...
| Code Block |
|---|
| xml |
|---|
| title | Attribute Filter Engine Loading Policy from Local Filesystem |
|---|
| xml |
|---|
|
<Service id="shibboleth.AttributeFilterEngine"
xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
<ConfigurationResource xsi:type="resource:FilesystemResource"
file="/opt/idp/shibboleth-idp-2.1.3/conf/attribute-filter.xml" />
</Service>
|
...
| Code Block |
|---|
| xml |
|---|
| title | Attribute Filter Engine Loading Policy from HTTP URL |
|---|
| xml |
|---|
|
<Service id="shibboleth.AttributeFilterEngine"
xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
<ConfigurationResource xsi:type="resource:HttpResource"
url="http://example.org/idpconf/attribute-filter.xml" />
</Service>
|
...
| Code Block |
|---|
| xml |
|---|
| title | Attribute Filter Engine Loading Policy from Subversion |
|---|
| xml |
|---|
|
<Service id="shibboleth.AttributeFilterEngine"
xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
<ConfigurationResource xsi:type="resource:SVNResource"
repositoryURL="http://svn.example.org/idp/prod/conf"
workingCopyDirectory="/opt/shibboleth-idp/svnconf"
resourceFile="attribute-filter.xml"
revision="513" />
</Service>
|
...
| Code Block |
|---|
| xml |
|---|
| title | Attribute Filter Engine Loading Policy from File-backed HTTP |
|---|
| xml |
|---|
|
<Service id="shibboleth.AttributeFilterEngine"
xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
<ConfigurationResource xsi:type="resource:FileBackedHttpResource"
url="http://example.org/idpconf"
file="/opt/shibboleth-idp/httpconf" />
</Service>
|
...
| Code Block |
|---|
| xml |
|---|
| title | Example Attribute Resolver Configuration Loaded from SVN with Property Replacement |
|---|
| xml |
|---|
|
<Service id="shibboleth.AttributeResolver"
xsi:type="attribute-resolver:ShibbolethAttributeResolver">
<ConfigurationResource xsi:type="resource:SVNResource"
repositoryURL="http://svn.example.org/idp/prod/conf"
workingCopyDirectory="/opt/shibboleth-idp/svnconf"
resourceFile="attribute-resolver.xml"
revision="513">
<ResourceFilter xsi:type="PropertyReplacement"
xmlns="urn:mace:shibboleth:2.0:resource"
propertyFile="/opt/idp/shibboleth-idp/conf/config.properties"/>
</ConfigurationResource>
</Service>
|
| Code Block |
|---|
| xml |
|---|
| title | Attribute Resolver LDAP Data Connector with Properties for Sensitive Information |
|---|
| xml |
|---|
|
<resolver:DataConnector id="myLDAP"
xsi:type="LDAPDirectory"
xmlns="urn:mace:shibboleth:2.0:resolver:dc"
ldapURL="ldap://example.org"
baseDN="ou=people,dc=example,dc=org"
principal="${ldap.principal}"
principalCredential="${ldap.credential}" >
<FilterTemplate>(uid=$requestContext.principalName)</FilterTemplate>
</resolver:DataConnector>
|
...
| Code Block |
|---|
| title | Property File used by Property Replaced Filter |
|---|
|
ldap.principal = cn=idpserver,ou=services,dc=example,dc=org
ldap.credential = $uper$ecr3+
|
Multiple Property Files
In some cases it may be desirable to factor out configuration properties into several files; for example host-specific and tier-specific. The following configuration demonstrates how to configure resource filter components for that case.
| Code Block |
|---|
| language | html/xml |
|---|
| title | Example Attribute Resolver with Multiple Resource Filters |
|---|
|
<Service id="shibboleth.AttributeResolver"
xsi:type="attribute-resolver:ShibbolethAttributeResolver">
<ConfigurationResource
file="/opt/shibboleth-idp/conf/attribute-resolver.xml"
xsi:type="resource:FilesystemResource">
<ResourceFilter xsi:type="Chaining"
xmlns="urn:mace:shibboleth:2.0:resource">
<ResourceFilter xsi:type="PropertyReplacement"
xmlns="urn:mace:shibboleth:2.0:resource"
propertyFile="/opt/shibboleth-idp/conf/idp.properties"/>
<ResourceFilter xsi:type="PropertyReplacement"
xmlns="urn:mace:shibboleth:2.0:resource"
propertyFile="/home/idp/private/idp-env.properties"/>
</ResourceFilter>
</ConfigurationResource>
</Service> |