resources/WEB-INF/web.xml

   1 <?xml version="1.0" encoding="UTF-8"?>
   2
   3 <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   4     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
   5     version="2.4">
   6
   7     <display-name>Shibboleth $IDP_VERSION$ Identity Provider</display-name>
   8
   9     <!--
  10         Spring 2.0 application context files.  Files are loaded in the order they appear with subsequent files
  11         overwritting same named beans in previous files.
  12     -->
  13     <context-param>
  14         <param-name>contextConfigLocation</param-name>
  15         <param-value>file://$IDP_HOME$/conf/internal.xml; file://$IDP_HOME$/conf/service.xml;</param-value>
  16     </context-param>
  17
  18     <!--
  19         Spring 2.0 listener used to load up the configuration
  20     -->
  21     <listener>
  22         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  23     </listener>
  24
  25     <!--
  26         Session time inactivity timeout, in minutes.
  27
  28         A timeout of 0 or less means the session never timesout.  Such a setting is strongly discouraged and will
  29         almost certainly lead to memory exhaustion under moderate to heavy loads or in servers with prolonged uptime.
  30     -->
  31     <session-config>
  32         <session-timeout>30</session-timeout>
  33     </session-config>
  34
  35     <!-- Profile Request Dispatcher -->
  36     <servlet>
  37         <servlet-name>ProfileRequestDispatcher</servlet-name>
  38         <servlet-class>
  39             edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet
  40         </servlet-class>
  41     </servlet>
  42
  43     <servlet-mapping>
  44         <servlet-name>ProfileRequestDispatcher</servlet-name>
  45         <url-pattern>/profile/*</url-pattern>
  46     </servlet-mapping>
  47
  48     <!-- Authentication Engine Entry Point -->
  49     <servlet>
  50         <servlet-name>AuthenticationEngine</servlet-name>
  51         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine</servlet-class>
  52     </servlet>
  53
  54     <servlet-mapping>
  55         <servlet-name>AuthenticationEngine</servlet-name>
  56         <url-pattern>/AuthnEngine</url-pattern>
  57     </servlet-mapping>
  58
  59     <!-- Servlet protected by container user for RemoteUser authentication -->
  60     <servlet>
  61         <servlet-name>RemoteUserAuthHandler</servlet-name>
  62         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet</servlet-class>
  63     </servlet>
  64
  65     <servlet-mapping>
  66         <servlet-name>RemoteUserAuthHandler</servlet-name>
  67         <url-pattern>/Authn/RemoteUser</url-pattern>
  68     </servlet-mapping>
  69
  70     <!-- Servlet for doing Username/Password authentication -->
  71     <servlet>
  72         <servlet-name>UsernamePasswordAuthHandler</servlet-name>
  73         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class>
  74     </servlet>
  75
  76     <servlet-mapping>
  77         <servlet-name>UsernamePasswordAuthHandler</servlet-name>
  78         <url-pattern>/Authn/UserPassword</url-pattern>
  79     </servlet-mapping>
  80
  81 <!-- Uncommonent if to use container managed authentication -->
  82 <!--
  83     <security-constraint>
  84         <display-name>Shibboleth IdP</display-name>
  85         <web-resource-collection>
  86             <web-resource-name>user authentication</web-resource-name>
  87             <url-pattern>/Authn/RemoteUser</url-pattern>
  88             <http-method>GET</http-method>
  89             <http-method>POST</http-method>
  90         </web-resource-collection>
  91         <auth-constraint>
  92             <role-name>users</role-name>
  93         </auth-constraint>
  94         <user-data-constraint>
  95             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  96         </user-data-constraint>
  97     </security-constraint>
  98 -->
  99
 100 <!-- Uncomment if you want BASIC auth managed by the container -->
 101 <!--
 102     <login-config>
 103       <auth-method>BASIC</auth-method>
 104       <realm-name>IdP Password Authentication</realm-name>
 105     </login-config>
 106 -->
 107
 108 <!-- Uncomment if you want form-based auth managed by the container -->
 109 <!--
 110     <login-config>
 111         <auth-method>FORM</auth-method>
 112         <realm-name>IdP Password Authentication</realm-name>
 113         <form-login-config>
 114             <form-login-page>/login.jsp</form-login-page>
 115             <form-error-page>/error.jsp</form-error-page>
 116         </form-login-config>
 117     </login-config>
 118 -->
 119
 120 </web-app>