Merge remote branch 'tags/2.3.3'
[java-idp.git] / src / installer / resources / conf-tmpl / handler.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2 <ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
3
4     <!-- Error Handler -->
5     <ph:ErrorHandler xsi:type="ph:JSPErrorHandler" jspPagePath="/error.jsp"/>
6
7     <!-- Profile Handlers -->
8     <!-- 
9         All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile 
10         handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status"
11      -->
12     <ph:ProfileHandler xsi:type="ph:Status">
13         <ph:RequestPath>/Status</ph:RequestPath>
14     </ph:ProfileHandler>
15     
16     <ph:ProfileHandler xsi:type="ph:SAMLMetadata" metadataFile="$IDP_HOME$/metadata/idp-metadata.xml">
17         <ph:RequestPath>/Metadata/SAML</ph:RequestPath>
18     </ph:ProfileHandler>    
19
20     <ph:ProfileHandler xsi:type="ph:ShibbolethSSO" inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post                                                  urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
21         <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
22     </ph:ProfileHandler>
23     
24     <ph:ProfileHandler xsi:type="ph:SAML1AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
25         <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
26     </ph:ProfileHandler>
27     
28     <ph:ProfileHandler xsi:type="ph:SAML1ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
29         <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
30     </ph:ProfileHandler>
31     
32     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
33         <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
34     </ph:ProfileHandler>
35
36     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
37         <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
38     </ph:ProfileHandler>
39
40     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
41         <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
42     </ph:ProfileHandler>
43
44     <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
45                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
46                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect">
47         <ph:RequestPath>/SAML2/Redirect/SLO</ph:RequestPath>
48     </ph:ProfileHandler>
49
50     <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
51                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
52                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST">
53         <ph:RequestPath>/SAML2/POST/SLO</ph:RequestPath>
54     </ph:ProfileHandler>
55
56     <ph:ProfileHandler xsi:type="ph:SAML2SLO" 
57                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
58                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
59         <ph:RequestPath>/SAML2/SOAP/SLO</ph:RequestPath>
60     </ph:ProfileHandler>
61     
62     <ph:ProfileHandler xsi:type="ph:SAML2SSO"
63                     inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest"
64                     outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
65                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
66                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
67
68     <ph:ProfileHandler xsi:type="ph:SAML2SSO" inboundBinding="urn:mace:shibboleth:2.0:profiles:AuthnRequest" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST                                                  urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
69         <ph:RequestPath>/SAML2/Unsolicited/SSO</ph:RequestPath>
70     </ph:ProfileHandler>
71
72     <ph:ProfileHandler xsi:type="ph:SAML2ECP" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
73         <ph:RequestPath>/SAML2/SOAP/ECP</ph:RequestPath>
74     </ph:ProfileHandler>
75
76     <ph:ProfileHandler xsi:type="ph:SAML2AttributeQuery" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
77         <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
78     </ph:ProfileHandler>
79     
80     <ph:ProfileHandler xsi:type="ph:SAML2ArtifactResolution" inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
81         <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
82     </ph:ProfileHandler>
83     
84     <!-- Login Handlers -->
85     <ph:LoginHandler xsi:type="ph:RemoteUser">
86         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
87     </ph:LoginHandler>
88     
89     <!-- Login handler that delegates the act of authentication to an external system. -->
90     <!-- This login handler and the RemoteUser login handler will be merged in the next major release. -->
91     <!--
92     <ph:LoginHandler xsi:type="ph:ExternalAuthn">
93         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
94         <ph:QueryParam name="foo" value="bar" />
95     </ph:LoginHandler>
96     -->
97     
98     <!--  Username/password login handler -->
99     <!-- 
100     <ph:LoginHandler xsi:type="ph:UsernamePassword" 
101                   jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
102         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
103     </ph:LoginHandler>
104     -->
105     
106     <!-- 
107         Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
108         on every request.
109     -->
110     <ph:LoginHandler xsi:type="ph:PreviousSession">
111         <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
112     </ph:LoginHandler>
113
114 </ph:ProfileHandlerGroup>