diff options
| author | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-11 10:44:20 +0200 |
|---|---|---|
| committer | Henrik Lund Kramshoej <hlk@kramse.org> | 2017-07-11 10:44:20 +0200 |
| commit | 13d9d83b6182fce382061da380e61593a35cac13 (patch) | |
| tree | da7c0455b0e2777b939c798b64aa676f20294fce | |
| parent | 563acb020e50ef6101083f14f7245f0cfd1b82ef (diff) | |
Now seems to want to connect to LDAP, which is still misconfigured
| -rw-r--r-- | template-config/metadata-providers.xml | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/template-config/metadata-providers.xml b/template-config/metadata-providers.xml new file mode 100644 index 0000000..71b5967 --- /dev/null +++ b/template-config/metadata-providers.xml @@ -0,0 +1,64 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- This file is an EXAMPLE metadata configuration file. --> +<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider" + xmlns="urn:mace:shibboleth:2.0:metadata" + xmlns:resource="urn:mace:shibboleth:2.0:resource" + xmlns:security="urn:mace:shibboleth:2.0:security" + xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd + urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd + urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd + urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd"> + + <!-- ========================================================================================== --> + <!-- Metadata Configuration --> + <!-- --> + <!-- Below you place the mechanisms which define how to load the metadata for SP(s) you will --> + <!-- provide service to. --> + <!-- --> + <!-- Two examples are provided. The Shibboleth Documentation at --> + <!-- https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration --> + <!-- provides more details. --> + <!-- --> + <!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. --> + <!-- ========================================================================================== --> + + <!-- + Example HTTP metadata provider. Use this if you want to download the metadata + from a remote source. + + You *MUST* provide the SignatureValidationFilter in order to function securely. + Get the public key certificate from the party publishing the metadata, and validate + it with them via some out of band mechanism (e.g., a fingerprint on a secure page). + + The EntityRoleWhiteList saves memory by only loading metadata from SAML roles + that the IdP needs to interoperate with. + --> + + <!-- + <MetadataProvider id="HTTPMetadata" + xsi:type="FileBackedHTTPMetadataProvider" + backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml" + metadataURL="http://WHATEVER"> + + <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" /> + <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/> + <MetadataFilter xsi:type="EntityRoleWhiteList"> + <RetainedRole>md:SPSSODescriptor</RetainedRole> + </MetadataFilter> + </MetadataProvider> + --> + + <!-- + Example file metadata provider. Use this if you want to load metadata + from a local file. You might use this if you have some local SPs + which are not "federated" but you wish to offer a service to. + + If you do not provide a SignatureValidation filter, then you have the + responsibility to ensure that the contents on disk are trustworthy. + --> + + <MetadataProvider id="sp.nordu.dev" xsi:type="FilesystemMetadataProvider" metadataFile="/metadata/apache-sp/sp-metadata.xml"/> + +</MetadataProvider> |