diff --git a/conf/access-control.xml b/conf/access-control.xml
new file mode 100644
index 0000000..a9184e6
--- /dev/null
+++ b/conf/access-control.xml
@@ -0,0 +1,68 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/admin/general-admin.xml b/conf/admin/general-admin.xml
new file mode 100644
index 0000000..9b3b180
--- /dev/null
+++ b/conf/admin/general-admin.xml
@@ -0,0 +1,53 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/admin/metrics.xml b/conf/admin/metrics.xml
new file mode 100644
index 0000000..f9b5c16
--- /dev/null
+++ b/conf/admin/metrics.xml
@@ -0,0 +1,129 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/attribute-filter.xml b/conf/attribute-filter.xml
new file mode 100644
index 0000000..f8c41ba
--- /dev/null
+++ b/conf/attribute-filter.xml
@@ -0,0 +1,45 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/attribute-resolver-full.xml b/conf/attribute-resolver-full.xml
new file mode 100644
index 0000000..4681b64
--- /dev/null
+++ b/conf/attribute-resolver-full.xml
@@ -0,0 +1,292 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/attribute-resolver-ldap.xml b/conf/attribute-resolver-ldap.xml
new file mode 100644
index 0000000..ec79de9
--- /dev/null
+++ b/conf/attribute-resolver-ldap.xml
@@ -0,0 +1,94 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml
new file mode 100644
index 0000000..d752e07
--- /dev/null
+++ b/conf/attribute-resolver.xml
@@ -0,0 +1,86 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ uid
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ member
+
+
+
+
diff --git a/conf/audit.xml b/conf/audit.xml
new file mode 100644
index 0000000..22949fd
--- /dev/null
+++ b/conf/audit.xml
@@ -0,0 +1,32 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+ http://shibboleth.net/ns/profiles/status
+
+
+
diff --git a/conf/authn/authn-comparison.xml b/conf/authn/authn-comparison.xml
new file mode 100644
index 0000000..f167b7a
--- /dev/null
+++ b/conf/authn/authn-comparison.xml
@@ -0,0 +1,77 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
+
+
+
diff --git a/conf/authn/authn-events-flow.xml b/conf/authn/authn-events-flow.xml
new file mode 100644
index 0000000..244e1db
--- /dev/null
+++ b/conf/authn/authn-events-flow.xml
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/authn/duo-authn-config.xml b/conf/authn/duo-authn-config.xml
new file mode 100644
index 0000000..0a48152
--- /dev/null
+++ b/conf/authn/duo-authn-config.xml
@@ -0,0 +1,25 @@
+
+
+
+
+
+
diff --git a/conf/authn/duo.properties b/conf/authn/duo.properties
new file mode 100644
index 0000000..2ca71ee
--- /dev/null
+++ b/conf/authn/duo.properties
@@ -0,0 +1,9 @@
+# Duo integration settings
+
+# Note: If upgrading from pre-3.3 IdP versions, you will need to manually add a pointer
+# to this property file to idp.properties.
+
+idp.duo.apiHost = hostname
+idp.duo.applicationKey = key
+idp.duo.integrationKey = key
+idp.duo.secretKey = key
diff --git a/conf/authn/external-authn-config.xml b/conf/authn/external-authn-config.xml
new file mode 100644
index 0000000..8b3a159
--- /dev/null
+++ b/conf/authn/external-authn-config.xml
@@ -0,0 +1,70 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ UnknownUsername
+
+
+
+
+ InvalidPassword
+
+
+
+
+ ExpiredPassword
+
+
+
+
+ ExpiringPassword
+
+
+
+
+
diff --git a/conf/authn/general-authn.xml b/conf/authn/general-authn.xml
new file mode 100644
index 0000000..ac55bbb
--- /dev/null
+++ b/conf/authn/general-authn.xml
@@ -0,0 +1,156 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 1
+
+
+
+
diff --git a/conf/authn/ipaddress-authn-config.xml b/conf/authn/ipaddress-authn-config.xml
new file mode 100644
index 0000000..a3ee096
--- /dev/null
+++ b/conf/authn/ipaddress-authn-config.xml
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/authn/jaas-authn-config.xml b/conf/authn/jaas-authn-config.xml
new file mode 100644
index 0000000..daef4d2
--- /dev/null
+++ b/conf/authn/jaas-authn-config.xml
@@ -0,0 +1,27 @@
+
+
+
+
+
+
+
+
+
+
+ ShibUserPassAuth
+
+
+
+
+
diff --git a/conf/authn/jaas.config b/conf/authn/jaas.config
new file mode 100644
index 0000000..232e93d
--- /dev/null
+++ b/conf/authn/jaas.config
@@ -0,0 +1,11 @@
+ShibUserPassAuth {
+ /*
+ com.sun.security.auth.module.Krb5LoginModule required;
+ */
+
+ org.ldaptive.jaas.LdapLoginModule required
+ ldapUrl="ldap://localhost:10389"
+ baseDn="ou=people,dc=example,dc=org"
+ userFilter="uid={user}";
+
+};
\ No newline at end of file
diff --git a/conf/authn/krb5-authn-config.xml b/conf/authn/krb5-authn-config.xml
new file mode 100644
index 0000000..d3590a2
--- /dev/null
+++ b/conf/authn/krb5-authn-config.xml
@@ -0,0 +1,31 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/authn/ldap-authn-config.xml b/conf/authn/ldap-authn-config.xml
new file mode 100644
index 0000000..56d1bc7
--- /dev/null
+++ b/conf/authn/ldap-authn-config.xml
@@ -0,0 +1,135 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/authn/mfa-authn-config.xml b/conf/authn/mfa-authn-config.xml
new file mode 100644
index 0000000..6198c29
--- /dev/null
+++ b/conf/authn/mfa-authn-config.xml
@@ -0,0 +1,94 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/authn/password-authn-config.xml b/conf/authn/password-authn-config.xml
new file mode 100644
index 0000000..f27051b
--- /dev/null
+++ b/conf/authn/password-authn-config.xml
@@ -0,0 +1,121 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ NoCredentials
+ CLIENT_NOT_FOUND
+ Client not found
+ DN_RESOLUTION_FAILURE
+
+
+
+
+ InvalidCredentials
+ PREAUTH_FAILED
+ INVALID_CREDENTIALS
+ Checksum failed
+
+
+
+
+ AccountLocked
+ Clients credentials have been revoked
+
+
+
+
+ PASSWORD_EXPIRED
+
+
+
+
+ ACCOUNT_WARNING
+
+
+
+
+
+
+
+
diff --git a/conf/authn/remoteuser-authn-config.xml b/conf/authn/remoteuser-authn-config.xml
new file mode 100644
index 0000000..4b7e722
--- /dev/null
+++ b/conf/authn/remoteuser-authn-config.xml
@@ -0,0 +1,75 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ NoCredentials
+
+
+
+
+ UnknownUsername
+
+
+
+
+ InvalidPassword
+
+
+
+
+ ExpiredPassword
+
+
+
+
+ ExpiringPassword
+
+
+
+
+
diff --git a/conf/authn/remoteuser-internal-authn-config.xml b/conf/authn/remoteuser-internal-authn-config.xml
new file mode 100644
index 0000000..9e68c85
--- /dev/null
+++ b/conf/authn/remoteuser-internal-authn-config.xml
@@ -0,0 +1,63 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/authn/spnego-authn-config.xml b/conf/authn/spnego-authn-config.xml
new file mode 100644
index 0000000..07563b9
--- /dev/null
+++ b/conf/authn/spnego-authn-config.xml
@@ -0,0 +1,74 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ SPNEGONotAvailable
+
+
+
+
+ NTLMUnsupported
+
+
+
+
+
diff --git a/conf/authn/x509-authn-config.xml b/conf/authn/x509-authn-config.xml
new file mode 100644
index 0000000..18b015a
--- /dev/null
+++ b/conf/authn/x509-authn-config.xml
@@ -0,0 +1,44 @@
+
+
+
+
+
+
+
+
+
+
+
+
+ NoCredentials
+ InvalidCredentials
+
+
+
+
+
diff --git a/conf/authn/x509-internal-authn-config.xml b/conf/authn/x509-internal-authn-config.xml
new file mode 100644
index 0000000..bad3029
--- /dev/null
+++ b/conf/authn/x509-internal-authn-config.xml
@@ -0,0 +1,21 @@
+
+
+
+
+
+
diff --git a/conf/c14n/attribute-sourced-subject-c14n-config.xml b/conf/c14n/attribute-sourced-subject-c14n-config.xml
new file mode 100644
index 0000000..938b30f
--- /dev/null
+++ b/conf/c14n/attribute-sourced-subject-c14n-config.xml
@@ -0,0 +1,44 @@
+
+
+
+
+
+ altuid
+
+
+
+
+ altuid
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/c14n/simple-subject-c14n-config.xml b/conf/c14n/simple-subject-c14n-config.xml
new file mode 100644
index 0000000..3cddfa6
--- /dev/null
+++ b/conf/c14n/simple-subject-c14n-config.xml
@@ -0,0 +1,27 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/c14n/subject-c14n-events-flow.xml b/conf/c14n/subject-c14n-events-flow.xml
new file mode 100644
index 0000000..d7458cd
--- /dev/null
+++ b/conf/c14n/subject-c14n-events-flow.xml
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/c14n/subject-c14n.xml b/conf/c14n/subject-c14n.xml
new file mode 100644
index 0000000..16fc6f1
--- /dev/null
+++ b/conf/c14n/subject-c14n.xml
@@ -0,0 +1,109 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/c14n/x500-subject-c14n-config.xml b/conf/c14n/x500-subject-c14n-config.xml
new file mode 100644
index 0000000..1ae25e4
--- /dev/null
+++ b/conf/c14n/x500-subject-c14n-config.xml
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+
+
+
+ 2.5.4.3
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/cas-protocol.xml b/conf/cas-protocol.xml
new file mode 100644
index 0000000..d0b3d55
--- /dev/null
+++ b/conf/cas-protocol.xml
@@ -0,0 +1,84 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/conf/credentials.xml b/conf/credentials.xml
new file mode 100644
index 0000000..7462879
--- /dev/null
+++ b/conf/credentials.xml
@@ -0,0 +1,65 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/conf/intercept/expiring-password-intercept-config.xml b/conf/intercept/expiring-password-intercept-config.xml
new file mode 100644
index 0000000..5447b16
--- /dev/null
+++ b/conf/intercept/expiring-password-intercept-config.xml
@@ -0,0 +1,37 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/intercept/intercept-events-flow.xml b/conf/intercept/intercept-events-flow.xml
new file mode 100644
index 0000000..5cb30d5
--- /dev/null
+++ b/conf/intercept/intercept-events-flow.xml
@@ -0,0 +1,18 @@
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/intercept/profile-intercept.xml b/conf/intercept/profile-intercept.xml
new file mode 100644
index 0000000..4040a10
--- /dev/null
+++ b/conf/intercept/profile-intercept.xml
@@ -0,0 +1,38 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/ldap.properties b/conf/ldap.properties
new file mode 100644
index 0000000..37b270e
--- /dev/null
+++ b/conf/ldap.properties
@@ -0,0 +1,63 @@
+# LDAP authentication configuration, see authn/ldap-authn-config.xml
+# Note, this doesn't apply to the use of JAAS
+
+## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
+#idp.authn.LDAP.authenticator = anonSearchAuthenticator
+
+## Connection properties ##
+idp.authn.LDAP.ldapURL = ldap://localhost:10389
+#idp.authn.LDAP.useStartTLS = true
+#idp.authn.LDAP.useSSL = false
+# Time in milliseconds that connects will block
+#idp.authn.LDAP.connectTimeout = PT3S
+# Time in milliseconds to wait for responses
+#idp.authn.LDAP.responseTimeout = PT3S
+
+## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
+#idp.authn.LDAP.sslConfig = certificateTrust
+## If using certificateTrust above, set to the trusted certificate's path
+idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
+## If using keyStoreTrust above, set to the truststore path
+idp.authn.LDAP.trustStore = %{idp.home}/credentials/ldap-server.truststore
+
+## Return attributes during authentication
+idp.authn.LDAP.returnAttributes = passwordExpirationTime,loginGraceRemaining
+
+## DN resolution properties ##
+
+# Search DN resolution, used by anonSearchAuthenticator, bindSearchAuthenticator
+# for AD: CN=Users,DC=example,DC=org
+idp.authn.LDAP.baseDN = ou=people,dc=example,dc=org
+#idp.authn.LDAP.subtreeSearch = false
+idp.authn.LDAP.userFilter = (uid={user})
+# bind search configuration
+# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
+idp.authn.LDAP.bindDN = uid=myservice,ou=system
+idp.authn.LDAP.bindDNCredential = myServicePassword
+
+# Format DN resolution, used by directAuthenticator, adAuthenticator
+# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
+idp.authn.LDAP.dnFormat = uid=%s,ou=people,dc=example,dc=org
+
+# LDAP attribute configuration, see attribute-resolver.xml
+# Note, this likely won't apply to the use of legacy V2 resolver configurations
+idp.attribute.resolver.LDAP.ldapURL = %{idp.authn.LDAP.ldapURL}
+idp.attribute.resolver.LDAP.connectTimeout = %{idp.authn.LDAP.connectTimeout:PT3S}
+idp.attribute.resolver.LDAP.responseTimeout = %{idp.authn.LDAP.responseTimeout:PT3S}
+idp.attribute.resolver.LDAP.baseDN = %{idp.authn.LDAP.baseDN:undefined}
+idp.attribute.resolver.LDAP.bindDN = %{idp.authn.LDAP.bindDN:undefined}
+idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
+idp.attribute.resolver.LDAP.useStartTLS = %{idp.authn.LDAP.useStartTLS:true}
+idp.attribute.resolver.LDAP.trustCertificates = %{idp.authn.LDAP.trustCertificates:undefined}
+idp.attribute.resolver.LDAP.searchFilter = (uid=$resolutionContext.principal)
+
+# LDAP pool configuration, used for both authn and DN resolution
+#idp.pool.LDAP.minSize = 3
+#idp.pool.LDAP.maxSize = 10
+#idp.pool.LDAP.validateOnCheckout = false
+#idp.pool.LDAP.validatePeriodically = true
+#idp.pool.LDAP.validatePeriod = PT5M
+#idp.pool.LDAP.prunePeriod = PT5M
+#idp.pool.LDAP.idleTime = PT10M
+#idp.pool.LDAP.blockWaitTime = PT3S
+#idp.pool.LDAP.failFastInitialize = false
diff --git a/conf/logback.xml b/conf/logback.xml
new file mode 100644
index 0000000..104ec4c
--- /dev/null
+++ b/conf/logback.xml
@@ -0,0 +1,186 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ${idp.logfiles}/idp-process.log
+
+
+ ${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz
+ ${idp.loghistory:-180}
+
+
+
+ UTF-8
+ %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}
+
+
+
+
+
+
+ VelocityStatusMatcher
+ ResourceManager : unable to find resource 'status.vm' in any resource loader.
+
+ VelocityStatusMatcher.matches(formattedMessage)
+
+ DENY
+
+
+
+
+
+ 0
+
+
+
+
+
+ WARN
+
+
+ ${idp.logfiles}/idp-warn.log
+
+
+ ${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz
+ ${idp.loghistory:-180}
+
+
+
+ UTF-8
+ %date{ISO8601} - %level [%logger:%line] - %msg%n%ex{short}
+
+
+
+
+
+
+ VelocityStatusMatcher
+ ResourceManager : unable to find resource 'status.vm' in any resource loader.
+
+ VelocityStatusMatcher.matches(formattedMessage)
+
+ DENY
+
+
+
+
+
+ ${idp.logfiles}/idp-audit.log
+
+
+ ${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz
+ ${idp.loghistory:-180}
+
+
+
+ UTF-8
+ %msg%n
+
+
+
+
+
+ ${idp.logfiles}/idp-consent-audit.log
+
+
+ ${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz
+ ${idp.loghistory:-180}
+
+
+
+ UTF-8
+ %msg%n
+
+
+
+
+
+ ${idp.fticks.loghost:-localhost}
+ ${idp.fticks.logport:-514}
+ AUTH
+ [%thread] %logger %msg
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml
new file mode 100644
index 0000000..facc296
--- /dev/null
+++ b/conf/metadata-providers.xml
@@ -0,0 +1,67 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/mvc-beans.xml b/conf/mvc-beans.xml
new file mode 100644
index 0000000..98d9bcd
--- /dev/null
+++ b/conf/mvc-beans.xml
@@ -0,0 +1,23 @@
+
+
+
+
+
+
diff --git a/conf/relying-party.xml b/conf/relying-party.xml
new file mode 100644
index 0000000..28c9193
--- /dev/null
+++ b/conf/relying-party.xml
@@ -0,0 +1,70 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/conf/saml-nameid.properties b/conf/saml-nameid.properties
new file mode 100644
index 0000000..8530c4f
--- /dev/null
+++ b/conf/saml-nameid.properties
@@ -0,0 +1,35 @@
+# Properties involving SAML NameIdentifier/NameID generation/consumption
+
+# For the most part these settings only deal with "transient" and "persistent"
+# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced
+# settings
+
+# Comment out to disable legacy NameID generation via Attribute Resolver
+#idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator
+#idp.nameid.saml1.legacyGenerator = shibboleth.LegacySAML1NameIdentifierGenerator
+
+# Default NameID Formats to use when nothing else is called for.
+# Don't change these just to change the Format used for a single SP!
+#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+#idp.nameid.saml1.default = urn:mace:shibboleth:1.0:nameIdentifier
+
+# Set to shibboleth.StoredTransientIdGenerator for server-side transient ID storage
+#idp.transientId.generator = shibboleth.CryptoTransientIdGenerator
+
+# Persistent IDs can be computed on the fly with a hash, or managed in a database
+
+# For computed IDs, set a source attribute and a secret salt:
+#idp.persistentId.sourceAttribute = changethistosomethingreal
+#idp.persistentId.useUnfilteredAttributes = true
+# Do *NOT* share the salt with other people, it's like divulging your private key.
+#idp.persistentId.algorithm = SHA
+#idp.persistentId.salt = changethistosomethingrandom
+
+# To use a database, use shibboleth.StoredPersistentIdGenerator
+#idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator
+# For basic use, set this to a JDBC DataSource bean name:
+#idp.persistentId.dataSource = PersistentIdDataSource
+# For advanced use, set to a bean inherited from shibboleth.JDBCPersistentIdStore
+#idp.persistentId.store = MyPersistentIdStore
+# Set to an empty property to skip hash-based generation of first stored ID
+#idp.persistentId.computed = shibboleth.ComputedPersistentIdGenerator
diff --git a/conf/saml-nameid.xml b/conf/saml-nameid.xml
new file mode 100644
index 0000000..ea97448
--- /dev/null
+++ b/conf/saml-nameid.xml
@@ -0,0 +1,62 @@
+
+
+
+
+
+
+
+
+
+
+