Synced swamid-IIS-shibboleth2.xml and swamid-apache-shibboleth2.xml + added sign+enc certs to swamid-apache-shibboleth2.xmlconf-2024-05-29-v01

author: Björn Mattsson <bjorn@sunet.se> 2024-05-29 10:37:58 +0200
committer: Björn Mattsson <bjorn@sunet.se> 2024-05-29 10:37:58 +0200
commit: 02e3a5f290598de3163ac7e34c3d1e356952aa93 (patch)
tree: 5f7e4b2f9e9a123a3d3d29d99ad99568b9c15e19
parent: 7174fdf79c0a2a8921fb341b92ede25c55754f16 (diff)
2 files changed, 53 insertions, 48 deletions
diff --git a/Shibboleth-SP/v3/swamid-IIS-shibboleth2.xml b/Shibboleth-SP/v3/swamid-IIS-shibboleth2.xml
index eb8d7ea..021c85c 100644
--- a/Shibboleth-SP/v3/swamid-IIS-shibboleth2.xml
+++ b/Shibboleth-SP/v3/swamid-IIS-shibboleth2.xml
@@ -1,16 +1,16 @@
 <SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"
     xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config"
     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"   
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
     clockSkew="180">
- 
+
     <InProcess logger="native.logger">
         <ISAPI normalizeRequest="true" safeHeaderNames="true">
             <Site id="1" name="swamidsp.example.org" scheme="https" port="443"/>
         </ISAPI>
     </InProcess>
- 
+
     <RequestMapper type="Native">
         <RequestMap>
             <Host name="swamidsp.example.org">
@@ -18,76 +18,75 @@
             </Host>
         </RequestMap>
     </RequestMapper>
- 
+
     <ApplicationDefaults entityID="https://swamidsp.example.org/shibboleth"
                          REMOTE_USER="subject-id eppn pairwise-id persistent-id"
                          metadataAttributePrefix="Meta-">
+
         <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
                   redirectLimit="exact"
                   checkAddress="false" handlerSSL="true" cookieProps="http" sameSiteFallback="true">
- 
+
             <Logout>SAML2 Local</Logout>
- 
+
             <SessionInitiator type="Chaining" Location="/DS/Login" id="swamid-ds-default" relayState="cookie">
-               <SessionInitiator type="SAML2" acsIndex="1" acsByIndex="false" template="bindingTemplate.html"/>
+                <SessionInitiator type="SAML2" acsIndex="1" acsByIndex="false" template="bindingTemplate.html"/>
                 <SessionInitiator type="Shib1" acsIndex="5"/>
                 <SessionInitiator type="SAMLDS" URL="https://service.seamlessaccess.org/ds/"/>
             </SessionInitiator>
- 
+
             <md:AssertionConsumerService Location="/SAML2/POST" index="1"
                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                 conf:ignoreNoPassive="true"/>
- 
+
             <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
             <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
- 
             <Handler type="Session" Location="/Session" showAttributeValues="false"/>
- 
             <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
- 
-             
+
             <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
+
         </Sessions>
- 
+
         <Errors supportContact="webmaster@example.org"
             helpLocation="/about.html"
             styleSheet="/shibboleth-sp/main.css"/>
- 
+
         <MetadataProvider type="MDQ" id="mdq.swamid.se" ignoreTransport="true" cacheDirectory="mdq.swamid.se"
                     baseUrl="https://mds.swamid.se/">
             <MetadataFilter type="Signature" certificate="md-signer2.crt"/>
             <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
         </MetadataProvider>
- 
+
         <!-- "Old" way -->
         <!--
-          <MetadataProvider
+        <MetadataProvider
                 type="XML"
                 url="https://mds.swamid.se/md/swamid-idp-transitive.xml"
                 backingFilePath="swamid-idp-transitive.xml" reloadInterval="14400">
             <MetadataFilter type="Signature" certificate="md-signer2.crt" verifyBackup="false" />
         </MetadataProvider>
         -->
- 
-        <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>         
- 
+
+        <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
+
         <AttributeExtractor type="Metadata" errorURL="errorURL" DisplayName="displayName" registrationAuthority="registrationAuthority"/>
-	<!-- more attributes please check https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334447/MetadataAttributeExtractor -->
- 
+        <!-- more attributes please check https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334447/MetadataAttributeExtractor -->
+
         <AttributeResolver type="Query" subjectMatch="true"/>
- 
+
         <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
- 
+
         <CredentialResolver type="File" use="signing"
             key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
         <CredentialResolver type="File" use="encryption"
             key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>
- 
+
     </ApplicationDefaults>
- 
+
     <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
- 
+
     <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
- 
+
 </SPConfig>
diff --git a/Shibboleth-SP/v3/swamid-apache-shibboleth2.xml b/Shibboleth-SP/v3/swamid-apache-shibboleth2.xml
index d5e755d..f37038b 100644
--- a/Shibboleth-SP/v3/swamid-apache-shibboleth2.xml
+++ b/Shibboleth-SP/v3/swamid-apache-shibboleth2.xml
@@ -1,49 +1,50 @@
 <SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"
     xmlns:conf="urn:mace:shibboleth:3.0:native:sp:config"
     xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
-    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"   
+    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
     xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
     clockSkew="180">
+
     <ApplicationDefaults entityID="https://swamidsp.example.org/shibboleth"
                          REMOTE_USER="subject-id eppn pairwise-id persistent-id"
                          metadataAttributePrefix="Meta-">
- 
+
         <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"
                   redirectLimit="exact"
                   checkAddress="false" handlerSSL="true" cookieProps="http" sameSiteFallback="true">
- 
+
             <Logout>SAML2 Local</Logout>
- 
+
             <SessionInitiator type="Chaining" Location="/DS/Login" id="swamid-ds-default" relayState="cookie">
                 <SessionInitiator type="SAML2" acsIndex="1" acsByIndex="false" template="bindingTemplate.html"/>
                 <SessionInitiator type="Shib1" acsIndex="5"/>
                 <SessionInitiator type="SAMLDS" URL="https://service.seamlessaccess.org/ds/"/>
             </SessionInitiator>
- 
+
             <md:AssertionConsumerService Location="/SAML2/POST" index="1"
                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                 conf:ignoreNoPassive="true"/>
- 
+
             <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
             <Handler type="Status" Location="/Status" acl="127.0.0.1 ::1"/>
             <Handler type="Session" Location="/Session" showAttributeValues="false"/>
             <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
- 
+
             <md:ArtifactResolutionService Location="/Artifact/SOAP" index="1"
                 Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"/>
- 
+
         </Sessions>
- 
+
         <Errors supportContact="webmaster@example.org"
             helpLocation="/about.html"
             styleSheet="/shibboleth-sp/main.css"/>
- 
+
         <MetadataProvider type="MDQ" id="mdq.swamid.se" ignoreTransport="true" cacheDirectory="mdq.swamid.se"
                     baseUrl="https://mds.swamid.se/">
             <MetadataFilter type="Signature" certificate="md-signer2.crt"/>
             <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
         </MetadataProvider>
- 
+
         <!-- "Old" way -->
         <!--
         <MetadataProvider
@@ -53,20 +54,25 @@
             <MetadataFilter type="Signature" certificate="md-signer2.crt" verifyBackup="false" />
         </MetadataProvider>
         -->
- 
+
         <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
- 
+
         <AttributeExtractor type="Metadata" errorURL="errorURL" DisplayName="displayName" registrationAuthority="registrationAuthority"/>
-	<!-- more attributes please check https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334447/MetadataAttributeExtractor -->
- 
+        <!-- more attributes please check https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065334447/MetadataAttributeExtractor -->
+
         <AttributeResolver type="Query" subjectMatch="true"/>
- 
+
         <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
- 
-        <CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
+
+        <CredentialResolver type="File" use="signing"
+            key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>
+        <CredentialResolver type="File" use="encryption"
+            key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>
+
     </ApplicationDefaults>
+
     <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
- 
+
     <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
- 
+
 </SPConfig>
author	Björn Mattsson <bjorn@sunet.se>	2024-05-29 10:37:58 +0200
committer	Björn Mattsson <bjorn@sunet.se>	2024-05-29 10:37:58 +0200
commit	02e3a5f290598de3163ac7e34c3d1e356952aa93 (patch)
tree	5f7e4b2f9e9a123a3d3d29d99ad99568b9c15e19
parent	7174fdf79c0a2a8921fb341b92ede25c55754f16 (diff)