1 <?xml version="1.0" encoding="UTF-8"?>
2 <ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
5 <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp"/>
7 <!-- Profile Handlers -->
9 All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile
10 handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status"
12 <ph:ProfileHandler xsi:type="ph:Status">
13 <ph:RequestPath>/Status</ph:RequestPath>
16 <ph:ProfileHandler xsi:type="ph:SAMLMetadata" metadataFile="$IDP_HOME$/metadata/idp-metadata.xml">
17 <ph:RequestPath>/Metadata/SAML</ph:RequestPath>
20 <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
21 <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
24 <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
25 <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
28 <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
29 <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
32 <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
33 <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
36 <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
37 <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
40 <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
41 <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
44 <ph:ProfileHandler xsi:type="ph:SAML2SLO"
45 inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
46 outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">
47 <ph:RequestPath>/SAML2/Redirect/SLO</ph:RequestPath>
50 <ph:ProfileHandler xsi:type="ph:SAML2SLO"
51 inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
52 outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
53 <ph:RequestPath>/SAML2/POST/SLO</ph:RequestPath>
56 <ph:ProfileHandler xsi:type="ph:SAML2SLO"
57 inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
58 outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
59 <ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath>
62 <ph:ProfileHandler xsi:type="ph:SAML2SSO"
63 inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest"
64 outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
65 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
66 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
68 <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
69 <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
72 <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
73 <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
76 <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
77 <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
80 <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
81 <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
84 <!-- Login Handlers -->
85 <ph:LoginHandler xsi:type="ph:RemoteUser">
86 <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
89 <!-- Login handler that delegates the act of authentication to an external system. -->
90 <!-- This login handler and the RemoteUser login handler will be merged in the next major release. -->
92 <ph:LoginHandler xsi:type="ph:ExternalAuthn">
93 <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
94 <ph:QueryParam name="foo" value="bar" />
98 <!-- Username/password login handler -->
100 <ph:LoginHandler xsi:type="ph:UsernamePassword"
101 jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
102 <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
107 Removal of this login handler will disable SSO support, that is it will require the user to authenticate
110 <ph:LoginHandler xsi:type="ph:PreviousSession">
111 <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
114 </ph:ProfileHandlerGroup>