Versions Compared

Old Version 28

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 29

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagexml
firstline1
titleswamid-IIS-shibboleth2.xml
linenumberstrue
collapsetrue
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
    xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"    
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    clockSkew="180">

    <InProcess logger="native.logger">
        <ISAPI normalizeRequest="true" safeHeaderNames="true">
            <Site id="1" name="swamidsp.example.org" scheme="https" port="443"/>
        </ISAPI>
    </InProcess>

    <RequestMapper type="Native">
        <RequestMap>
            <Host name="swamidsp.example.org">
                <Path name="myswamidapp" requireSession="true"  authType="shibboleth"/>
            </Host>
        </RequestMap>
    </RequestMapper>

    <ApplicationDefaults entityID="https://swamidsp.example.org"
                         REMOTE_USER="eppn persistent-id targeted-id"
                         metadataAttributePrefix="Meta-">
        <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
                  checkAddress="false" handlerSSL="true" cookieProps="http">

            <Logout>SAML2 Local</Logout>

	<SessionInitiator type="Chaining" Location="/DS/Login" id="swamid-ds-default" relayState="cookie">
	   <SessionInitiator type="SAML2" defaultACSIndex="1" acsByIndex="false" template="bindingTemplate.html"/>
	   <SessionInitiator type="Shib1" defaultACSIndex="5"/>
	   <SessionInitiator type="SAMLDS" URL="https://md.nordu.net/role/idp.ds"/>
	</SessionInitiator>

            <md:AssertionConsumerService Location="/SAML2/POST" index="1"
                Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                conf:ignoreNoPassive="true"/>

            <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
            <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>

            <Handler type="Session" Location="/Session" showAttributeValues="false"/>

            <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>

            
            <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
                Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
        </Sessions>

        <Errors supportContact="webmaster@example.org"
            helpLocation="/about.html"
            styleSheet="/shibboleth-sp/main.css"/>

        <MetadataProvider 
                type="XML" 
                uri="http://md.swamid.se/md/swamid-idp-transitive.xml"
                backingFilePath="swamid-idp-transitive.xml" reloadInterval="300">
             <SignatureMetadataFilter certificate="swamid-signer.crt"/>
 </MetadataProvider>

       <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
        <AttributeResolver type="Query" subjectMatch="true"/>

        <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>

        <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>

    </ApplicationDefaults>

    <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>

    <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>

</SPConfig>

 

THe The two example configuration files uses SWAMIDs standard Discovery Service (DS) which means that it will be possible to login from all Identity Providers within eduGAIN but you won't get attributes from all of them due to that not all Identity Providers supports entity categories. If you only want have Identity Providers within SWAMID you change "https://md.nordu.net/role/idp.ds" to "https://md.nordu.net/swamid.ds" on row 19 in swamid-apache-shibboleth2.xml or row 33 in swamid-IIS-shibboleth2.xml.

...