shibboleth-dev - RE: beta idp examples?
Subject: Shibboleth Developers
List archive
- From: <>
- To: <>
- Subject: RE: beta idp examples?
- Date: Fri, 21 Sep 2007 13:08:45 -0400
This new config file does seem to be the primary configuration file now.
I'll post what I have, but I have stuck with some really simple
configuration (avoided outsourcing metadata and just stuck it inline,
since I'm just trying to get it working with a single SP at the moment):
Here is the Relying Party sections:
-----
<!-- ========================================== -->
<!-- Relying Party Configurations -->
<!-- ========================================== -->
<AnonymousRelyingParty
provider="https://rhelidp.ref.gfipm.net/shibboleth"; />
<DefaultRelyingParty
provider="https://rhelidp.ref.gfipm.net/shibboleth"; />
<RelyingParty id="global:gfipm:ref"
provider="https://rhelidp.ref.gfipm.net/shibboleth";
defaultSigningCredentialRef="GFIPMCreds">
<!-- <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile"
/>
<ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"
/>
<ProfileConfiguration
xsi:type="saml:SAML1ArtifactResolutionProfile" /> -->
<ProfileConfiguration xsi:type="saml:SAML2SSOProfile" />
<ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile"
/>
<ProfileConfiguration
xsi:type="saml:SAML2ArtifactResolutionProfile" />
</RelyingParty>
-----
The "provider=" is always filled in with my IDP's federation provider
id. The "id=" in the RelyingParty field matches the EntitiesDescriptor
from my metadata. And the "defaultSigningCredentialRef=" matches the
credentials I define later in the file.
The metadata is Inline, but it's standard stuff. EntitiesDescriptor
wrapper with two entitydescriptor elements inside (1 for the IDP and 1
for the SP).
At the bottom of the file is the credential section which looks like:
------
<Credential xsi:type="X509Filesystem"
xmlns="urn:mace:shibboleth:2.0:security"
id="GFIPMCreds">
<KeyName>rhelidp.ref.gfipm.net</KeyName>
<PrivateKey>/etc/httpd/keys/rhelidp.key</PrivateKey>
<Certificate>/etc/httpd/keys/rhelidp.crt</Certificate>
</Credential>
-----------
This all seems to work fine.
-----Original Message-----
From: Jim Fox
[mailto:]
Sent: Friday, September 21, 2007 12:17 PM
To:
Subject: beta idp examples?
Could someone post some examples of relying-party.xml for the beta idp?
The idp's config is a lot different than that of 1.3. It would help to
see how they are supposed to be organized.
Jim
- beta idp examples?, Jim Fox, 09/21/2007
- RE: beta idp examples?, Jeff.Krug, 09/21/2007
- Re: beta idp examples?, Chad La Joie, 09/21/2007
- Re: beta idp examples?, Chad La Joie, 09/21/2007
- Re: beta idp examples?, Chad La Joie, 09/21/2007
- Re: beta idp examples?, Jim Fox, 09/21/2007
- Re: beta idp examples?, Chad La Joie, 09/21/2007
- Re: beta idp examples?, Jim Fox, 09/21/2007
- Re: beta idp examples?, Chad La Joie, 09/21/2007
- Re: beta idp examples?, Chad La Joie, 09/21/2007
Archive powered by MHonArc 2.6.16.