foo/shib-storedid2computedid-example
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

prepare

Browse Source
This commit is contained in:
root
2022-08-05 14:00:14 +00:00
parent 7ac8850d2f
commit d8367d6a72
3 changed files with 24 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
conf/authn/authn.properties
View File

@@ -2,7 +2,7 @@
# specific methods.
# Regular expression matching login flows to enable, e.g. IPAddress|Password
#idp.authn.flows = Password
idp.authn.flows = RemoteUser
# Default settings for most authentication methods.
#idp.authn.defaultLifetime = PT1H

4
conf/idp.properties
View File

@@ -242,3 +242,7 @@ idp.ui.fallbackLanguages=en,fr,de
# Set false if you want SAML bindings "spelled out" in audit log
idp.audit.shortenBindings=true
idp.loglevel.idp=DEBUG
idp.loglevel.messages=DEBUG
idp.loglevel.encryption=DEBUG

79
conf/metadata-providers.xml
View File

@@ -21,69 +21,28 @@
http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd"
sortKey="1">
<!--
Below you place the mechanisms which define how to load the metadata for SP(s) you will
provide service to.
Some simple examples are provided. The documentation provides more details; in most cases,
the modern replacement for these older plugins are the "DynamicHTTPMetadataProvider" and
"LocalDynamic" variants, which provide dramatic memory savings and more reliable operation.
NOTE: You do NOT need to load metadata for this IdP itself within this configuration.
-->
<!--
Example HTTP metadata provider. Use this if you want to download the metadata
from a remote source.
<MetadataProvider id="shib-sp-test"
xsi:type="FilesystemMetadataProvider"
metadataFile="/opt/idp4/metadata/shib-sp-test.xml"
/>
You *MUST* provide the SignatureValidationFilter in order to function securely.
Get the public key certificate from the party publishing the metadata, and validate
it with them via some out of band mechanism (e.g., a fingerprint on a secure page).
<MetadataProvider id="app1"
xsi:type="FilesystemMetadataProvider"
metadataFile="/opt/idp4/metadata/app1.xml"
/>
The EntityRole filter saves memory by only loading metadata from SAML roles
that the IdP needs to interoperate with.
-->
<!--
<MetadataProvider id="HTTPMetadata"
xsi:type="FileBackedHTTPMetadataProvider"
backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
metadataURL="http://WHATEVER"
failFastInitialization="false">
<MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
<MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
<MetadataFilter xsi:type="EntityRole">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>
-->
<MetadataProvider id="spmetadata"
xsi:type="FilesystemMetadataProvider"
metadataFile="/opt/idp4/metadata/idp-cluster-sp.xml"
/>
<!--
Example file metadata provider. Use this if you want to load metadata
from a local file. You use this if you have some local SPs which are not
"federated" but you wish to offer a service to.
If you do not provide a SignatureValidation filter, then you have the
responsibility to ensure that the contents on disk are trustworthy.
-->
<!--
<MetadataProvider id="LocalMetadata" xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
-->
<MetadataProvider id="shib-sp.mafoo.org.uik"
xsi:type="FilesystemMetadataProvider"
metadataFile="/opt/idp4/metadata/shib-sp.mafoo.org.uk.xml"
/>
<!--
Example CAS metadata source for managing CAS services using SAML metadata.
-->
<!--
<MetadataProvider id="CASMetadata"
xsi:type="FilesystemMetadataProvider"
metadataFile="PATH_TO_YOUR_METADATA"
indexesRef="shibboleth.CASMetadataIndices" />
-->
<MetadataProvider id="upstream-idp-metadata"
xsi:type="FilesystemMetadataProvider"
metadataFile="/opt/idp4/metadata/idp-cluster-sp-idp.xml"/>
</MetadataProvider>