Merge remote branch 'tags/2.3.3'

[java-idp.git] / src / installer / resources / conf-tmpl / handler.xml

<?xml version="1.0" encoding="UTF-8"?>
<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">

    <!-- Error Handler -->
    <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp"/>

    <!-- Profile Handlers -->
    <!-- 
        All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile 
        handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status"
     -->
    <ph:ProfileHandler xsi:type="ph:Status">
        <ph:RequestPath>/Status</ph:RequestPath>
    </ph:ProfileHandler>
    
    <ph:ProfileHandler xsi:type="ph:SAMLMetadata" metadataFile="$IDP_HOME$/metadata/idp-metadata.xml">
        <ph:RequestPath>/Metadata/SAML</ph:RequestPath>
    </ph:ProfileHandler>    

    <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post                                                  urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
        <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
    </ph:ProfileHandler>
    
    <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
        <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
    </ph:ProfileHandler>
    
    <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
        <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
    </ph:ProfileHandler>
    
    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
        <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
    </ph:ProfileHandler>

    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
        <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
    </ph:ProfileHandler>

    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
        <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
    </ph:ProfileHandler>

    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">
        <ph:RequestPath>/SAML2/Redirect/SLO</ph:RequestPath>
    </ph:ProfileHandler>

    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
        <ph:RequestPath>/SAML2/POST/SLO</ph:RequestPath>
    </ph:ProfileHandler>

    <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
        <ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath>
    </ph:ProfileHandler>
    
    <ph:ProfileHandler xsi:type="ph:SAML2SSO"
                    inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">

    <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
        <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
    </ph:ProfileHandler>

    <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
        <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
    </ph:ProfileHandler>

    <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
        <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
    </ph:ProfileHandler>
    
    <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
        <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
    </ph:ProfileHandler>
    
    <!-- Login Handlers -->
    <ph:LoginHandler xsi:type="ph:RemoteUser">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
    </ph:LoginHandler>
    
    <!-- Login handler that delegates the act of authentication to an external system. -->
    <!-- This login handler and the RemoteUser login handler will be merged in the next major release. -->
    <!--
    <ph:LoginHandler xsi:type="ph:ExternalAuthn">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
        <ph:QueryParam name="foo" value="bar" />
    </ph:LoginHandler>
    -->
    
    <!--  Username/password login handler -->
    <!-- 
    <ph:LoginHandler xsi:type="ph:UsernamePassword" 
                  jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
    </ph:LoginHandler>
    -->
    
    <!-- 
        Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
        on every request.
    -->
    <ph:LoginHandler xsi:type="ph:PreviousSession">
        <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
    </ph:LoginHandler>

</ph:ProfileHandlerGroup>