Page History
...
<SSO entityID="http://sso.med.harvard.edu/adfs/services/trust">
SAML2
</SSO>
<!-- SAML and local-only logout. -->
<!-- </Sessions>
<Logout>SAML2 Local</Logout><!-->
Allows overriding of error template <Logout>Local</Logout>information/filenames. You can
also add attributes with <!-- Extension service that generates "approximate" metadata based on SP configuration.values that can be plugged into the templates.
-->
<HandlerErrors typesupportContact="MetadataGenerator" Location="/Metadata" signing="false"/>admin@shrine-docker"
<!-- Status reporting service. -->
helpLocation="/about.html"
<!-- <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>--styleSheet="/shibboleth-sp/main.css"/>
<!-- Example of remotely <Handler type="Status" Location="/Status"/>
supplied batch of signed metadata. -->
<!-- Session diagnostic service. -->
<Handler<MetadataProvider type="SessionXML" Locationvalidate="/Session" showAttributeValues="true"
url="http://federation.org/federation-metadata.xml"
contentType="application/json"
/backingFilePath="federation-metadata.xml" reloadInterval="7200">
</Sessions>
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
<!--
Allows overriding of error template information/filenames. You can<MetadataFilter type="Signature" certificate="fedsigner.pem"/>
also add attributes with values that can be plugged into the templates.<DiscoveryFilter type="Blacklist" matcher="EntityAttributes" trimTags="true"
-->
<Errors supportContact="admin@shrine-dockerattributeName="http://macedir.org/entity-category"
helpLocation="/about.htmlattributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
styleSheetattributeValue="http:/shibboleth-sp/main.css"/>
refeds.org/category/hide-from-discovery" />
<!/MetadataProvider>
-->
Example of remotely supplied batch<!-- Example of locally signedmaintained metadata. -->
<!--
<MetadataProvider type="XML" validate="true" path="partner-metadata.xml"/>
-->
url="http://federation.org/federation <MetadataProvider type="XML" validate="true" path="idp-metadata.xml"/>
<!-- Map to extract attributes from backingFilePath="federation-metadata.xml" reloadInterval="7200"SAML assertions. -->
<MetadataFilter <AttributeExtractor type="RequireValidUntilXML" validate="true" reloadChanges="false" maxValidityIntervalpath="2419200attribute-map.xml"/>
<!-- Use a SAML query if <MetadataFilter type="Signature" certificate="fedsigner.pem"/>
no attributes are supplied during SSO. -->
<DiscoveryFilter<AttributeResolver type="BlacklistQuery" matcher="EntityAttributes" trimTagssubjectMatch="true"/>
<!-- Default filtering policy for recognized attributeName="http://macedir.org/entity-category"
attributes, lets other data pass. -->
<AttributeFilter type="XML" attributeNameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"validate="true" path="attribute-policy.xml"/>
<!-- Simple file-based resolver for using a attributeValue="http://refeds.org/category/hide-from-discovery" /single keypair. -->
</MetadataProvider>
--CredentialResolver type="File" key="/etc/shibboleth/sp-key.pem" certificate="/etc/shibboleth/sp-cert.pem"/>
</ApplicationDefaults>
<!-- ExamplePolicies ofthat locallydetermine maintainedhow metadata. -->
<!--to process and authenticate runtime messages. -->
<MetadataProvider<SecurityPolicyProvider type="XML" validate="true" path="partnersecurity-metadatapolicy.xml"/>
<!-- Low-level configuration about protocols and bindings available for use. -->
<MetadataProviderProtocolProvider type="XML" validate="true" reloadChanges="false" path="idp-metadataprotocols.xml"/>
<!-- Map to extract attributes from SAML assertions. -->
<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
<!-- Use a SAML query if no attributes are supplied during SSO. -->
<AttributeResolver type="Query" subjectMatch="true"/>
<!-- Default filtering policy for recognized attributes, lets other data pass. -->
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File" key="/etc/shibboleth/sp-key.pem" certificate="/etc/shibboleth/sp-cert.pem"/>
</ApplicationDefaults>
<!-- Policies that determine how to process and authenticate runtime messages. -->
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
<!-- Low-level configuration about protocols and bindings available for use. -->
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
</SPConfig>
------------------------------------------------
</SPConfig>
------------------------------------------------
When logging out, only log out of the local Shibboleth session.
<!-- SAML and local-only logout. -->
<!-- <Logout>SAML2 Local</Logout>-->
<Logout>Local</Logout>
Setting the status-reporting-service to "/Shibboleth.sso/Status"
<Handler type="Status" Location="/Status"/>
Setting the session diagnostic service to "/Shibboleth.sso/Session"
<Handler type="Session" Location="/Session" showAttributeValues="true"
contentType="application/json"
/>
</Sessions>
Configure error page and support email
<Error
ssupportContact="admin@shrine-docker"
helpLocation="/about.html"styleSheet="/shibboleth-sp/main.css"/>
Our Shibboleth configuration has been pared down to the essential ( ? ). If needed, for instance if we want to add functionality to our Shibboleth installation, refer to shibboleth2.xml.dist
...
Overview
Content Tools