prepare
This commit is contained in:
parent
7ac8850d2f
commit
d8367d6a72
@ -2,7 +2,7 @@
|
||||
# specific methods.
|
||||
|
||||
# Regular expression matching login flows to enable, e.g. IPAddress|Password
|
||||
#idp.authn.flows = Password
|
||||
idp.authn.flows = RemoteUser
|
||||
|
||||
# Default settings for most authentication methods.
|
||||
#idp.authn.defaultLifetime = PT1H
|
||||
|
@ -242,3 +242,7 @@ idp.ui.fallbackLanguages=en,fr,de
|
||||
|
||||
# Set false if you want SAML bindings "spelled out" in audit log
|
||||
idp.audit.shortenBindings=true
|
||||
|
||||
idp.loglevel.idp=DEBUG
|
||||
idp.loglevel.messages=DEBUG
|
||||
idp.loglevel.encryption=DEBUG
|
||||
|
@ -21,69 +21,28 @@
|
||||
http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd"
|
||||
sortKey="1">
|
||||
|
||||
<!--
|
||||
Below you place the mechanisms which define how to load the metadata for SP(s) you will
|
||||
provide service to.
|
||||
|
||||
Some simple examples are provided. The documentation provides more details; in most cases,
|
||||
the modern replacement for these older plugins are the "DynamicHTTPMetadataProvider" and
|
||||
"LocalDynamic" variants, which provide dramatic memory savings and more reliable operation.
|
||||
|
||||
NOTE: You do NOT need to load metadata for this IdP itself within this configuration.
|
||||
-->
|
||||
|
||||
|
||||
|
||||
<!--
|
||||
Example HTTP metadata provider. Use this if you want to download the metadata
|
||||
from a remote source.
|
||||
<MetadataProvider id="shib-sp-test"
|
||||
xsi:type="FilesystemMetadataProvider"
|
||||
metadataFile="/opt/idp4/metadata/shib-sp-test.xml"
|
||||
/>
|
||||
|
||||
You *MUST* provide the SignatureValidationFilter in order to function securely.
|
||||
Get the public key certificate from the party publishing the metadata, and validate
|
||||
it with them via some out of band mechanism (e.g., a fingerprint on a secure page).
|
||||
<MetadataProvider id="app1"
|
||||
xsi:type="FilesystemMetadataProvider"
|
||||
metadataFile="/opt/idp4/metadata/app1.xml"
|
||||
/>
|
||||
|
||||
The EntityRole filter saves memory by only loading metadata from SAML roles
|
||||
that the IdP needs to interoperate with.
|
||||
-->
|
||||
|
||||
<!--
|
||||
<MetadataProvider id="HTTPMetadata"
|
||||
xsi:type="FileBackedHTTPMetadataProvider"
|
||||
backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
|
||||
metadataURL="http://WHATEVER"
|
||||
failFastInitialization="false">
|
||||
|
||||
<MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
|
||||
<MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
|
||||
<MetadataFilter xsi:type="EntityRole">
|
||||
<RetainedRole>md:SPSSODescriptor</RetainedRole>
|
||||
</MetadataFilter>
|
||||
</MetadataProvider>
|
||||
-->
|
||||
<MetadataProvider id="spmetadata"
|
||||
xsi:type="FilesystemMetadataProvider"
|
||||
metadataFile="/opt/idp4/metadata/idp-cluster-sp.xml"
|
||||
/>
|
||||
|
||||
<!--
|
||||
Example file metadata provider. Use this if you want to load metadata
|
||||
from a local file. You use this if you have some local SPs which are not
|
||||
"federated" but you wish to offer a service to.
|
||||
|
||||
If you do not provide a SignatureValidation filter, then you have the
|
||||
responsibility to ensure that the contents on disk are trustworthy.
|
||||
-->
|
||||
|
||||
<!--
|
||||
<MetadataProvider id="LocalMetadata" xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
|
||||
-->
|
||||
<MetadataProvider id="shib-sp.mafoo.org.uik"
|
||||
xsi:type="FilesystemMetadataProvider"
|
||||
metadataFile="/opt/idp4/metadata/shib-sp.mafoo.org.uk.xml"
|
||||
/>
|
||||
|
||||
|
||||
<!--
|
||||
Example CAS metadata source for managing CAS services using SAML metadata.
|
||||
-->
|
||||
|
||||
<!--
|
||||
<MetadataProvider id="CASMetadata"
|
||||
xsi:type="FilesystemMetadataProvider"
|
||||
metadataFile="PATH_TO_YOUR_METADATA"
|
||||
indexesRef="shibboleth.CASMetadataIndices" />
|
||||
-->
|
||||
<MetadataProvider id="upstream-idp-metadata"
|
||||
xsi:type="FilesystemMetadataProvider"
|
||||
metadataFile="/opt/idp4/metadata/idp-cluster-sp-idp.xml"/>
|
||||
|
||||
</MetadataProvider>
|
||||
|
Loading…
x
Reference in New Issue
Block a user