Questo è il mio file shibboleth2.xml
spero possa essere d'aiuto
grazie come sempre a tutti
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
clockSkew="180">
<!--
By default, in-memory StorageService, ReplayCache, ArtifactMap, and SessionCache
are used. See example-shibboleth2.xml for samples of explicitly configuring them.
-->
<!--
To customize behavior for specific resources on Apache, and to link vhosts or
resources to ApplicationOverride settings below, use web server options/commands.
See https://spaces.internet2.edu/display/SHIB2/NativeSPConfigurationElements for help.
For examples with the RequestMap XML syntax instead, see the example-shibboleth2.xml
file, and the https://spaces.internet2.edu/display/SHIB2/NativeSPRequestMapHowTo topic.
-->
<!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
<ApplicationDefaults entityID="https://XXXXXXX.XX"
REMOTE_USER="eppn persistent-id targeted-id">
<!--
Controls session lifetimes, address checks, cookie handling, and the protocol handlers.
You MUST supply an effectively unique handlerURL value for each of your applications.
The value defaults to /Shibboleth.sso, and should be a relative path, with the SP computing
a relative value based on the virtual host. Using handlerSSL="true", the default, will force
the protocol to be https. You should also add a cookieProps setting of "; path=/; secure"
in that case. Note that while we default checkAddress to "false", this has a negative
impact on the security of the SP. Stealing cookies/sessions is much easier with this disabled.
-->
<Sessions lifetime="28800" timeout="3600" checkAddress="false" relayState="ss:mem" handlerSSL="false">
<!--
Configures SSO for a default IdP. To allow for >1 IdP, remove
entityID property and adjust discoveryURL to point to discovery service.
(Set discoveryProtocol to "WAYF" for legacy Shibboleth WAYF support.)
You can also override entityID on /Login query string, or in RequestMap/htaccess.
-->
<SSO discoveryProtocol="SAMLDS" discoveryURL="https://XXX.XXXXX.XX/idp/Authn/UserPassword">
SAML2 SAML1
</SSO>
<!-- SAML and local-only logout. -->
<Logout>SAML2 Local</Logout>
<!-- Extension service that generates "approximate" metadata based on SP configuration. -->
<Handler type="MetadataGenerator" Location="/Metadata"
signing="false">
<mdui:UIInfo xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui">
<mdui:DisplayName xml:lang="en">ENG DisplayName SP</mdui:DisplayName>
<mdui:DisplayName xml:lang="it">ITA DisplayName SP</mdui:DisplayName>
<mdui:Description xml:lang="en">ENG Description SP</mdui:Description>
<mdui:Description xml:lang="it">ITA Description SP</mdui:Description>
<mdui:InformationURL xml:lang="en">ENG_PAGE_INFO_URL</mdui:InformationURL>
<mdui:InformationURL xml:lang="it">ITA_PAGE_INFO_URL</mdui:InformationURL>
<mdui:Logo height="16" width="16"
xml:lang="en">ENG_LOGO_URL_HTTPS_16x16</mdui:Logo>
<mdui:Logo height="16" width="16"
xml:lang="it">ITA_LOGO_URL_HTTPS_16x16</mdui:Logo>
<mdui:Logo height="60" width="80"
xml:lang="en">ENG_LOGO_URL_HTTPS_80x60</mdui:Logo>
<mdui:Logo height="60" width="80"
xml:lang="it">ITA_LOGO_URL_HTTPS_80x60</mdui:Logo>
</mdui:UIInfo>
<md:AttributeConsumingService index="1">
<md:ServiceName xml:lang="en">ENG DisplayName SP</md:ServiceName>
<md:ServiceName xml:lang="it">ITA DisplayName SP</md:ServiceName>
<md:ServiceDescription xml:lang="en">ENG Description SP</md:ServiceDescription>
<md:ServiceDescription xml:lang="it">ITA Description SP</md:ServiceDescription>
<!-- example for the desiderd attribute: mail -->
<md:RequestedAttribute FriendlyName="mail"
Name="urn:oid:0.9.2342.19200300.100.1.3"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" />
<!-- example for the required attribute: eduPersonPrincipalName -->
<md:RequestedAttribute FriendlyName="eppn"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
isRequired="true" />
</md:AttributeConsumingService>
<md:Organization>
<md:OrganizationName xml:lang="en">ENG Org Name</md:OrganizationName>
<md:OrganizationName xml:lang="it">ITA Org Name</md:OrganizationName>
<md:OrganizationDisplayName xml:lang="en">ENG Org DisplayName</md:OrganizationDisplayName>
<md:OrganizationDisplayName xml:lang="it">ITA Org DisplayName</md:OrganizationDisplayName>
<md:OrganizationURL xml:lang="en">ENG_PAGE_ORG_URL</md:OrganizationURL>
<md:OrganizationURL xml:lang="it">ITA_PAGE_ORG_URL</md:OrganizationURL>
</md:Organization>
<md:ContactPerson contactType="technical">
<md:GivenName>System</md:GivenName>
<md:SurName>Support</md:SurName>
<md:EmailAddress>mailto:system.support@domainOrg.it</md:EmailAddress>
</md:ContactPerson>
</Handler>
<!-- Status reporting service. -->
<Handler type="Status" Location="/Status" acl="127.0.0.1"/>
<!-- Session diagnostic service. -->
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<!-- JSON feed of discovery information. -->
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<!--
Allows overriding of error template information/filenames. You can
also add attributes with values that can be plugged into the templates.
-->
<Errors
supportContact="xxxx@xxxxx.xx"
logoLocation="/usr/share/shibboleth/logo.jpg"
styleSheet="/usr/share/shibboleth/main.css"/>
<!-- Example of remotely supplied batch of signed metadata. -->
<!--
<MetadataProvider type="XML" uri="http://federation.org/federation-metadata.xml"
backingFilePath="federation-metadata.xml" reloadInterval="7200">
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
<MetadataFilter type="Signature" certificate="fedsigner.pem"/>
</MetadataProvider>
-->
<MetadataProvider type="XML"
uri="http://XXXXXX.XX"
backingFilePath="idem-test-metadata-sha256.xml"
reloadInterval="7200">
<MetadataFilter type="Signature" certificate="XXXXXXX.pem"/>
</MetadataProvider>
<!-- Example of locally maintained metadata. -->
<!--
<MetadataProvider type="XML" file="partner-metadata.xml"/>
-->
<!-- Map to extract attributes from SAML assertions. -->
<AttributeExtractor type="XML" validate="true" path="attribute-map.xml"/>
<!-- Use a SAML query if no attributes are supplied during SSO. -->
<AttributeResolver type="Query" subjectMatch="true"/>
<!-- Default filtering policy for recognized attributes, lets other data pass. -->
<AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<!-- Simple file-based resolver for using a single keypair. -->
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
<!--
The default settings can be overridden by creating ApplicationOverride elements (see
the https://spaces.internet2.edu/display/SHIB2/NativeSPApplicationOverride topic).
Resource requests are mapped by web server commands, or the RequestMapper, to an
applicationId setting.
Example of a second application (for a second vhost) that has a different entityID.
Resources on the vhost would map to an applicationId of "admin":
-->
<!--
<ApplicationOverride id="admin" entityID="https://admin.example.org/shibboleth"/>
-->
</ApplicationDefaults>
<!-- Policies that determine how to process and authenticate runtime messages. -->
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
<!-- Low-level configuration about protocols and bindings available for use. -->
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
</SPConfig>