summaryrefslogtreecommitdiff
path: root/idp/template-config
diff options
context:
space:
mode:
authorMarkus Krogh <markus@nordu.net>2017-10-02 14:20:48 +0200
committerMarkus Krogh <markus@nordu.net>2017-10-02 14:20:48 +0200
commitaab254a9894c8d04679e7aeffcab22f35eeadf7d (patch)
tree5462a2124adf3d4de99b107835b53ea3fd53d172 /idp/template-config
parent818063992c86ac7e6f6b085e6d97886a23af5512 (diff)
Rearange template files. Start on templating
Diffstat (limited to 'idp/template-config')
-rw-r--r--idp/template-config/README.md5
-rw-r--r--idp/template-config/attribute-filter.xml283
-rw-r--r--idp/template-config/attribute-resolver.xml223
-rw-r--r--idp/template-config/edupersontargetdid.xml.add16
-rw-r--r--idp/template-config/logback.xml199
-rw-r--r--idp/template-config/metadata-providers.xml57
6 files changed, 0 insertions, 783 deletions
diff --git a/idp/template-config/README.md b/idp/template-config/README.md
deleted file mode 100644
index 6002238..0000000
--- a/idp/template-config/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-# IDP config templates
-
-This directory contains the files which are being replaced after running install.
-
-Dockerfile should install these after running install.
diff --git a/idp/template-config/attribute-filter.xml b/idp/template-config/attribute-filter.xml
deleted file mode 100644
index 3514282..0000000
--- a/idp/template-config/attribute-filter.xml
+++ /dev/null
@@ -1,283 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE policy file. While the policy presented in this
- example file is illustrative of some simple cases, it relies on the names of
- non-existent example services and the example attributes demonstrated in the
- default attribute-resolver.xml file.
-
- Deployers should refer to the documentation for a complete list of components
- and their options.
--->
-<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
- xmlns="urn:mace:shibboleth:2.0:afp"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
-
- <AttributeFilterPolicy id="releaseTransientIdToAnyone">
- <PolicyRequirementRule xsi:type="ANY" />
-
- <AttributeRule attributeID="transientId">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="persistentId">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- </AttributeFilterPolicy>
-
-
- <!-- GEANT Data protection Code of Conduct -->
- <AttributeFilterPolicy id="releaseToCoCo">
- <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
- attributeName="http://macedir.org/entity-category"
- attributeValue="http://www.geant.net/uri/dataprotection-code-of-conduct/v1" />
- <AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
- </AttributeRule>
- <AttributeRule attributeID="cn">
- <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
- </AttributeRule>
- <AttributeRule attributeID="email">
- <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonScopedAffiliation">
- <PermitValueRule xsi:type="AND">
- <Rule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
- <Rule xsi:type="OR">
- <Rule xsi:type="Value" value="faculty" ignoreCase="true" />
- <Rule xsi:type="Value" value="student" ignoreCase="true" />
- <Rule xsi:type="Value" value="staff" ignoreCase="true" />
- <Rule xsi:type="Value" value="alum" ignoreCase="true" />
- <Rule xsi:type="Value" value="member" ignoreCase="true" />
- <Rule xsi:type="Value" value="affiliate" ignoreCase="true" />
- <Rule xsi:type="Value" value="employee" ignoreCase="true" />
- <Rule xsi:type="Value" value="library-walk-in" ignoreCase="true" />
- </Rule>
- </PermitValueRule>
- </AttributeRule>
- <AttributeRule attributeID="eduPersonAffiliation">
- <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
- </AttributeRule>
- <AttributeRule attributeID="schacHomeOrganization">
- <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
- </AttributeRule>
- <AttributeRule attributeID="schacHomeOrganizationType">
- <PermitValueRule xsi:type="AttributeInMetadata" onlyIfRequired="true" />
- </AttributeRule>
- </AttributeFilterPolicy>
-
- <!-- REFEDS Research and Schoolarship -->
- <AttributeFilterPolicy id="releaseToRandS">
- <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
- attributeName="http://macedir.org/entity-category"
- attributeValue="http://refeds.org/category/research-and-scholarship" />
-
- <AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="surname">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="email">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonScopedAffiliation">
- <PermitValueRule xsi:type="OR">
- <Rule xsi:type="Value" value="faculty" ignoreCase="true" />
- <Rule xsi:type="Value" value="student" ignoreCase="true" />
- <Rule xsi:type="Value" value="staff" ignoreCase="true" />
- <Rule xsi:type="Value" value="alum" ignoreCase="true" />
- <Rule xsi:type="Value" value="member" ignoreCase="true" />
- <Rule xsi:type="Value" value="affiliate" ignoreCase="true" />
- <Rule xsi:type="Value" value="employee" ignoreCase="true" />
- <Rule xsi:type="Value" value="library-walk-in" ignoreCase="true" />
- </PermitValueRule>
- </AttributeRule>
- </AttributeFilterPolicy>
-
- <!-- entity-category-swamid-research-and-education -->
- <AttributeFilterPolicy id="entity-category-research-and-education">
- <PolicyRequirementRule xsi:type="AND">
- <Rule xsi:type="OR">
- <Rule xsi:type="EntityAttributeExactMatch"
- attributeName="http://macedir.org/entity-category"
- attributeValue="http://www.swamid.se/category/eu-adequate-protection" />
- <Rule xsi:type="EntityAttributeExactMatch"
- attributeName="http://macedir.org/entity-category"
- attributeValue="http://www.swamid.se/category/nren-service" />
- <Rule xsi:type="EntityAttributeExactMatch"
- attributeName="http://macedir.org/entity-category"
- attributeValue="http://www.swamid.se/category/hei-service" />
- </Rule>
- <Rule xsi:type="EntityAttributeExactMatch"
- attributeName="http://macedir.org/entity-category"
- attributeValue="http://www.swamid.se/category/research-and-education" />
- </PolicyRequirementRule>
-
- <AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="surname">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonAssurance">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="email">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonScopedAffiliation">
- <PermitValueRule xsi:type="OR">
- <Rule xsi:type="Value" value="faculty" ignoreCase="true" />
- <Rule xsi:type="Value" value="student" ignoreCase="true" />
- <Rule xsi:type="Value" value="staff" ignoreCase="true" />
- <Rule xsi:type="Value" value="alum" ignoreCase="true" />
- <Rule xsi:type="Value" value="member" ignoreCase="true" />
- <Rule xsi:type="Value" value="affiliate" ignoreCase="true" />
- <Rule xsi:type="Value" value="employee" ignoreCase="true" />
- <Rule xsi:type="Value" value="library-walk-in" ignoreCase="true" />
- </PermitValueRule>
- </AttributeRule>
- <AttributeRule attributeID="organizationName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="norEduOrgAcronym">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="countryName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="friendlyCountryName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="schacHomeOrganization">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- </AttributeFilterPolicy>
-
- <!-- Release some attributes to an SP. -->
- <!-- Note: requester seems to need the path /shibboleth to be included to match this! -->
- <AttributeFilterPolicy id="sp.nordu.dev">
- <PolicyRequirementRule xsi:type="Requester" value="https://sp.nordu.dev/shibboleth" />
- <!-- <PolicyRequirementRule xsi:type="ANY" /> -->
- <AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="uid">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="mail">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="surname">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="commonName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="employeeType">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="email">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonEntitlement">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="mailLocalAddress">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonScopedAffiliation">
- <PermitValueRule xsi:type="OR">
- <Rule xsi:type="Value" value="faculty" ignoreCase="true" />
- <Rule xsi:type="Value" value="student" ignoreCase="true" />
- <Rule xsi:type="Value" value="staff" ignoreCase="true" />
- <Rule xsi:type="Value" value="alum" ignoreCase="true" />
- <Rule xsi:type="Value" value="member" ignoreCase="true" />
- <Rule xsi:type="Value" value="affiliate" ignoreCase="true" />
- <Rule xsi:type="Value" value="employee" ignoreCase="true" />
- <Rule xsi:type="Value" value="library-walk-in" ignoreCase="true" />
- </PermitValueRule>
- </AttributeRule>
- <AttributeRule attributeID="organizationName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- </AttributeFilterPolicy>
-
- <!-- ukfederation + incommon -->
- <AttributeFilterPolicy id="everyoneInSwamidFeed">
- <PolicyRequirementRule xsi:type="InEntityGroup" groupID="http://mds.swamid.se/md/swamid-2.0.xml" />
- <AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="surname">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="commonName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="email">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonEntitlement">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonTargetedID">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonScopedAffiliation">
- <PermitValueRule xsi:type="OR">
- <Rule xsi:type="Value" value="faculty" ignoreCase="true" />
- <Rule xsi:type="Value" value="student" ignoreCase="true" />
- <Rule xsi:type="Value" value="staff" ignoreCase="true" />
- <Rule xsi:type="Value" value="alum" ignoreCase="true" />
- <Rule xsi:type="Value" value="member" ignoreCase="true" />
- <Rule xsi:type="Value" value="affiliate" ignoreCase="true" />
- <Rule xsi:type="Value" value="employee" ignoreCase="true" />
- <Rule xsi:type="Value" value="library-walk-in" ignoreCase="true" />
- </PermitValueRule>
- </AttributeRule>
- <AttributeRule attributeID="organizationName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="norEduOrgAcronym">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="countryName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="friendlyCountryName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="schacHomeOrganization">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- </AttributeFilterPolicy>
-
-</AttributeFilterPolicyGroup>
diff --git a/idp/template-config/attribute-resolver.xml b/idp/template-config/attribute-resolver.xml
deleted file mode 100644
index 92fb1bb..0000000
--- a/idp/template-config/attribute-resolver.xml
+++ /dev/null
@@ -1,223 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE configuration file. While the configuration
- presented in this example file is semi-functional, it isn't very
- interesting. It is here only as a starting point for your deployment
- process.
-
- Very few attribute definitions and data connectors are demonstrated,
- and the data is derived statically from the logged-in username and a
- static example connector.
-
- Attribute-resolver-full.xml contains more examples of attributes,
- encoders, and data connectors. Deployers should refer to the Shibboleth
- documentation for a complete list of components and their options.
-
- NOTE: This file is from the Nordunet template-config
-
--->
-<AttributeResolver
- xmlns="urn:mace:shibboleth:2.0:resolver"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
-
-
- <!-- ========================================== -->
- <!-- Attribute Definitions -->
- <!-- ========================================== -->
-
- <!--
- The EPPN is the "standard" federated username in higher ed.
- For guidelines on the implementation of this attribute, refer
- to the Shibboleth and eduPerson documentation. Above all, do
- not expose a value for this attribute without considering the
- long term implications.
- -->
- <!--
- The uid is the closest thing to a "standard" LDAP attribute
- representing a local username, but you should generally *never*
- expose uid to federated services, as it is rarely globally unique.
- -->
- <AttributeDefinition id="uid" xsi:type="Simple" sourceAttributeID="uid">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" />
- </AttributeDefinition>
-
- <!--
- In the rest of the world, the email address is the standard identifier,
- despite the problems with that practice. Consider making the EPPN value
- the same as your official email addresses whenever possible.
- -->
- <AttributeDefinition id="mail" xsi:type="Simple" sourceAttributeID="mail">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
- </AttributeDefinition>
-
- <AttributeDefinition id="email" xsi:type="Simple" sourceAttributeID="mail">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" />
- </AttributeDefinition>
-
- <AttributeDefinition id="commonName" xsi:type="Simple" sourceAttributeID="cn">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:cn" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.3" friendlyName="cn" />
- </AttributeDefinition>
-
- <AttributeDefinition id="displayName" xsi:type="Simple" sourceAttributeID="cn"><!-- yes for ndn ldap this is correct -->
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" />
- </AttributeDefinition>
-
- <AttributeDefinition id="surname" xsi:type="Simple" sourceAttributeID="sn">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" />
- </AttributeDefinition>
-
- <AttributeDefinition id="organizationName" xsi:type="Simple" sourceAttributeID="o">
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:o" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" />
- </AttributeDefinition>
-
- <AttributeDefinition id="givenName" xsi:type="Simple" sourceAttributeID="givenName">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" />
- </AttributeDefinition>
-
- <!-- Schema: inetOrgPerson attributes-->
- <AttributeDefinition id="employeeType" xsi:type="Simple" sourceAttributeID="employeeType">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeType" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" />
- </AttributeDefinition>
-
- <!-- Schema: eduPerson attributes -->
-
- <AttributeDefinition id="mappedEduPersonEntitlement" xsi:type="Mapped" sourceAttributeID="memberOf" dependencyOnly="true">
- <Dependency ref="myLDAPGROUPS" />
- <ValueMap>
- <ReturnValue>urn:x-ldapgroup:ndn-sysadmin</ReturnValue>
- <SourceValue>cn=ndn-sysadmin,ou=groups,dc=nordu,dc=net</SourceValue>
- </ValueMap>
- <ValueMap>
- <ReturnValue>urn:x-ldapgroup:ndn-netadmin</ReturnValue>
- <SourceValue>cn=ndn-netadmin,ou=groups,dc=nordu,dc=net</SourceValue>
- </ValueMap>
- <ValueMap>
- <ReturnValue>urn:x-ldapgroup:ndn-secadmin</ReturnValue>
- <SourceValue>cn=ndn-secadmin,ou=groups,dc=nordu,dc=net</SourceValue>
- </ValueMap>
- </AttributeDefinition>
-
- <AttributeDefinition id="eduPersonEntitlement" xsi:type="Simple" sourceAttributeID="staticeduPersonEntitlement">
- <Dependency ref="mappedEduPersonEntitlement" />
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" />
- </AttributeDefinition>
-
- <AttributeDefinition id="eduPersonPrimaryAffiliation" xsi:type="Simple" sourceAttributeID="eduPersonPrimaryAffiliation">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" />
- </AttributeDefinition>
-
- <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="uid"><!-- In ndn it is uid+scope -->
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" />
- </AttributeDefinition>
-
- <AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="employeeType">
- <Dependency ref="myLDAP" />
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" />
- </AttributeDefinition>
-
-<!-- from swamid installer -->
- <AttributeDefinition id="norEduOrgAcronym" xsi:type="Simple" sourceAttributeID="norEduOrgAcronym">
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:norEduOrgAcronym" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.2428.90.1.6" friendlyName="norEduOrgAcronym" />
- </AttributeDefinition>
-
- <AttributeDefinition id="schacHomeOrganization" xsi:type="Simple" sourceAttributeID="schacHomeOrganization">
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:schacHomeOrganization" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.25178.1.2.9" friendlyName="schacHomeOrganization" />
- </AttributeDefinition>
-
- <AttributeDefinition id="schacHomeOrganizationType" xsi:type="Simple" sourceAttributeID="schacHomeOrganizationType">
- <Dependency ref="staticAttributes" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:schacHomeOrganization" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.25178.1.2.9" friendlyName="schacHomeOrganization" />
- </AttributeDefinition>
-
- <!-- If we want to use google apps at some point we need: friendlyCountryName, countryName and principal -->
-
-
-
- <!-- ========================================== -->
- <!-- Data Connectors -->
- <!-- ========================================== -->
-
- <!--
- Example LDAP Connector
-
- The connectivity details can be specified in ldap.properties to
- share them with your authentication settings if desired.
- -->
- <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
- ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
- baseDN="%{idp.attribute.resolver.LDAP.baseDN}">
- <FilterTemplate>
- <![CDATA[
- %{idp.attribute.resolver.LDAP.searchFilter}
- ]]>
- </FilterTemplate>
- </DataConnector>
- <DataConnector id="myLDAPGROUPS" xsi:type="LDAPDirectory"
- ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
- baseDN="%{idp.attribute.resolver.LDAP.baseDN}">
- <FilterTemplate>
- <![CDATA[
- %{idp.attribute.resolver.LDAP.searchFilter}
- ]]>
- </FilterTemplate>
- <ReturnAttributes>memberOf</ReturnAttributes>
- </DataConnector>
-
- <DataConnector id="staticAttributes" xsi:type="Static">
- <Attribute id="o">
- <Value>NORDUnet A/S</Value>
- </Attribute>
- <Attribute id="schacHomeOrganization">
- <Value>nordu.net</Value>
- </Attribute>
- <Attribute id="schacHomeOrganizationType">
- <Value>urn:schac:homeOrganizationType:int:NREN</Value>
- </Attribute>
- <Attribute id="norEduOrgAcronym">
- <Value>NORDUNet</Value>
- </Attribute>
- <Attribute id="staticeduPersonEntitlement">
- <Value>urn:mace:dir:entitlement:common-lib-terms</Value>
- <Value>urn:mace:terena.org:tcs:escience-user</Value>
- <Value>urn:mace:terena.org:tcs:personal-user</Value>
- <Value>urn:mace:rediris.es:entitlement:wiki:tfemc2</Value>
- <Value>urn:mace:swami.se:gmai:sunet-baas:admin</Value>
- <Value>urn:mace:swami.se:gmai:sunet-iaas:admin</Value>
- <Value>urn:mace:swami.se:gmai:sunet-iaas:user</Value>
- </Attribute>
- </DataConnector>
-
- <!-- eduPersonTargetdID placeholder -->
-
-</AttributeResolver>
diff --git a/idp/template-config/edupersontargetdid.xml.add b/idp/template-config/edupersontargetdid.xml.add
deleted file mode 100644
index 8601da6..0000000
--- a/idp/template-config/edupersontargetdid.xml.add
+++ /dev/null
@@ -1,16 +0,0 @@
- <AttributeDefinition xsi:type="SAML2NameID" id="eduPersonTargetedID"
- nameIdFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
- sourceAttributeID="computedId">
- <Dependency ref="ComputedId" />
- <AttributeEncoder xsi:type="SAML1XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" />
- <AttributeEncoder xsi:type="SAML2XMLObject" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.10" friendlyName="eduPersonTargetedID" />
- </AttributeDefinition>
-
-
- <!-- The V3 IdP uses a new dedicated service for configuring NameID generation. The legacy V2 approach of encoding attributes into identifiers using attribute-resolver.xml and special attribute encoders that generate NameIdentifiers or NameIDs instead of Attributes is supported for compatibility purposes, but is deprecated and may be removed from a future version.-->
- <DataConnector id="ComputedId" xsi:type="ComputedId"
- generatedAttributeID="computedId"
- sourceAttributeID="%{idp.persistentId.sourceAttribute}"
- salt="%{idp.persistentId.salt}">
- <Dependency ref="myLDAP" />
- </DataConnector>
diff --git a/idp/template-config/logback.xml b/idp/template-config/logback.xml
deleted file mode 100644
index 6afa4ef..0000000
--- a/idp/template-config/logback.xml
+++ /dev/null
@@ -1,199 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <!--
- Variables for simplifying logging configuration.
- http://logback.qos.ch/manual/configuration.html#variableSubstitution
- -->
-
- <variable name="idp.logfiles" value="${idp.home}/logs" />
- <variable name="idp.loghistory" value="180" />
-
- <!-- Much higher performance if you operate on DEBUG. -->
- <!-- <variable name="idp.process.appender" value="ASYNC_PROCESS" /> -->
-
- <!-- Logging level shortcuts. -->
- <variable name="idp.loglevel.idp" value="INFO" />
- <variable name="idp.loglevel.ldap" value="WARN" />
- <variable name="idp.loglevel.messages" value="INFO" />
- <variable name="idp.loglevel.encryption" value="INFO" />
- <variable name="idp.loglevel.opensaml" value="INFO" />
- <variable name="idp.loglevel.props" value="INFO" />
-
- <!-- Don't turn these up unless you want a *lot* of noise. -->
- <variable name="idp.loglevel.spring" value="ERROR" />
- <variable name="idp.loglevel.container" value="ERROR" />
- <variable name="idp.loglevel.xmlsec" value="INFO" />
-
- <!--
- If you want to use custom properties in this config file,
- we load the main property file for you.
- -->
- <variable file="${idp.home}/conf/idp.properties" />
-
- <!-- =========================================================== -->
- <!-- ============== Logging Categories and Levels ============== -->
- <!-- =========================================================== -->
-
- <!-- Logs IdP, but not OpenSAML, messages -->
- <logger name="net.shibboleth.idp" level="${idp.loglevel.idp:-INFO}"/>
-
- <!-- Logs OpenSAML, but not IdP, messages -->
- <logger name="org.opensaml.saml" level="${idp.loglevel.opensaml:-INFO}"/>
-
- <!-- Logs LDAP related messages -->
- <logger name="org.ldaptive" level="${idp.loglevel.ldap:-WARN}"/>
-
- <!-- Logs inbound and outbound protocols messages at DEBUG level -->
- <logger name="PROTOCOL_MESSAGE" level="${idp.loglevel.messages:-INFO}" />
-
- <!-- Logs unencrypted SAML at DEBUG level -->
- <logger name="org.opensaml.saml.saml2.encryption.Encrypter" level="${idp.loglevel.encryption:-INFO}" />
-
- <!-- Logs system properties during startup at DEBUG level -->
- <logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props:-INFO}" />
-
- <!-- Especially chatty. -->
- <logger name="net.shibboleth.idp.saml.attribute.mapping" level="INFO" />
- <logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec:-INFO}" />
- <logger name="org.springframework" level="${idp.loglevel.spring:-ERROR}"/>
- <logger name="org.apache.catalina" level="${idp.loglevel.container:-ERROR}"/>
- <logger name="org.eclipse.jetty" level="${idp.loglevel.container:-ERROR}"/>
-
-
- <!-- =========================================================== -->
- <!-- ============== Low Level Details or Changes =============== -->
- <!-- =========================================================== -->
-
- <!-- Process log. -->
- <appender name="IDP_PROCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <File>${idp.logfiles}/idp-process.log</File>
-
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- <maxHistory>${idp.loghistory:-180}</maxHistory>
- </rollingPolicy>
-
- <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
- </encoder>
-
- <!-- Ignore Velocity status page error. -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator>
- <matcher>
- <Name>VelocityStatusMatcher</Name>
- <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex>
- </matcher>
- <expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
- </evaluator>
- <OnMatch>DENY</OnMatch>
- </filter>
- </appender>
-
- <appender name="ASYNC_PROCESS" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="IDP_PROCESS" />
- <discardingThreshold>0</discardingThreshold>
- </appender>
-
- <appender name="IDP_WARN" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <!-- Suppress anything below WARN. -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
-
- <File>${idp.logfiles}/idp-warn.log</File>
-
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- <maxHistory>${idp.loghistory:-180}</maxHistory>
- </rollingPolicy>
-
- <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
- </encoder>
-
- <!-- Ignore Velocity status page error. -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator>
- <matcher>
- <Name>VelocityStatusMatcher</Name>
- <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex>
- </matcher>
- <expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
- </evaluator>
- <OnMatch>DENY</OnMatch>
- </filter>
- </appender>
-
- <!-- Audit log. -->
- <appender name="IDP_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <File>${idp.logfiles}/idp-audit.log</File>
-
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- <maxHistory>${idp.loghistory:-180}</maxHistory>
- </rollingPolicy>
-
- <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <charset>UTF-8</charset>
- <Pattern>%msg%n</Pattern>
- </encoder>
- </appender>
-
- <!-- Consent audit log. -->
- <appender name="IDP_CONSENT_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <File>${idp.logfiles}/idp-consent-audit.log</File>
-
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- <maxHistory>${idp.loghistory:-180}</maxHistory>
- </rollingPolicy>
-
- <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <charset>UTF-8</charset>
- <Pattern>%msg%n</Pattern>
- </encoder>
- </appender>
-
- <!-- F-TICKS syslog destination. -->
- <appender name="IDP_AUDIT_FTICKS" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <File>${idp.home}/logs/idp-audit-fticks.log</File>
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${idp.home}/logs/idp-audit-fticks%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- <maxHistory>180</maxHistory>
- </rollingPolicy>
- <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <charset>UTF-8</charset>
- <Pattern>%msg%n</Pattern>
- </encoder>
- </appender>
-
- <appender name="IDP_FTICKS" class="ch.qos.logback.classic.net.SyslogAppender">
- <syslogHost>${idp.fticks.loghost:-localhost}</syslogHost>
- <port>${idp.fticks.logport:-514}</port>
- <facility>AUTH</facility>
- <suffixPattern>[%thread] %logger %msg</suffixPattern>
- </appender>
-
- <logger name="Shibboleth-Audit" level="ALL">
- <appender-ref ref="${idp.audit.appender:-IDP_AUDIT}"/>
- </logger>
-
- <logger name="Shibboleth-FTICKS" level="ALL" additivity="false">
- <appender-ref ref="${idp.fticks.appender:-IDP_FTICKS}"/>
- <appender-ref ref="IDP_AUDIT_FTICKS"/>
- </logger>
-
- <logger name="Shibboleth-Consent-Audit" level="ALL">
- <appender-ref ref="${idp.consent.appender:-IDP_CONSENT_AUDIT}"/>
- </logger>
-
- <root level="${idp.loglevel.root:-INFO}">
- <appender-ref ref="${idp.process.appender:-IDP_PROCESS}"/>
- <appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
- </root>
-
-</configuration>
diff --git a/idp/template-config/metadata-providers.xml b/idp/template-config/metadata-providers.xml
deleted file mode 100644
index d813c06..0000000
--- a/idp/template-config/metadata-providers.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- This file is an EXAMPLE metadata configuration file. -->
-<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
- xmlns="urn:mace:shibboleth:2.0:metadata"
- xmlns:resource="urn:mace:shibboleth:2.0:resource"
- xmlns:security="urn:mace:shibboleth:2.0:security"
- xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
- urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
- urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
- urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
-
- <!-- ========================================================================================== -->
- <!-- Metadata Configuration -->
- <!-- -->
- <!-- Below you place the mechanisms which define how to load the metadata for SP(s) you will -->
- <!-- provide service to. -->
- <!-- -->
- <!-- Two examples are provided. The Shibboleth Documentation at -->
- <!-- https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration -->
- <!-- provides more details. -->
- <!-- -->
- <!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. -->
- <!-- ========================================================================================== -->
-
- <!--
- <MetadataProvider id="HTTPMetadata"
- xsi:type="FileBackedHTTPMetadataProvider"
- backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
- metadataURL="http://WHATEVER">
-
- <MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
- <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
- <MetadataFilter xsi:type="EntityRoleWhiteList">
- <RetainedRole>md:SPSSODescriptor</RetainedRole>
- </MetadataFilter>
- </MetadataProvider>
- -->
-
- <MetadataProvider id="SWAMID2"
- xsi:type="FileBackedHTTPMetadataProvider"
- metadataURL="https://mds.swamid.se/md/swamid-2.0.xml"
- backingFile="%{idp.home}/metadata/swamid-2.0.xml">
-
- <MetadataFilter xsi:type="SignatureValidation"
- requireSignedRoot="true"
- certificateFile="%{idp.home}/credentials/md-signer2.crt" />
- <MetadataFilter xsi:type="EntityRoleWhiteList">
- <RetainedRole>md:SPSSODescriptor</RetainedRole>
- </MetadataFilter>
- </MetadataProvider>
-
-
- <!--<MetadataProvider id="sp.nordu.dev" xsi:type="FilesystemMetadataProvider" metadataFile="/metadata/sp-metadata.xml" /> -->
-
-</MetadataProvider>
generated by cgit v1.1 at 2026-01-11 15:41:20 +0000