Add memcache setup to shibboleth2.xml

Adds memcache session information to /etc/shibboleth/shibboleth2.xml when the
shibboleth sp is configured.

Change-Id: I4489b01d0c6741c9390c2f65bbf3650308123a49
Closes-Bug: 1661197

templates/shibboleth2.xml.j2

@@ -5,6 +5,28 @@
           xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
           clockSkew="180">
 
+    <OutOfProcess>
+        <Extensions>
+            <Library path="memcache-store.so" fatal="true"/>
+        </Extensions>
+    </OutOfProcess>
+
+    <StorageService type="MEMCACHE" id="mc" prefix="shibboleth2:">
+        <Hosts>
+            {{ memcached_servers }}
+        </Hosts>
+    </StorageService>
+
+    <StorageService type="MEMCACHE" id="mc-ctx" prefix="shibboleth2:" buildMap="1">
+        <Hosts>
+            {{ memcached_servers }}
+        </Hosts>
+    </StorageService>
+
+    <SessionCache type="StorageService" cacheTimeout="{{ horizon_session_timeout }}" StorageService="mc-ctx" StorageServiceLite="mc" />
+    <ReplayCache StorageService="mc"/>
+    <ArtifactMap StorageService="mc" artifactTTL="180"/>
+
     <!-- The entityID is the name by which your IdP will know your SP. -->
     <ApplicationDefaults entityID="{{ keystone_service_publicuri }}/shibboleth">
 
@@ -12,7 +34,7 @@
         <!-- https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPSessions -->
         <Sessions lifetime="28800"
                   timeout="3600"
-                  relayState="ss:mem"
+                  relayState="ss:mc"
                   checkAddress="false"
                   handlerSSL="{% if keystone_ssl | bool %}true{% else %}false{% endif %}"
                   {% if keystone_service_publicuri_proto == "https" %}cookieProps="; path=/; secure"{% endif %}>