID="https://idp.example.org/idp/shibboleth">SAML2</SSO>
           <Logout>SAML2 Local</Logout>
           <LogoutInitiator type="Admin" Location="/Logout/Admin" acl="127.0.0.1 ::1" />
           <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
           <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
           <Handler type="Session" Location="/Session" showAttributeValues="false"/>
           <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
       </Sessions>

       <Errors supportContact="support@example.org" helpLocation="/about.html" styleSheet="/shibboleth-sp/main.css"/>

       <MetadataProvider type="XML" validate="true" url="https://login.openathens.net/saml/2/metadata-idp/example.org"  backingFilePath="/etc/shibboleth/example/idp-metadata.xml" maxRefreshDelay="7200">
               <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
       </MetadataProvider>

       <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="example/attribute-map.xml"/>
       <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
       <CredentialResolver type="File" use="signing" key="example/sp-signing-key.pem" certificate="example/sp-signing-cert.pem"/>
       <CredentialResolver type="File" use="encryption" key="example/sp-encrypt-key.pem" certificate="example/sp-encrypt-cert.pem"/>

   </ApplicationDefaults>

   <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>

   <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>

</SPConfig>