prepare

conf/authn/authn.properties

@@ -2,7 +2,7 @@
 # specific methods.
 
 # Regular expression matching login flows to enable, e.g. IPAddress|Password
-#idp.authn.flows = Password
+idp.authn.flows = RemoteUser
 
 # Default settings for most authentication methods.
 #idp.authn.defaultLifetime = PT1H

conf/idp.properties

@@ -242,3 +242,7 @@ idp.ui.fallbackLanguages=en,fr,de
 
 # Set false if you want SAML bindings "spelled out" in audit log
 idp.audit.shortenBindings=true
+
+idp.loglevel.idp=DEBUG
+idp.loglevel.messages=DEBUG
+idp.loglevel.encryption=DEBUG

conf/metadata-providers.xml

@@ -21,69 +21,28 @@
                         http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd"
     sortKey="1">
 
-    <!--
+    <MetadataProvider id="shib-sp-test"
-    Below you place the mechanisms which define how to load the metadata for SP(s) you will
+            xsi:type="FilesystemMetadataProvider"
-    provide service to.
+            metadataFile="/opt/idp4/metadata/shib-sp-test.xml"
+            />
 
-    Some simple examples are provided. The documentation provides more details; in most cases,
+    <MetadataProvider id="app1"
-    the modern replacement for these older plugins are the "DynamicHTTPMetadataProvider" and
+            xsi:type="FilesystemMetadataProvider"
-    "LocalDynamic" variants, which provide dramatic memory savings and more reliable operation.
+            metadataFile="/opt/idp4/metadata/app1.xml"
+            />
 
-    NOTE: You do NOT need to load metadata for this IdP itself within this configuration.
+    <MetadataProvider id="spmetadata"
-    -->
+            xsi:type="FilesystemMetadataProvider"
+            metadataFile="/opt/idp4/metadata/idp-cluster-sp.xml"
+            />
 
+    <MetadataProvider id="shib-sp.mafoo.org.uik"
+            xsi:type="FilesystemMetadataProvider"
+            metadataFile="/opt/idp4/metadata/shib-sp.mafoo.org.uk.xml"
+            />
 
-    
+    <MetadataProvider id="upstream-idp-metadata"
-    <!--
+            xsi:type="FilesystemMetadataProvider"
-    Example HTTP metadata provider.  Use this if you want to download the metadata
+	    metadataFile="/opt/idp4/metadata/idp-cluster-sp-idp.xml"/>
-    from a remote source.
-
-    You *MUST* provide the SignatureValidationFilter in order to function securely.
-    Get the public key certificate from the party publishing the metadata, and validate
-    it with them via some out of band mechanism (e.g., a fingerprint on a secure page).
-
-    The EntityRole filter saves memory by only loading metadata from SAML roles
-    that the IdP needs to interoperate with.
-    -->
-    
-    <!--
-    <MetadataProvider id="HTTPMetadata"
-                      xsi:type="FileBackedHTTPMetadataProvider"
-                      backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
-                      metadataURL="http://WHATEVER"
-                      failFastInitialization="false">
-        
-        <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
-        <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
-        <MetadataFilter xsi:type="EntityRole">
-            <RetainedRole>md:SPSSODescriptor</RetainedRole>
-        </MetadataFilter>
-    </MetadataProvider>
-    -->   
-
-    <!--
-    Example file metadata provider.  Use this if you want to load metadata
-    from a local file. You use this if you have some local SPs which are not
-    "federated" but you wish to offer a service to.
-    
-    If you do not provide a SignatureValidation filter, then you have the
-    responsibility to ensure that the contents on disk are trustworthy.
-    -->
-    
-    <!--
-    <MetadataProvider id="LocalMetadata"  xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
-    -->
-
-
-    <!--
-    Example CAS metadata source for managing CAS services using SAML metadata.
-    -->
-
-    <!--
-    <MetadataProvider id="CASMetadata"
-                      xsi:type="FilesystemMetadataProvider"
-                      metadataFile="PATH_TO_YOUR_METADATA"
-                      indexesRef="shibboleth.CASMetadataIndices" />
-    -->
 
 </MetadataProvider>