Implement config wiring changes related to artifact map and JOST-110:
[java-idp.git] / src / installer / resources / conf-tmpl / handler.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler"
4                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
5                      xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
6
7     <!-- Error Handler -->
8     <ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" />
9
10     <!-- Profile Handlers -->
11     <!-- 
12         All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile 
13         handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status"
14      -->
15     <ProfileHandler xsi:type="Status">
16         <RequestPath>/Status</RequestPath>
17     </ProfileHandler>
18     
19     <ProfileHandler xsi:type="SAMLMetadata" metadataFile="$IDP_HOME$/metadata/idp-metadata.xml">
20         <RequestPath>/Metadata/SAML</RequestPath>
21     </ProfileHandler>    
22
23     <ProfileHandler xsi:type="ShibbolethSSO"
24                     inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
25                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post 
26                                                 urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
27         <RequestPath>/Shibboleth/SSO</RequestPath>
28     </ProfileHandler>
29     
30     <ProfileHandler xsi:type="SAML1AttributeQuery" 
31                     inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
32                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
33         <RequestPath>/SAML1/SOAP/AttributeQuery</RequestPath>
34     </ProfileHandler>
35     
36     <ProfileHandler xsi:type="SAML1ArtifactResolution" 
37                     inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
38                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
39         <RequestPath>/SAML1/SOAP/ArtifactResolution</RequestPath>
40     </ProfileHandler>
41     
42     <ProfileHandler xsi:type="SAML2SSO" 
43                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
44                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
45                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
46                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
47         <RequestPath>/SAML2/POST/SSO</RequestPath>
48     </ProfileHandler>
49
50     <ProfileHandler xsi:type="SAML2SSO" 
51                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
52                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
53                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
54                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
55         <RequestPath>/SAML2/POST-SimpleSign/SSO</RequestPath>
56     </ProfileHandler>
57
58     <ProfileHandler xsi:type="SAML2SSO" 
59                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
60                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
61                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
62                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
63         <RequestPath>/SAML2/Redirect/SSO</RequestPath>
64     </ProfileHandler>
65     
66     <ProfileHandler xsi:type="SAML2AttributeQuery"
67                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
68                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
69         <RequestPath>/SAML2/SOAP/AttributeQuery</RequestPath>
70     </ProfileHandler>
71     
72     <ProfileHandler xsi:type="SAML2ArtifactResolution" 
73                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
74                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
75         <RequestPath>/SAML2/SOAP/ArtifactResolution</RequestPath>
76     </ProfileHandler>
77     
78     <!-- Login Handlers -->
79     <LoginHandler xsi:type="RemoteUser">
80         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
81     </LoginHandler>
82     
83     <!--  Username/password login handler -->
84     <!-- 
85     <LoginHandler xsi:type="UsernamePassword" 
86                   jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
87         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
88     </LoginHandler>
89     -->
90     
91     <!-- 
92         Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
93         on every request.
94     -->
95     <LoginHandler xsi:type="PreviousSession">
96         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod>
97     </LoginHandler>
98
99 </ProfileHandlerGroup>