-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathshibboleth2.xml
82 lines (67 loc) · 4.56 KB
/
shibboleth2.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config"
clockSkew="180">
<OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" />
<ApplicationDefaults entityID="https://${SP_HOSTNAME}/shibboleth"
REMOTE_USER="eppn subject-id pairwise-id persistent-id"
metadataAttributePrefix="Meta-"
cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">
<Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
redirectLimit="exact"
checkAddress="false" handlerSSL="true" cookieProps="https" sameSiteFallback="true">
<SSO discoveryProtocol="SAMLDS" discoveryURL="https://service.seamlessaccess.org/ds/"> SAML2 </SSO>
<Logout>SAML2 Local</Logout>
<LogoutInitiator type="Admin" Location="/Logout/Admin" acl="127.0.0.1 ::1" />
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
<!-- Seamless Access -->
<SessionInitiator type="Chaining" Location="/DS/seamless-access" id="seamless-access">
<SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
<SessionInitiator type="SAMLDS" URL="https://service.seamlessaccess.org/ds/"/>
</SessionInitiator>
<!-- Seamless Access beta -->
<SessionInitiator type="Chaining" Location="/DS/thiss.io" id="seamless-access-beta">
<SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
<SessionInitiator type="SAMLDS" URL="https://use.thiss.io/ds/"/>
</SessionInitiator>
<!-- SWAMID QA -->
<SessionInitiator type="Chaining" Location="/DS/swamid-qa" id="swamid-qa">
<SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
<SessionInitiator type="SAMLDS" URL="https://ds.qa.swamid.se/ds/"/>
</SessionInitiator>
<!-- FIDUS -->
<SessionInitiator type="Chaining" Location="/DS/fidus" id="fidus">
<SessionInitiator type="SAML2" acsIndex="1" template="bindingTemplate.html"/>
<SessionInitiator type="SAMLDS" URL="https://ds.fidus.skolverket.se/ds/"/>
</SessionInitiator>
</Sessions>
<Errors supportContact="${SP_CONTACT}"
helpLocation="${SP_ABOUT}"
styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider type="MDQ" id="mdq" ignoreTransport="true" cacheDirectory="mdq"
baseUrl="${SP_METADATAFEED}">
<MetadataFilter type="Signature" certificate="${SP_METADATACERT}"/>
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
</MetadataProvider>
<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
<!-- Extracts support information for IdP from its metadata. -->
<AttributeExtractor type="Metadata" errorURL="errorURL" DisplayName="displayName"
InformationURL="informationURL" PrivacyStatementURL="privacyStatementURL" registrationAuthority="registrationAuthority"
OrganizationURL="organizationURL">
<ContactPerson id="Support-Administrative" contactType="administrative" formatter="$EmailAddress" />
<ContactPerson id="Support-Contact" contactType="support" formatter="$EmailAddress" />
<ContactPerson id="Support-Technical" contactType="technical" formatter="$EmailAddress" />
<ContactPerson id="Other-Contact" contactType="other" formatter="$EmailAddress" />
<Logo id="Small-Logo" height="16" width="16" formatter="$_string"/>
</AttributeExtractor>
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<CredentialResolver type="File" use="signing"
key="certs/sp-signing-key.pem" certificate="certs/sp-signing-cert.pem"/>
<CredentialResolver type="File" use="encryption"
key="certs/sp-encrypt-key.pem" certificate="certs/sp-encrypt-cert.pem"/>
</ApplicationDefaults>
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
</SPConfig>