###################################################################################
#
# Handle Service Configuration
#
###################################################################################

##### General Configuration #####

 # [Required] Name of this Handle Service (usually a dns name)
edu.internet2.middleware.shibboleth.hs.HandleServlet.issuer = origin-server.domain.ch

 # [Required] The name of this origin site (a URI)
edu.internet2.middleware.shibboleth.hs.HandleServlet.siteName = urn:mace:switch.ch:SWITCHaai:pilot:domain.ch

 # [Required] URL at which the corresponding Attribute Authority can be reached
edu.internet2.middleware.shibboleth.hs.HandleServlet.AAUrl = https://origin-server.domain.ch/shibboleth/AA

 # [Optional] HTTP Request Header to get principal name from (defaults to REMOTE_USER)
edu.internet2.middleware.shibboleth.hs.HandleServlet.username = REMOTE_USER
 
 # [Optional] URI identifying the authentication mechanism that is used by the HS
edu.internet2.middleware.shibboleth.hs.HandleServlet.authMethod = urn:oasis:names:tc:SAML:1.0:am:password

##### Assertion Signing #####

 # [Required] Location of a Java keystore containing an X509 certificate
 # and matching key.  Used to sign assertions made by this HS
edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePath = file:///etc/opt/jakarta-tomcat-4.1.24-LE-jdk14/shibboleth/keystore.jks

 # [Required] Password for the keystore
edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStorePassword = StorePassword

 # [Required] Keystore alias for the private key
edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyAlias = domain.ch

 # [Required] Password for the private key
edu.internet2.middleware.shibboleth.hs.HandleServlet.keyStoreKeyPassword = KeyPassword

 # [Optional] Keystore alias for the X509 certificate (Defaults to the private key alias)
edu.internet2.middleware.shibboleth.hs.HandleServlet.certAlias = domain.ch


###################################################################################
#
# Attribute Authority Configuration
#
###################################################################################

##### General Configuration #####

 # [Required] Name of this Attribute Authority (usually a dns name)
edu.internet2.middleware.shibboleth.aa.AAServlet.authorityName = origin-server.domain.ch
 
 # [Optional] Set to true if the Attribute Authority should pass internal error messages to 
 # the SHAR (for debugging purposes) (defaults to false)
edu.internet2.middleware.shibboleth.aa.AAServlet.passThruErrors = false

##### Attribute Resolution #####

 # [Optional] Attribute Resolver configuration (Defaults to /conf/resolver.xml)
edu.internet2.middleware.shibboleth.aa.attrresolv.AttributeResolver.ResolverConfig = file:///etc/opt/jakarta-tomcat-4.1.24-LE-jdk14/shibboleth/resolver.xml

##### Attribute Release Policies #####

 # [Required] Arp Repository Implementation
edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation = edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository

   ### Parameters for edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository ###
	
   # [Required if active] Path from which Policies can be loaded
edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository.Path = file:///etc/opt/jakarta-tomcat-4.1.24-LE-jdk14/shibboleth/arps/
	
   # [Optional] Time in seconds for which Release Policies should be cached
   # (Defaults to 0 or "no caching")
edu.internet2.middleware.shibboleth.aa.arp.BaseArpRepository.ArpTTL = 300


###################################################################################
#
# Shared Configuration
#
###################################################################################

##### Attribute Query Handle Repository #####

 # [Optional] Specifes an implementation to be used for the HS and AA to share AQHs (Defaults to Memory provider)
edu.internet2.middleware.shibboleth.hs.HandleRepository.implementation = edu.internet2.middleware.shibboleth.hs.provider.MemoryHandleRepository
 #edu.internet2.middleware.shibboleth.hs.HandleRepository.implementation = edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository

   ### Parameters for edu.internet2.middleware.shibboleth.hs.provider.MemoryHandleRepository ###

   # [Optional] Time in seconds for which issued AQHs are valid (Defaults to 1800 or 30 minutes)
edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL = 1000

   ### Parameters for edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository ###
	
   # [Required if active] Location of a Java keystore containing a Triple DES secret key.  
   # Used to encrypt the principal's identifiers
   #edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStorePath = /conf/handle.jks

   # [Required if active] Password for the keystore
   #edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStorePassword = shibhs

   # [Required if active] Keystore alias for the secret key
   #edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStoreKeyAlias = handleKey

   # [Required if active] Password for the private key
   #edu.internet2.middleware.shibboleth.hs.provider.CryptoHandleRepository.keyStoreKeyPassword = shibhs

   # [Optional] Time in seconds for which issued AQHs are valid (Defaults to 1800 or 30 minutes)
   #edu.internet2.middleware.shibboleth.hs.BaseHandleRepository.handleTTL = 1000

##### Federation Configuration #####

 #[Optional] URI corresponding to the federation this origin operates under (defaults to the InQueue policy)
edu.internet2.middleware.shibboleth.audiences = urn:mace:switch.ch:SWITCHaai:pilot