venice-dynamo-rewrite/conf-sso/sp/sourceid-sso.xml
2003-05-20 03:25:31 +00:00

69 lines
3.2 KiB
XML

<?xml version="1.0"?>
<SourceID-SSO>
<!-- See SourceID-SSO documentation for more detailed documentation for these options -->
<!--
The unique ProviderID of this installation. The value here should appear in other sites'
<SPDescriptor> or <IDPDescriptor> elements describing this site.
-->
<provider-id>Venice-SSO-SP</provider-id>
<!--
The role of this site with respect to the Liberty Protocol; valid values are "sp" and "idp".
-->
<provider-role>sp</provider-role>
<provider-directory>/WEB-INF/sourceid-sso-providers.xml</provider-directory>
<exception-handlers>
<default>/sourceid/errorHandler.js.vs</default>
</exception-handlers>
<signing-key>
<keystore-path>/WEB-INF/venice-sp.keystore</keystore-path>
<keystore-password>numenor</keystore-password>
<key-alias>mykey</key-alias>
<key-password>mithrandir</key-password>
</signing-key>
<!-- none of these matter for a Service Provider -->
<idp-authentication-uri>/idp/logon.jsp</idp-authentication-uri>
<idp-authn-lifespan>1800</idp-authn-lifespan>
<idp-logout-render-page>/idp/idpLogoutRender.jsp</idp-logout-render-page>
<idp-logout-done-image>/idp/checkmark.png</idp-logout-done-image>
<idp-post-assertion-render-page>/idp/idpPost.jsp</idp-post-assertion-render-page>
<!--
Here, you may optionally specify a Session-context attribute which SourceID-SSO should remove whenever
a user is logged off (either via a browser-based front-channel, or via a SOAP-based backchannel). SourceID-SSO
will already cleanup it's own session tracking info for the user, effectively logging them out of SourceID-SSO.
By putting an attribute key here, you can have SourceID-SSO log the user out of your application as well.
Future versions of SourceID-SSO will also support JAAS-based login/logout.
The sample value below works for the sample JSP-based application distributed with SourceID-SSO.
-->
<remove-session-attribute-on-logout>dynamo.session</remove-session-attribute-on-logout>
<!--
When generating or consuming assertions, tolerances for "Not Before" and "Not On or After" are encoded in the
assertion document. Liberty Protocol recommends 1 minute for "Not Before", and 5 minutes for "Not On Or After".
Enter the number of SECONDS for these tolerances below (default values should work).
-->
<assert-tolerance-not-before>60</assert-tolerance-not-before>
<assert-tolerance-not-on-or-after>300</assert-tolerance-not-on-or-after>
<!--
Here, set the AccountHandler implementation class. The default configuration
is to use the "in-memory handler", which is really for demo and testing purposes only,
as it does not connect to any actual persistent storage. The SourceID-SSO User's Guide
describes how to implement an AccountHandler for your user directory. You may also use
the provided JDBC Account Handler, with simple table mappings described in the file
sourceid-sso-jdbc.xml. Or for LDAP access, use the JNDI Account Handler, with attribute
mappings described in the file sourceid-sso-jndi.xml.
-->
<account-handler>com.silverwrist.venice.sourceid.VeniceAccountHandler</account-handler>
<artifact-handler>org.sourceid.sso.handlers.ArtifactHandlerInMemoryImpl</artifact-handler>
</SourceID-SSO>