1e0a968493
Devstack, alongside samltest, will now setup keystone as an idp. bp devstack-plugin Change-Id: I55b4e727404d910aa9b5a07b49b783799bc5f098
77 lines
3.7 KiB
XML
77 lines
3.7 KiB
XML
<!--
|
|
This is an example shibboleth2.xml generated for you by TestShib. It's reduced and recommended
|
|
specifically for testing. You don't need to change anything, but you may want to explore the file
|
|
to learn about how your SP works. Uncomment attributes in your attribute-map.xml file to test them.
|
|
|
|
If you want to test advanced functionality, start from the distribution shibboleth2.xml and add the
|
|
MetadataProvider, the right entityID, and a properly configured SSO element. More information:
|
|
|
|
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPConfiguration
|
|
-->
|
|
|
|
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
|
|
clockSkew="1800">
|
|
|
|
<!-- The entityID is the name TestShib made for your SP. -->
|
|
<ApplicationDefaults entityID="http://%HOST_IP%/shibboleth">
|
|
|
|
<!-- You should use secure cookies if at all possible. See cookieProps in this Wiki article. -->
|
|
<!-- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions -->
|
|
<Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false">
|
|
|
|
<!-- Without a Discovery Protocol this really only supports ECP. -->
|
|
<SSO ECP="true">
|
|
SAML2 SAML1
|
|
</SSO>
|
|
|
|
<!-- SAML and local-only logout. -->
|
|
<!-- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPServiceLogout -->
|
|
<Logout>SAML2 Local</Logout>
|
|
|
|
<!--
|
|
Handlers allow you to interact with the SP and gather more information. Try them out!
|
|
Attribute values received by the SP through SAML will be visible at:
|
|
http://http@-HOSTNAME-@72@-HOSTNAME-@57@-HOSTNAME-@57128.31.25.69@-HOSTNAME-@725000/Shibboleth.sso/Session
|
|
-->
|
|
|
|
<!-- Extension service that generates "approximate" metadata based on SP configuration. -->
|
|
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
|
|
|
|
<!-- Status reporting service. -->
|
|
<Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
|
|
|
|
<!-- Session diagnostic service. -->
|
|
<Handler type="Session" Location="/Session" showAttributeValues="true"/>
|
|
|
|
<!-- JSON feed of discovery information. -->
|
|
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
|
|
|
|
</Sessions>
|
|
|
|
<!-- Error pages to display to yourself if something goes horribly wrong. -->
|
|
<Errors supportContact="root@localhost" logoLocation="/shibboleth-sp/logo.jpg"
|
|
styleSheet="/shibboleth-sp/main.css"/>
|
|
|
|
<!-- Loads and trusts a metadata files that describe the IdPs and how to communicate with them. -->
|
|
<MetadataProvider type="XML" uri="%IDP_METADATA_URL%" />
|
|
<MetadataProvider type="XML" uri="%KEYSTONE_METADATA_URL%" />
|
|
|
|
<!-- Attribute and trust options you shouldn't need to change. -->
|
|
<AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/>
|
|
<AttributeResolver type="Query" subjectMatch="true"/>
|
|
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
|
|
|
|
<!-- Your SP generated these credentials. They're used to talk to IdP's. -->
|
|
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
|
|
|
|
</ApplicationDefaults>
|
|
|
|
<!-- Security policies you shouldn't change unless you know what you're doing. -->
|
|
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
|
|
|
|
<!-- Low-level configuration about protocols and bindings available for use. -->
|
|
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
|
|
|
|
</SPConfig>
|
|
|