You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next » 

attribute-resolver.xml for Shibboleth IDP 3.2.1 and newer
 
<?xml version="1.0" encoding="UTF-8"?>
<!-- This file is an EXAMPLE metadata configuration file. -->
<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
 xmlns="urn:mace:shibboleth:2.0:metadata"
 xmlns:resource="urn:mace:shibboleth:2.0:resource"
 xmlns:security="urn:mace:shibboleth:2.0:security"
 xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
 urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd 
 urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
 urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
 
 <!-- ========================================================================================== -->
 <!-- Metadata Configuration -->
 <!-- -->
 <!-- Below you place the mechanisms which define how to load the metadata for the SP you will -->
 <!-- provide a service to. -->
 <!-- -->
 <!-- Two examples are provided. The Shibboleth Documentation at -->
 <!-- https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration -->
 <!-- provides more details. --> 
 <!-- -->
 <!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. -->
 <!-- -->
 <!-- ========================================================================================== -->
<!-- Example HTTP metadata provider. Use this if you want to download
 the metadata from a remote service.
 
 You *MUST* provider the SignatureValidationFilter in order to function securely.
 Get the PubLic key, and validate it via some out of band mechanism, from the
 party publishing the metadata
 
 The EntityRoleWhiteList saves memory by only loading metadata from entity types
 that you will interoperate with. 
 
 <MetadataProvider id="HTTPMetadata"
 xsi:type="FileBackedHTTPMetadataProvider"
 backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
 metadataURL="http://WHATEVER"> 
 
 <MetadataFilter xsi:type="SignatureValidation"
 requireSignedMetadata="false">
 <PublicKey>
 THIS IS AN EXAMPLE
 
 MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg0TyQAP/tIvOH89EtaX
 uRRn8SYzTj7W1TbNY4VvBmobjkRmSkki4hH9x4sQpi635wn6WtXTN/FNNmkTK3N/
 LspmBWxfZS+n+cc7I82E5yvCAPX67QsZgqgglp2W5dvK/FsMMCS6X6SVqzBLMP88
 NenXKxY+HMxMs0sT0UKYh1cAEqadrHRBO65aDBcm5a0sBVYt9K6pgaOHrp/zSIbh
 nR5tFFLjBbtFktDpHL3AdGBH3OYidNGKBO3tJ3Ms7LeKXsM0+0Y4P+9fHZINL2X3
 E2N6GVnKs5PZTg9sP0FtIpAbYm/+zCx7Yj1ET/Er8mDd6tNVGSQsn9s5xUBwGqn1
 4wIDAQAB
 </PublicKey>
 </MetadataFilter>
 <MetadataFilter xsi:type="EntityRoleWhiteList">
 <RetainedRole>md:SPSSODescriptor</RetainedRole>
 </MetadataFilter>
 
 </MetadataProvider>
 
 -->
<!-- Example file metadata provider. Use this if you want to load metadata
 from a local file. You might use this if you have some local SPs
 which are not "federated" but you wish to offer a service to.
 
 If you do not provide a SignatureValidation filter then you *have*
 to know that the file is valid.
<MetadataProvider id="LocalMetadata" xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
-->
<MetadataProvider id="URLMD" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
 metadataURL="http://md.swamid.se/md/swamid-2.0.xml"
 backingFile="/opt/shibboleth-idp/metadata/swamid-2.0.xml">
 <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
 certificateFile="%{idp.home}/credentials/md-signer.crt" />
 <MetadataFilter xsi:type="EntityRoleWhiteList">
 <RetainedRole>md:SPSSODescriptor</RetainedRole>
 </MetadataFilter>
 </MetadataProvider>
<!-- Uncomment if you want to test this IdP with test Shib -->
 <!-- Note: comment back out if you are in production as your IdP should not trust this beyond testing -->
<!--
 <MetadataProvider id="URLMD-TestShib" xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
 metadataURL="http://testshib.org/metadata/testshib-providers.xml"
 backingFile="/opt/shibboleth-idp/metadata/testshib-providers.xml">
 </MetadataProvider>
--> 
</MetadataProvider>
  • No labels