Version 2
Service Provider Single Server Configuration
/etc/shibboleth/shibboleth2.xml
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
clockSkew="180">
<ApplicationDefaults
entityID="https://pcr360.pcr.com/shibboleth-sp"
REMOTE_USER="uid">
<Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false">
<SSO
entityID="https://shibboleth.pcr.com/idp/shibboleth"
discoveryProtocol="SAMLDS"
discoveryURL="https://shibboleth.pcr.com/DS/WAYF">
SAML2 SAML1
</SSO>
<Logout>SAML2 Local</Logout>
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1"/>
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors
supportContact="help@pcr.com"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider
type="XML"
uri=" http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml"
backingFilePath="InCommon-metadata.xml"
reloadInterval="180000" />
<AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
</ApplicationDefaults>
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
</SPConfig>
Service Provider Multiple Server Configuration
/etc/shibboleth/shibboleth2.xml
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
clockSkew="180">
<ApplicationDefaults
entityID="https://<PROD_SERVER>/shibboleth-sp"
REMOTE_USER="uid">
<Sessions lifetime="28800" timeout="14400" checkAddress="false" relayState="ss:mem" handlerSSL="false">
<SSO
entityID="<CUSTOMER_ENTITY_SERVER>"
discoveryProtocol="SAMLDS"
discoveryURL="http://www.w3.org/2000/09/xmldsig#">
SAML2 SAML1
</SSO>
<Logout>SAML2 Local</Logout>
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1"/>
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors
supportContact="help@pcr.com"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider
type="XML" '
uri="<CUSTOMER_METADATA_SERVER>"
backingFilePath="InCommon-metadata.xml"
reloadInterval="180000" />
<AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
<ApplicationOverride
id="pcr360test"
entityID="https://<TEST_SERVER>/shibboleth-sp"
REMOTE_USER="uid">
<Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false">
<SSO
entityID="<CUSTOMER_ENTITY_SERVER>"
discoveryProtocol="SAMLDS"
discoveryURL="http://www.w3.org/2000/09/xmldsig#">
SAML2 SAML1
</SSO>
<Logout>SAML2 Local</Logout>
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<Handler type="Status" Location="/Status" acl="127.0.0.1"/>
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors
supportContact="help@pcr.com"
logoLocation="/shibboleth-sp/logo.jpg"
styleSheet="/shibboleth-sp/main.css"/>
<MetadataProvider
type="XML"
uri="<CUSTOMER_METADATA_SERVER>"
backingFilePath="InCommon-metadata.xml"
reloadInterval="180000" />
<AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/>
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<CredentialResolver type="File" key="sp-key-test.pem" certificate="sp-cert-test.pem"/>
</ApplicationOverride>
</ApplicationDefaults>
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
</SPConfig>