79 lines
4.1 KiB
XML
79 lines
4.1 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!-- This file is an EXAMPLE metadata configuration file. -->
|
|
<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
|
|
xmlns="urn:mace:shibboleth:2.0:metadata"
|
|
xmlns:resource="urn:mace:shibboleth:2.0:resource"
|
|
xmlns:security="urn:mace:shibboleth:2.0:security"
|
|
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
|
|
urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
|
|
urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
|
|
urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
|
|
|
|
<!-- ========================================================================================== -->
|
|
<!-- Metadata Configuration -->
|
|
<!-- -->
|
|
<!-- Below you place the mechanisms which define how to load the metadata for SP(s) you will -->
|
|
<!-- provide service to. -->
|
|
<!-- -->
|
|
<!-- Two examples are provided. The Shibboleth Documentation at -->
|
|
<!-- https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration -->
|
|
<!-- provides more details. -->
|
|
<!-- -->
|
|
<!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. -->
|
|
<!-- ========================================================================================== -->
|
|
|
|
<!--
|
|
Example HTTP metadata provider. Use this if you want to download the metadata
|
|
from a remote source.
|
|
|
|
You *MUST* provide the SignatureValidationFilter in order to function securely.
|
|
Get the public key certificate from the party publishing the metadata, and validate
|
|
it with them via some out of band mechanism (e.g., a fingerprint on a secure page).
|
|
|
|
The EntityRoleWhiteList saves memory by only loading metadata from SAML roles
|
|
that the IdP needs to interoperate with.
|
|
-->
|
|
|
|
<!--
|
|
<MetadataProvider id="HTTPMetadata"
|
|
xsi:type="FileBackedHTTPMetadataProvider"
|
|
backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
|
|
metadataURL="http://WHATEVER">
|
|
|
|
<MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
|
|
<MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
|
|
<MetadataFilter xsi:type="EntityRoleWhiteList">
|
|
<RetainedRole>md:SPSSODescriptor</RetainedRole>
|
|
</MetadataFilter>
|
|
</MetadataProvider>
|
|
-->
|
|
|
|
<!--
|
|
Example file metadata provider. Use this if you want to load metadata
|
|
from a local file. You might use this if you have some local SPs
|
|
which are not "federated" but you wish to offer a service to.
|
|
|
|
If you do not provide a SignatureValidation filter, then you have the
|
|
responsibility to ensure that the contents on disk are trustworthy.
|
|
-->
|
|
|
|
<!--
|
|
<MetadataProvider id="LocalMetadata" xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/>
|
|
-->
|
|
|
|
|
|
<!--
|
|
Example CAS metadata source.
|
|
-->
|
|
|
|
<!--
|
|
<MetadataProvider id="CasMetadata"
|
|
xsi:type="FilesystemMetadataProvider"
|
|
metadataFile="PATH_TO_YOUR_METADATA"
|
|
indexesRef="shibboleth.CASMetadataIndices" />
|
|
-->
|
|
|
|
</MetadataProvider>
|