Page History
...
/etc/shibboleth/shibboleth2.xml
--------------------------- make it generic! ----------------------------------
...
entityID: the ID of our Service Provider (SP)
...
<Handler type="Session" Location="/Session" showAttributeValues="true"
contentType="application/json"
/>
The idP's metadata is stored in a file call idp-metadata.xml
<MetadataProvider type="XML" validate="true" path="idp-metadata.xml"/>
The attribute-map.xml file will specify which attributes are extracted from the idP's response and the name of the request headers they will be available as (to the java code).
<AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
<!-- Use a SAML query if no attributes are supplied during SSO. -->
<AttributeResolver type="Query" subjectMatch="true"/><!-- Default filtering policy for recognized attributes, lets other data pass. -->
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/><!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File" key="/etc/shibboleth/sp-key.pem" certificate="/etc/shibboleth/sp-cert.pem"/></ApplicationDefaults>
<!-- Policies that determine how to process and authenticate runtime messages. -->
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/><!-- Low-level configuration about protocols and bindings available for use. -->
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/></SPConfig>
Our Shibboleth configuration has been pared down to the essential ( ? ). If needed, for instance if we want to add functionality to our Shibboleth installation, refer to shibboleth2.xml.dist
...