# GridShib SAML Tools config properties ##################################################################### # Identity Provider entityID # # The IdP entityID is the unique identifier for the IdP # (which is what the SAML Assertion Issuer Tool is). # In the SAML world, an entityID is usually an URI. # It is recommended that the entityID be an URL. # # The IdP.entityID property is optional. If omitted, the # SAML Assertion Issuer Tool will default to the Subject DN # of the issuing credential. ##################################################################### #IdP.entityID=https://gridshib.example.org/idp ##################################################################### # SAML NameIdentifier # # Defines the syntax of the element. # By default, the NameIdentifier has an unspecified format # (see below). Other formats are possible, for example: # # Format=urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName # formatting.template=uid=%PRINCIPAL%,dc=example,dc=org # # In all cases, the %PRINCIPAL% placeholder is replaced with # the user name passed to the application on the command line. # # Note: The NameQualifier property SHOULD be omitted. ##################################################################### NameID.Format=urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified NameID.Format.template=%PRINCIPAL% #NameID.NameQualifier=https://gridshib.example.org/idp ##################################################################### # dateTime pattern # # Constrains the syntax of the --authnInstant command-line option. # # This config property is optional. If omitted, the pattern # defaults to "yyyy-MM-dd'T'HH:mm:ssZ". # # For details regarding pattern syntax, please refer to the javadoc # http://java.sun.com/j2se/1.5.0/docs/api/java/text/SimpleDateFormat.html ##################################################################### #dateTime.pattern=yyyy-MM-dd'T'HH\:mm\:ssZ ##################################################################### # SAML Attribute # # A single attribute is defined by three properties: # # Attribute.label.Namespace=format # Attribute.label.Name=name # Attribute.label.Value=value # # where name and value are the Name and Value of the attribute # to be asserted. The label is an arbitrary string that # distinguishes a triple (Namespace, Name, Value). Any number # of such triples are possible, each with its own unique label. # # Multi-valued attributes are supported. To specify multiple # values for an attribute, simply list a tab-separated list of # attribute values on the righthand side of the Value line. # # The Namespace property is optional. If omitted, the standard # value # # Attribute.label.Namespace=urn:mace:shibboleth:1.0:attributeNamespace:uri # # is used to construct the SAML Attribute. ##################################################################### # FriendlyName="mail" #Attribute.mail.Namespace=urn:mace:shibboleth:1.0:attributeNamespace:uri #Attribute.mail.Name=urn:oid:0.9.2342.19200300.100.1.3 #Attribute.mail.Value=trscavo@gmail.com # FriendlyName="isMemberOf" Attribute.isMemberOf.Namespace=urn:mace:shibboleth:1.0:attributeNamespace:uri Attribute.isMemberOf.Name=urn:oid:1.3.6.1.4.1.5923.1.5.1.1 Attribute.isMemberOf.Value=${attribute.ismember.value} #Attribute.isMemberOf.Value=group://ogce.org/ogce # FriendlyName="countryName" Attribute.countryName.Namespace=urn:mace:shibboleth:1.0:attributeNamespace:uri Attribute.countryName.Name=urn:oid:2.5.4.6 Attribute.countryName.Value=US ##################################################################### # X.509 Issuing Credential # # The certificate and unencrypted private key associated # with the issuing credential are required (but GridShib # SAML Tools ships with a default credential, so the # properties below are optional). The two config # property values are specified as system independent file # locations (certLocation and keyLocation). # # This tool issues SAML assertions suitable for binding to # X.509 certificates. Whether or not the assertion is # actually bound to a certificate, an issuing credential # is required. ##################################################################### # the location of a long-lived end entity credential: #certLocation=file:///usr/local/security/mycert.pem #keyLocation=file:///usr/local/security/mykey.pem # the location of a short-lived credential, such as a proxy # credential or GridShib CA-issued end entity credential: certLocation=file://${communityCertLocation} keyLocation=file://${communityCertLocation} #certLocation=file:///tmp/x509up_u501 #keyLocation=file:///tmp/x509up_u501 # the location of a short-lived credential on Windows (%TEMP%\x509up_u_*): #certLocation=file:/C:/Documents%20and%20Settings/tom%20scavo/Local%20Settings/Temp/x509up_u_tom%20scavo #keyLocation=file:/C:/Documents%20and%20Settings/tom%20scavo/Local%20Settings/Temp/x509up_u_tom%20scavo