Difference between revisions of "Shibboleth/3.x"
(Added Shibboleth 3.0+ configuration) |
(Removed UCA references) |
||
| Line 21: | Line 21: | ||
</Sessions> | </Sessions> | ||
| − | <Errors supportContact=" | + | <Errors supportContact="support@example.org" helpLocation="/about.html" styleSheet="/shibboleth-sp/main.css"/> |
| − | <MetadataProvider type="XML" validate="true" url="https://login.openathens.net/saml/2/metadata-idp/ | + | <MetadataProvider type="XML" validate="true" url="https://login.openathens.net/saml/2/metadata-idp/example.org" backingFilePath="/etc/shibboleth/example/idp-metadata.xml" maxRefreshDelay="7200"> |
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> | <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> | ||
</MetadataProvider> | </MetadataProvider> | ||
| − | <AttributeExtractor type="XML" validate="true" reloadChanges="false" path=" | + | <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="example/attribute-map.xml"/> |
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> | <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> | ||
| − | <CredentialResolver type="File" use="signing" key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/> | + | <CredentialResolver type="File" use="signing" key="example/sp-signing-key.pem" certificate="example/sp-signing-cert.pem"/> |
| − | <CredentialResolver type="File" use="encryption" key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/> | + | <CredentialResolver type="File" use="encryption" key="example/sp-encrypt-key.pem" certificate="example/sp-encrypt-cert.pem"/> |
</ApplicationDefaults> | </ApplicationDefaults> | ||
Latest revision as of 13:03, 7 July 2020
Below is an example shibboleth2.xml configuration for Shibboleth version 3.0 and later.
<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config" clockSkew="180"> <OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" /> <ApplicationDefaults entityID="https://sp.example.org/shibboleth" REMOTE_USER="eppn subject-id pairwise-id persistent-id" cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1"> <Sessions lifetime="28800" timeout="3600" relayState="ss:mem" checkAddress="false" handlerSSL="true" cookieProps="https" redirectLimit="exact"> <SSO entityID="https://idp.example.org/idp/shibboleth">SAML2</SSO> <Logout>SAML2 Local</Logout> <LogoutInitiator type="Admin" Location="/Logout/Admin" acl="127.0.0.1 ::1" /> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/> <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/> <Handler type="Session" Location="/Session" showAttributeValues="false"/> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/> </Sessions> <Errors supportContact="support@example.org" helpLocation="/about.html" styleSheet="/shibboleth-sp/main.css"/> <MetadataProvider type="XML" validate="true" url="https://login.openathens.net/saml/2/metadata-idp/example.org" backingFilePath="/etc/shibboleth/example/idp-metadata.xml" maxRefreshDelay="7200"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> </MetadataProvider> <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="example/attribute-map.xml"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> <CredentialResolver type="File" use="signing" key="example/sp-signing-key.pem" certificate="example/sp-signing-cert.pem"/> <CredentialResolver type="File" use="encryption" key="example/sp-encrypt-key.pem" certificate="example/sp-encrypt-cert.pem"/> </ApplicationDefaults> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/> </SPConfig>
