Document toolboxDocument toolbox

Version 2

Service Provider Single Server Configuration

  • /etc/shibboleth/shibboleth2.xml

<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" clockSkew="180"> <ApplicationDefaults entityID="https://pcr360.pcr.com/shibboleth-sp" REMOTE_USER="uid"> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false"> <SSO entityID="https://shibboleth.pcr.com/idp/shibboleth" discoveryProtocol="SAMLDS" discoveryURL="https://shibboleth.pcr.com/DS/WAYF"> SAML2 SAML1 </SSO> <Logout>SAML2 Local</Logout> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/> <Handler type="Status" Location="/Status" acl="127.0.0.1"/> <Handler type="Session" Location="/Session" showAttributeValues="false"/> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/> </Sessions> <Errors supportContact="help@pcr.com" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/> <MetadataProvider type="XML" uri=" http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml" backingFilePath="InCommon-metadata.xml" reloadInterval="180000" /> <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/> <AttributeResolver type="Query" subjectMatch="true"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/> </ApplicationDefaults> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/> </SPConfig>



Service Provider Multiple Server Configuration

  • /etc/shibboleth/shibboleth2.xml

<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" clockSkew="180"> <ApplicationDefaults entityID="https://<PROD_SERVER>/shibboleth-sp" REMOTE_USER="uid"> <Sessions lifetime="28800" timeout="14400" checkAddress="false" relayState="ss:mem" handlerSSL="false"> <SSO entityID="<CUSTOMER_ENTITY_SERVER>" discoveryProtocol="SAMLDS" discoveryURL="http://www.w3.org/2000/09/xmldsig#"> SAML2 SAML1 </SSO> <Logout>SAML2 Local</Logout> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/> <Handler type="Status" Location="/Status" acl="127.0.0.1"/> <Handler type="Session" Location="/Session" showAttributeValues="false"/> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/> </Sessions> <Errors supportContact="help@pcr.com" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/> <MetadataProvider type="XML" ' uri="<CUSTOMER_METADATA_SERVER>" backingFilePath="InCommon-metadata.xml" reloadInterval="180000" /> <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/> <AttributeResolver type="Query" subjectMatch="true"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/> <ApplicationOverride id="pcr360test" entityID="https://<TEST_SERVER>/shibboleth-sp" REMOTE_USER="uid"> <Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false"> <SSO entityID="<CUSTOMER_ENTITY_SERVER>" discoveryProtocol="SAMLDS" discoveryURL="http://www.w3.org/2000/09/xmldsig#"> SAML2 SAML1 </SSO> <Logout>SAML2 Local</Logout> <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/> <Handler type="Status" Location="/Status" acl="127.0.0.1"/> <Handler type="Session" Location="/Session" showAttributeValues="false"/> <Handler type="DiscoveryFeed" Location="/DiscoFeed"/> </Sessions> <Errors supportContact="help@pcr.com" logoLocation="/shibboleth-sp/logo.jpg" styleSheet="/shibboleth-sp/main.css"/> <MetadataProvider type="XML" uri="<CUSTOMER_METADATA_SERVER>" backingFilePath="InCommon-metadata.xml" reloadInterval="180000" /> <AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/> <AttributeResolver type="Query" subjectMatch="true"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/> <CredentialResolver type="File" key="sp-key-test.pem" certificate="sp-cert-test.pem"/> </ApplicationOverride> </ApplicationDefaults> <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/> <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/> </SPConfig>



Related pages