...
Code Block | ||||
---|---|---|---|---|
| ||||
<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty"> <property name="profileConfigurations"> <list> <ref bean="Shibboleth.SSO" /> <ref bean="SAML1.AttributeQuery" /> <ref bean="SAML1.ArtifactResolution" /> <ref bean="SAML2.SSO" /> <ref bean="SAML2.ECP" /> <ref bean="SAML2.Logout" /> <ref bean="SAML2.AttributeQuery" /> <ref bean="SAML2.ArtifactResolution" /> <ref bean="CAS.LoginConfiguration" /> <ref bean="CAS.ProxyConfiguration" /> <ref bean="CAS.ValidateConfiguration.default" /> </list> </property> </bean> <bean id="CAS.ValidateConfiguration.default" parent="CAS.ValidateConfiguration"> <property name="securityConfiguration"> <bean class="net.shibboleth.idp.profile.config.SecurityConfiguration" c:skew="PT5M" p:clientTLSValidationConfiguration-ref="standardProxyTLSConfig"> <constructor-arg name="generator"> <bean class="net.shibboleth.idp.cas.ticket.impl.TicketIdentifierGenerationStrategy" c:prefix="PGT" c:randomLength="50" /> </constructor-arg> </bean> </property> </bean> <bean id="standardProxyTLSConfig" class="org.opensaml.security.x509.tls.impl.BasicClientTLSValidationConfiguration"> <property name="x509TrustEngine"> <bean class="org.opensaml.security.x509.impl.PKIXX509CredentialTrustEngine" c:nameEvaluator="#{null}"> <constructor-arg name="resolver"> <bean class="org.opensaml.security.x509.impl.StaticPKIXValidationInformationResolver" c:names="#{null}"> <constructor-arg name="info"> <bean class="org.opensaml.security.x509.impl.BasicPKIXValidationInformation" c:crls="#{null}" c:depth="5"> <constructor-arg name="anchors"> <list> <bean class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean" p:resource="%{idp.home}/credentials/vtgsca.pem" /> <bean class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean" p:resource="%{idp.home}/credentials/vtgqsca.pem" /> <bean class="net.shibboleth.ext.spring.factory.X509CertificateFactoryBean" p:resource="%{idp.home}/credentials/vtgqsca256.pem" /> </list> </constructor-arg> </bean> </constructor-arg> </bean> </constructor-arg> <constructor-arg name="pkixEvaluator"> <bean class="org.opensaml.security.x509.impl.CertPathPKIXTrustEvaluator" /> </constructor-arg> </bean> </property> </bean> |
Service Ticket Expiration (Optional)
CAS Service tickets issued by the Shibboleth IdP are single use tickets with a default validity period of 15 seconds. It is possible to extend the validity period by altering the profile configuration in relying-party.xml as follows:
...