1 files changed, 62 insertions, 0 deletions

diff --git a/conf-from-container/conf/saml-nameid.xml b/conf-from-container/conf/saml-nameid.xml
new file mode 100644
index 0000000..ea97448
--- /dev/null
+++ b/conf-from-container/conf/saml-nameid.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:context="http://www.springframework.org/schema/context"
+       xmlns:util="http://www.springframework.org/schema/util"
+       xmlns:p="http://www.springframework.org/schema/p"
+       xmlns:c="http://www.springframework.org/schema/c"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+                           
+       default-init-method="initialize"
+       default-destroy-method="destroy">
+
+    <!-- ========================= SAML NameID Generation ========================= -->
+
+    <!--
+    These generator lists handle NameID/Nameidentifier generation going forward. By default,
+    transient IDs for both SAML versions are enabled. The commented examples are for persistent IDs
+    and generating more one-off formats based on resolved attributes. The suggested approach is to
+    control their use via release of the underlying source attribute in the filter policy rather
+    than here, but you can set a property on any generator called "activationCondition" to limit
+    use in the most generic way.
+    
+    Most of the relevant configuration settings are controlled using properties; an exception is
+    the generation of arbitrary/custom formats based on attribute information, examples of which
+    are shown below.
+    
+    -->
+    
+    <!-- SAML 2 NameID Generation -->
+    <util:list id="shibboleth.SAML2NameIDGenerators">
+    
+        <ref bean="shibboleth.SAML2TransientGenerator" />
+        
+        <!-- Uncommenting this bean requires configuration in saml-nameid.properties. -->
+        <!--
+        <ref bean="shibboleth.SAML2PersistentGenerator" />
+        -->
+
+        <!--
+        <bean parent="shibboleth.SAML2AttributeSourcedGenerator"
+            p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+            p:attributeSourceIds="#{ {'mail'} }" />
+        -->
+                
+    </util:list>
+
+    <!-- SAML 1 NameIdentifier Generation -->
+    <util:list id="shibboleth.SAML1NameIdentifierGenerators">
+
+        <ref bean="shibboleth.SAML1TransientGenerator" />
+
+        <!--
+        <bean parent="shibboleth.SAML1AttributeSourcedGenerator"
+            p:format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
+            p:attributeSourceIds="#{ {'mail'} }" />
+        -->
+                
+    </util:list>
+    
+</beans>