Shibboleth/3.x
Below is an example shibboleth2.xml configuration for Shibboleth version 3.0 and later.
<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config" clockSkew="180"> <OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" /> <ApplicationDefaults entityID="https://sp.example.org/shibboleth" REMOTE_USER="eppn subject-id pairwise-id persistent-id" cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1"> <Sessions lifetime="28800" timeout="3600" relayState="ss:mem" checkAddress="false" handlerSSL="true" cookieProps="https" redirectLimit="exact"> <SSO entityID="https://idp.example.org/idp/shibboleth">SAML2</SSO> <Logout>SAML2 Local</Logout> <LogoutInitiator type="Admin" Location="/Logout/Admin" acl="127.0.0.1 ::1" /> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/> <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/> <Handler type="Session" Location="/Session" showAttributeValues="false"/> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/> </Sessions> <Errors supportContact="support@example.org" helpLocation="/about.html" styleSheet="/shibboleth-sp/main.css"/> <MetadataProvider type="XML" validate="true" url="https://login.openathens.net/saml/2/metadata-idp/example.org" backingFilePath="/etc/shibboleth/example/idp-metadata.xml" maxRefreshDelay="7200"> <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/> </MetadataProvider> <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="example/attribute-map.xml"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> <CredentialResolver type="File" use="signing" key="example/sp-signing-key.pem" certificate="example/sp-signing-cert.pem"/> <CredentialResolver type="File" use="encryption" key="example/sp-encrypt-key.pem" certificate="example/sp-encrypt-cert.pem"/> </ApplicationDefaults> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/> </SPConfig>