[general] logger=/usr/local/etc/shibboleth/shibboleth.logger schemadir=/usr/local/etc/shibboleth sharsocket=/tmp/shar-socket # SERVER CONFIGURATION # Optional, may also be set per-server (or per-directory in Apache) #normalizeRequest = true #checkIPAddress = false #contentSSLOnly = false #exportAssertion = false # These timeouts apply to session validity at the target for IIS # Apache session control is per-directory with Apache commands #authLifetime = 7200 #authTimeout = 3600 supportContact=target-support@domain.ch logoLocation=/logo.gif # Mandatory wayfURL = https://wayf1.switch.ch/SWITCHaai/WAYF cookieName = shib-cookie shireSSLOnly = false shireError=/usr/local/etc/shibboleth/shireError.html rmError=/usr/local/etc/shibboleth/rmError.html accessError=/usr/local/etc/shibboleth/accessError.html # Mandatory for IIS, set for Apache with SHIREURL command shireURL = /Shibboleth.shire [shire] logger=/usr/local/etc/shibboleth/shire.logger metadata=metadata_shire [shar] logger=/usr/local/etc/shibboleth/shar.logger # If using a TCP-based SHAR, space delimit the allowed client IPs #sharacl = 127.0.0.1 metadata=metadata_shar # Should provide a key-pair and certificate # Can use mod_ssl's server.crt/server.key if you set file permissions certfile=/etc/apache/ssl.crt/serverKey.crt keyfile=/etc/apache/ssl.key/serverKey.pem #keypass= calist=/etc/apache/ssl.crt/ca-bundle.crt # Controls timeouts for AA queries (in seconds) AATimeout=60 AAConnectTimeout=30 # The following shar items are session caching parameters # The default cache now uses a MySQL embedded database cacheType=memory #cacheType=mysql # how often to run the cache cleanup thread (in seconds) cacheClean=300 # These timeouts apply to session caching, irrespesctive of validity # Sessions can be deleted before they expire, so these should usually # be at least as long as session policy itself. cacheTimeout=3600 #mysql-cache-timeout = 14400 # Only needed if the MySQL cache plugin is used. [extensions:saml] #mysql = /opt/shibboleth/libexec/shib-mysql-ccache.so # Arguments for the MySQL embedded database # Make sure the datadir exists. [mysql] #arg1 = --language=/opt/shibboleth/share/english #arg2 = --datadir=/opt/shibboleth/data [metadata_shire] edu.internet2.middleware.shibboleth.metadata.XML=/usr/local/etc/shibboleth/sites.xml edu.internet2.middleware.shibboleth.target.AAP.XML=/usr/local/etc/shibboleth/AAP.xml [metadata_shar] edu.internet2.middleware.shibboleth.metadata.XML=/usr/local/etc/shibboleth/sites.xml edu.internet2.middleware.shibboleth.trust.XML=/usr/local/etc/shibboleth/trust.xml edu.internet2.middleware.shibboleth.target.AAP.XML=/usr/local/etc/shibboleth/AAP.xml [isapi] # When using the ISAPI filter version, map IIS Instance IDs to server names. # #1=my.server.name [policies] # This is a sample policy URI used by the InCommon pilot origins. # You can filter incoming users at a high level by listing the policies to allow. #InQueue=urn:mace:inqueue SWITCHaai=urn:mace:switch.ch:SWITCHaai:pilot # To define per-server or per-vhost settings, create a section # for the server's hostname and set or override configuration. #[my.server.name] #normalizeRequest = true #checkIPAddress = false #contentSSLOnly = false #authLifetime = 7200 #authTimeout = 3600 #exportAssertion = false # For IIS, determine what content to protect by specifying strings # to match against the request path. Separate matches with semicolons. #mustContain = /secure/;/protected/ # list of attributes to request for server "my.server.name" # requests everything if this doesn't exist or is empty #requestAttributes =