################################################################################### # # Handle Service Configuration # ################################################################################### ##### General Configuration ##### # [Required] Name of this Handle Service (usually a dns name) edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer = origin-server.domain.ch # [Required] The name of this origin site (a URI) edu.internet2.middleware.shibboleth.hs.HandleServlet.siteName = urn:mace:switch.ch:SWITCHaai:pilot:domain.ch # [Required] URL at which the corresponding Attribute Authority can be reached edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl = https://origin-server.domain.ch/shibboleth/AA # [Optional] HTTP Request Header to get principal name from (defaults to REMOTE_USER) edu.internet2.middleware.shibboleth.hs.HandleServlet.username = REMOTE_USER # [Optional] URI identifying the authentication mechanism that is used by the HS edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod = urn:oasis:names:tc:SAML:1.0:am:password ##### Assertion Signing ##### # [Required] Location of a Java keystore containing an X509 certificate # and matching key. Used to sign assertions made by this HS edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePath = file:///etc/opt/jakarta-tomcat-4.1.24-LE-jdk14/shibboleth/keystore.jks # [Required] Password for the keystore edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePassword = StorePassword # [Required] Keystore alias for the private key edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyAlias = domain.ch # [Required] Password for the private key edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyPassword = KeyPassword # [Optional] Keystore alias for the X509 certificate (Defaults to the private key alias) edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias = domain.ch ################################################################################### # # Attribute Authority Configuration # ################################################################################### ##### General Configuration ##### # [Required] Name of this Attribute Authority (usually a dns name) edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName = origin-server.domain.ch # [Optional] Set to true if the Attribute Authority should pass internal error messages to # the SHAR (for debugging purposes) (defaults to false) edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors = false ##### Attribute Resolution ##### # [Optional] Attribute Resolver configuration (Defaults to /conf/resolver.xml) edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig = file:///etc/opt/jakarta-tomcat-4.1.24-LE-jdk14/shibboleth/resolver.xml ##### Attribute Release Policies ##### # [Required] Arp Repository Implementation edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation = edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository ### Parameters for edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository ### # [Required if active] Path from which Policies can be loaded edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository.Path = file:///etc/opt/jakarta-tomcat-4.1.24-LE-jdk14/shibboleth/arps/ # [Optional] Time in seconds for which Release Policies should be cached # (Defaults to 0 or "no caching") edu.internet2.middleware.shibboleth.aa.arp.BaseArpRepository.ArpTTL = 300 ################################################################################### # # Shared Configuration # ################################################################################### ##### Attribute Query Handle Repository ##### # [Optional] Specifes an implementation to be used for the HS and AA to share AQHs (Defaults to Memory provider) edu.internet2.middleware.shibboleth.hs.HandleRepository.implementation = edu.internet2.middleware.shibboleth.hs.provider.MemoryHandleRepository #edu.internet2.middleware.shibboleth.hs.HandleRepository.implementation = edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository ### Parameters for edu.internet2.middleware.shibboleth.hs.provider.MemoryHandleRepository ### # [Optional] Time in seconds for which issued AQHs are valid (Defaults to 1800 or 30 minutes) edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL = 1000 ### Parameters for edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository ### # [Required if active] Location of a Java keystore containing a Triple DES secret key. # Used to encrypt the principal's identifiers #edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStorePath = /conf/handle.jks # [Required if active] Password for the keystore #edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStorePassword = shibhs # [Required if active] Keystore alias for the secret key #edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStoreKeyAlias = handleKey # [Required if active] Password for the private key #edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStoreKeyPassword = shibhs # [Optional] Time in seconds for which issued AQHs are valid (Defaults to 1800 or 30 minutes) #edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL = 1000 ##### Federation Configuration ##### #[Optional] URI corresponding to the federation this origin operates under (defaults to the InQueue policy) edu.internet2.middleware.shibboleth.audiences = urn:mace:switch.ch:SWITCHaai:pilot