diff options
Diffstat (limited to 'conf-from-container/conf/attribute-resolver.xml')
| -rw-r--r-- | conf-from-container/conf/attribute-resolver.xml | 108 |
1 files changed, 0 insertions, 108 deletions
diff --git a/conf-from-container/conf/attribute-resolver.xml b/conf-from-container/conf/attribute-resolver.xml deleted file mode 100644 index 35f3b35..0000000 --- a/conf-from-container/conf/attribute-resolver.xml +++ /dev/null @@ -1,108 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - This file is an EXAMPLE configuration file. While the configuration - presented in this example file is semi-functional, it isn't very - interesting. It is here only as a starting point for your deployment - process. - - Very few attribute definitions and data connectors are demonstrated, - and the data is derived statically from the logged-in username and a - static example connector. - - Attribute-resolver-full.xml contains more examples of attributes, - encoders, and data connectors. Deployers should refer to the Shibboleth - documentation for a complete list of components and their options. - - NOTE: This file is from the Nordunet template-config - ---> -<AttributeResolver - xmlns="urn:mace:shibboleth:2.0:resolver" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd"> - - - <!-- ========================================== --> - <!-- Attribute Definitions --> - <!-- ========================================== --> - - <!-- - The EPPN is the "standard" federated username in higher ed. - For guidelines on the implementation of this attribute, refer - to the Shibboleth and eduPerson documentation. Above all, do - not expose a value for this attribute without considering the - long term implications. - --> - <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}" sourceAttributeID="uid"> - <Dependency ref="myLDAP" /> - <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" /> - <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" /> - </AttributeDefinition> - - <!-- - The uid is the closest thing to a "standard" LDAP attribute - representing a local username, but you should generally *never* - expose uid to federated services, as it is rarely globally unique. - --> - <AttributeDefinition id="uid" xsi:type="Simple" sourceAttributeID="uid"> - <Dependency ref="myLDAP" /> - <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" /> - <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" /> - </AttributeDefinition> - - <!-- - In the rest of the world, the email address is the standard identifier, - despite the problems with that practice. Consider making the EPPN value - the same as your official email addresses whenever possible. - --> - <AttributeDefinition id="mail" xsi:type="Simple" sourceAttributeID="mail"> - <Dependency ref="myLDAP" /> - <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" /> - <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" /> - </AttributeDefinition> - - <!-- ========================================== --> - <!-- Data Connectors --> - <!-- ========================================== --> - - <!-- - Example LDAP Connector - - The connectivity details can be specified in ldap.properties to - share them with your authentication settings if desired. - --> - <DataConnector id="myLDAP" xsi:type="LDAPDirectory" - ldapURL="ldaps://ldap.nordu.net" - baseDN="dc=nordu,dc=net"> - <FilterTemplate> - <![CDATA[ - (uid=$requestContext.principalName) - ]]> - </FilterTemplate> - </DataConnector> -<!-- <DataConnector id="myLDAP" xsi:type="LDAPDirectory" - ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}" - baseDN="%{idp.attribute.resolver.LDAP.baseDN}" - principal="%{idp.attribute.resolver.LDAP.bindDN}" - principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}" - useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}" - connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}" - trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}" - responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"> - <FilterTemplate> - <![CDATA[ - %{idp.attribute.resolver.LDAP.searchFilter} - ]]> - </FilterTemplate> - <ConnectionPool - minPoolSize="%{idp.pool.LDAP.minSize:3}" - maxPoolSize="%{idp.pool.LDAP.maxSize:10}" - blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}" - validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}" - validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}" - expirationTime="%{idp.pool.LDAP.idleTime:PT10M}" - failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" /> - </DataConnector> - --> - -</AttributeResolver> |