Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
grouper/test-compose/idp/shibboleth-idp/conf/metadata-providers.xml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
80 lines (63 sloc)
4.52 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?xml version="1.0" encoding="UTF-8"?> | |
<!-- This file is an EXAMPLE metadata configuration file. --> | |
<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider" | |
xmlns="urn:mace:shibboleth:2.0:metadata" | |
xmlns:resource="urn:mace:shibboleth:2.0:resource" | |
xmlns:security="urn:mace:shibboleth:2.0:security" | |
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" | |
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd | |
urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd | |
urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd | |
urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd"> | |
<!-- ========================================================================================== --> | |
<!-- Metadata Configuration --> | |
<!-- --> | |
<!-- Below you place the mechanisms which define how to load the metadata for the SP you will --> | |
<!-- provide a service to. --> | |
<!-- --> | |
<!-- Two examples are provided. The Shibboleth Documentation at --> | |
<!-- https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration --> | |
<!-- provides more details. --> | |
<!-- --> | |
<!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. --> | |
<!-- --> | |
<!-- ========================================================================================== --> | |
<MetadataProvider id="GrouperSP" xsi:type="FilesystemMetadataProvider" metadataFile="%{idp.home}/metadata/grouper-sp.xml"/> | |
<!-- Example HTTP metadata provider. Use this if you want to download | |
the metadata from a remote service. | |
You *MUST* provider the SignatureValidationFilter in order to function securely. | |
Get the PubLic key, and validate it via some out of band mechanism, from the | |
party publishing the metadata | |
The EntityRoleWhiteList saves memory by only loading metadata from entity types | |
that you will interoperate with. | |
<MetadataProvider id="HTTPMetadata" | |
xsi:type="FileBackedHTTPMetadataProvider" | |
backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml" | |
metadataURL="http://WHATEVER"> | |
<MetadataFilter xsi:type="SignatureValidation" | |
requireSignedMetadata="false"> | |
<PublicKey> | |
THIS IS AN EXAMPLE | |
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxg0TyQAP/tIvOH89EtaX | |
uRRn8SYzTj7W1TbNY4VvBmobjkRmSkki4hH9x4sQpi635wn6WtXTN/FNNmkTK3N/ | |
LspmBWxfZS+n+cc7I82E5yvCAPX67QsZgqgglp2W5dvK/FsMMCS6X6SVqzBLMP88 | |
NenXKxY+HMxMs0sT0UKYh1cAEqadrHRBO65aDBcm5a0sBVYt9K6pgaOHrp/zSIbh | |
nR5tFFLjBbtFktDpHL3AdGBH3OYidNGKBO3tJ3Ms7LeKXsM0+0Y4P+9fHZINL2X3 | |
E2N6GVnKs5PZTg9sP0FtIpAbYm/+zCx7Yj1ET/Er8mDd6tNVGSQsn9s5xUBwGqn1 | |
4wIDAQAB | |
</PublicKey> | |
</MetadataFilter> | |
<MetadataFilter xsi:type="EntityRoleWhiteList"> | |
<RetainedRole>md:SPSSODescriptor</RetainedRole> | |
</MetadataFilter> | |
</MetadataProvider> | |
--> | |
<!-- Example file metadata provider. Use this if you want to load metadata | |
from a local file. You might use this if you have some local SPs | |
which are not "federated" but you wish to offer a service to. | |
If you do not provide a SignatureValidation filter then you *have* | |
to know that the file is valid. | |
<MetadataProvider id="LocalMetadata" xsi:type="FilesystemMetadataProvider" metadataFile="PATH_TO_YOUR_METADATA"/> | |
--> | |
</MetadataProvider> |