tag for release
[java-idp.git] / src / installer / resources / conf-tmpl / handler.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
4                         xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
5
6     <!-- Error Handler -->
7     <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp"/>
8
9     <!-- Profile Handlers -->
10     <!-- 
11         All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile 
12         handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status"
13      -->
14     <ph:ProfileHandler xsi:type="ph:Status">
15         <ph:RequestPath>/Status</ph:RequestPath>
16     </ph:ProfileHandler>
17     
18     <ph:ProfileHandler xsi:type="ph:SAMLMetadata" metadataFile="$IDP_HOME$/metadata/idp-metadata.xml">
19         <ph:RequestPath>/Metadata/SAML</ph:RequestPath>
20     </ph:ProfileHandler>    
21
22     <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" 
23                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post
24                                                    urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
25         <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
26     </ph:ProfileHandler>
27     
28     <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
29                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
30         <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
31     </ph:ProfileHandler>
32     
33     <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" 
34                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
35         <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
36     </ph:ProfileHandler>
37     
38     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
39                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
40                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
41                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
42         <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
43     </ph:ProfileHandler>
44
45     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" 
46                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
47                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
48                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
49         <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
50     </ph:ProfileHandler>
51
52     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
53                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
54                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
55                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
56         <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
57     </ph:ProfileHandler>
58
59     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" 
60                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
61                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
62                                                    urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
63         <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
64     </ph:ProfileHandler>
65
66     <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
67                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
68         <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
69     </ph:ProfileHandler>
70
71     <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
72                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
73         <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
74     </ph:ProfileHandler>
75     
76     <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" 
77                        outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
78         <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
79     </ph:ProfileHandler>
80     
81     <!-- Login Handlers -->
82     <ph:LoginHandler xsi:type="ph:RemoteUser">
83         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
84     </ph:LoginHandler>
85     
86     <!-- Login handler that delegates the act of authentication to an external system. -->
87     <!-- This login handler and the RemoteUser login handler will be merged in the next major release. -->
88     <!--
89     <ph:LoginHandler xsi:type="ph:ExternalAuthn">
90         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
91         <ph:QueryParam name="foo" value="bar" />
92     </ph:LoginHandler>
93     -->
94     
95     <!--  Username/password login handler -->
96     <!-- 
97     <ph:LoginHandler xsi:type="ph:UsernamePassword" 
98                   jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
99         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
100     </ph:LoginHandler>
101     -->
102     
103     <!-- 
104         Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
105         on every request.
106     -->
107     <ph:LoginHandler xsi:type="ph:PreviousSession">
108         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
109     </ph:LoginHandler>
110
111 </ph:ProfileHandlerGroup>