Merge remote branch 'tags/2.3.4'
[java-idp.git] / src / installer / resources / conf-tmpl / handler.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
4                         xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
5
6     <!-- Error Handler -->
7     <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp"/>
8
9     <!-- Profile Handlers -->
10     <!-- 
11         All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile 
12         handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status"
13      -->
14     <ph:ProfileHandler xsi:type="ph:Status">
15         <ph:RequestPath>/Status</ph:RequestPath>
16     </ph:ProfileHandler>
17     
18     <ph:ProfileHandler xsi:type="ph:SAMLMetadata" metadataFile="$IDP_HOME$/metadata/idp-metadata.xml">
19         <ph:RequestPath>/Metadata/SAML</ph:RequestPath>
20     </ph:ProfileHandler>    
21
22     <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" 
23                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post
24                                                    urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
25         <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
26     </ph:ProfileHandler>
27     
28     <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
29                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
30         <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
31     </ph:ProfileHandler>
32     
33     <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" 
34                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
35         <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
36     </ph:ProfileHandler>
37     
38     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
39                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
40                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
41                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
42         <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
43     </ph:ProfileHandler>
44
45     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" 
46                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
47                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
48                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
49         <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
50     </ph:ProfileHandler>
51
52     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
53                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
54                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
55                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
56         <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
57     </ph:ProfileHandler>
58
59     <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
60                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
61                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">
62         <ph:RequestPath>/SAML2/Redirect/SLO</ph:RequestPath>
63     </ph:ProfileHandler>
64
65     <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
66                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
67                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
68         <ph:RequestPath>/SAML2/POST/SLO</ph:RequestPath>
69     </ph:ProfileHandler>
70
71     <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
72                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
73                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
74         <ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath>
75     </ph:ProfileHandler>
76     
77     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" 
78                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
79                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
80                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
81         <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
82     </ph:ProfileHandler>
83
84     <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
85                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
86         <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
87     </ph:ProfileHandler>
88
89     <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
90                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
91         <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
92     </ph:ProfileHandler>
93     
94     <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
95                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
96         <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
97     </ph:ProfileHandler>
98     
99     <!-- Login Handlers -->
100     <!-- <ph:LoginHandler xsi:type="ph:RemoteUser">
101         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
102     </ph:LoginHandler>-->
103     
104     <!-- Login handler that delegates the act of authentication to an external system. -->
105     <!-- This login handler and the RemoteUser login handler will be merged in the next major release. -->
106     <!--
107     <ph:LoginHandler xsi:type="ph:ExternalAuthn">
108         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
109         <ph:QueryParam name="foo" value="bar" />
110     </ph:LoginHandler>
111     -->
112     
113     <!--  Username/password login handler -->   
114     <ph:LoginHandler xsi:type="ph:UsernamePassword" 
115                   jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
116         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
117     </ph:LoginHandler>
118     
119     
120     <!-- 
121         Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
122         on every request.
123     -->
124     <ph:LoginHandler xsi:type="ph:PreviousSession">
125         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
126     </ph:LoginHandler>
127
128 </ph:ProfileHandlerGroup>