69 lines
3.2 KiB
XML
69 lines
3.2 KiB
XML
|
<?xml version="1.0"?>
|
||
|
|
<SourceID-SSO>
|
||
|
|
<!-- See SourceID-SSO documentation for more detailed documentation for these options -->
|
||
|
|
|
||
|
|
<!--
|
||
|
|
The unique ProviderID of this installation. The value here should appear in other sites'
|
||
|
|
<SPDescriptor> or <IDPDescriptor> elements describing this site.
|
||
|
|
-->
|
||
|
|
<provider-id>Venice-SSO-SP</provider-id>
|
||
|
|
|
||
|
|
<!--
|
||
|
|
The role of this site with respect to the Liberty Protocol; valid values are "sp" and "idp".
|
||
|
|
-->
|
||
|
|
<provider-role>sp</provider-role>
|
||
|
|
<provider-directory>/WEB-INF/sourceid-sso-providers.xml</provider-directory>
|
||
|
|
|
||
|
|
<exception-handlers>
|
||
|
|
<default>/sourceid/errorHandler.js.vs</default>
|
||
|
|
</exception-handlers>
|
||
|
|
|
||
|
|
<signing-key>
|
||
|
|
<keystore-path>/WEB-INF/venice-sp.keystore</keystore-path>
|
||
|
|
<keystore-password>numenor</keystore-password>
|
||
|
|
<key-alias>mykey</key-alias>
|
||
|
|
<key-password>mithrandir</key-password>
|
||
|
|
</signing-key>
|
||
|
|
|
||
|
|
<!-- none of these matter for a Service Provider -->
|
||
|
|
<idp-authentication-uri>/idp/logon.jsp</idp-authentication-uri>
|
||
|
|
<idp-authn-lifespan>1800</idp-authn-lifespan>
|
||
|
|
<idp-logout-render-page>/idp/idpLogoutRender.jsp</idp-logout-render-page>
|
||
|
|
<idp-logout-done-image>/idp/checkmark.png</idp-logout-done-image>
|
||
|
|
<idp-post-assertion-render-page>/idp/idpPost.jsp</idp-post-assertion-render-page>
|
||
|
|
|
||
|
|
<!--
|
||
|
|
Here, you may optionally specify a Session-context attribute which SourceID-SSO should remove whenever
|
||
|
|
a user is logged off (either via a browser-based front-channel, or via a SOAP-based backchannel). SourceID-SSO
|
||
|
|
will already cleanup it's own session tracking info for the user, effectively logging them out of SourceID-SSO.
|
||
|
|
By putting an attribute key here, you can have SourceID-SSO log the user out of your application as well.
|
||
|
|
Future versions of SourceID-SSO will also support JAAS-based login/logout.
|
||
|
|
|
||
|
|
The sample value below works for the sample JSP-based application distributed with SourceID-SSO.
|
||
|
|
-->
|
||
|
|
<remove-session-attribute-on-logout>dynamo.session</remove-session-attribute-on-logout>
|
||
|
|
|
||
|
|
<!--
|
||
|
|
When generating or consuming assertions, tolerances for "Not Before" and "Not On or After" are encoded in the
|
||
|
|
assertion document. Liberty Protocol recommends 1 minute for "Not Before", and 5 minutes for "Not On Or After".
|
||
|
|
Enter the number of SECONDS for these tolerances below (default values should work).
|
||
|
|
-->
|
||
|
|
<assert-tolerance-not-before>60</assert-tolerance-not-before>
|
||
|
|
<assert-tolerance-not-on-or-after>300</assert-tolerance-not-on-or-after>
|
||
|
|
|
||
|
|
<!--
|
||
|
|
Here, set the AccountHandler implementation class. The default configuration
|
||
|
|
is to use the "in-memory handler", which is really for demo and testing purposes only,
|
||
|
|
as it does not connect to any actual persistent storage. The SourceID-SSO User's Guide
|
||
|
|
describes how to implement an AccountHandler for your user directory. You may also use
|
||
|
|
the provided JDBC Account Handler, with simple table mappings described in the file
|
||
|
|
sourceid-sso-jdbc.xml. Or for LDAP access, use the JNDI Account Handler, with attribute
|
||
|
|
mappings described in the file sourceid-sso-jndi.xml.
|
||
|
|
-->
|
||
|
|
<account-handler>com.silverwrist.venice.sourceid.VeniceAccountHandler</account-handler>
|
||
|
|
|
||
|
|
<artifact-handler>org.sourceid.sso.handlers.ArtifactHandlerInMemoryImpl</artifact-handler>
|
||
|
|
|
||
|
|
</SourceID-SSO>
|
||
|
|
|