4b2e81f1c53e6397e750d82588966d4ada891f71
[java-idp.git] / src / main / webapp / WEB-INF / web.xml
1 <?xml version="1.0" encoding="UTF-8"?>
2
3 <web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4     xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
5     version="2.4">
6
7     <display-name>Shibboleth Identity Provider</display-name>
8
9     <!--
10         Spring 2.0 application context files.  Files are loaded in the order they appear with subsequent files 
11         overwriting same named beans in previous files.
12     -->
13     <context-param>
14         <param-name>contextConfigLocation</param-name>
15         <param-value>$IDP_HOME$/conf/internal.xml; $IDP_HOME$/conf/service.xml;</param-value>
16     </context-param>
17
18     <!-- Spring 2.0 listener used to load up the configuration -->
19     <listener>
20         <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
21     </listener>
22
23     <!--  Add IdP Session object to incoming profile requests -->
24     <filter>
25         <filter-name>IdPSessionFilter</filter-name>
26         <filter-class>edu.internet2.middleware.shibboleth.idp.session.IdPSessionFilter</filter-class>
27     </filter>
28     
29     <filter-mapping>
30         <filter-name>IdPSessionFilter</filter-name>
31         <url-pattern>/profile/*</url-pattern>
32     </filter-mapping>
33
34     <!-- Profile Request Dispatcher -->
35     <servlet>
36         <servlet-name>ProfileRequestDispatcher</servlet-name>
37         <servlet-class>edu.internet2.middleware.shibboleth.common.profile.ProfileRequestDispatcherServlet</servlet-class>
38     </servlet>
39
40     <servlet-mapping>
41         <servlet-name>ProfileRequestDispatcher</servlet-name>
42         <url-pattern>/profile/*</url-pattern>
43     </servlet-mapping>
44
45     <!-- Authentication Engine Entry Point -->
46     <servlet>
47         <servlet-name>AuthenticationEngine</servlet-name>
48         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.AuthenticationEngine</servlet-class>
49     </servlet>
50
51     <servlet-mapping>
52         <servlet-name>AuthenticationEngine</servlet-name>
53         <url-pattern>/AuthnEngine</url-pattern>
54     </servlet-mapping>
55
56     <!-- Servlet protected by container user for RemoteUser authentication -->
57     <servlet>
58         <servlet-name>RemoteUserAuthHandler</servlet-name>
59         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.RemoteUserAuthServlet</servlet-class>
60     </servlet>
61
62     <servlet-mapping>
63         <servlet-name>RemoteUserAuthHandler</servlet-name>
64         <url-pattern>/Authn/RemoteUser</url-pattern>
65     </servlet-mapping>
66     
67     <!-- Servlet for doing Username/Password authentication -->
68     <servlet>
69         <servlet-name>UsernamePasswordAuthHandler</servlet-name>
70         <servlet-class>edu.internet2.middleware.shibboleth.idp.authn.provider.UsernamePasswordLoginServlet</servlet-class>
71     </servlet>
72
73     <servlet-mapping>
74         <servlet-name>UsernamePasswordAuthHandler</servlet-name>
75         <url-pattern>/Authn/UserPassword</url-pattern>
76     </servlet-mapping>
77     
78     <error-page>
79         <error-code>500</error-code>
80         <location>/error.jsp</location>
81     </error-page>
82     
83     <error-page>
84         <error-code>404</error-code>
85         <location>/error-404.jsp</location>
86     </error-page>
87
88 <!-- Uncomment to use container managed authentication -->
89 <!--
90     <security-constraint>
91         <display-name>Shibboleth IdP</display-name>
92         <web-resource-collection>
93             <web-resource-name>user authentication</web-resource-name>
94             <url-pattern>/Authn/RemoteUser</url-pattern>
95             <http-method>GET</http-method>
96             <http-method>POST</http-method>
97         </web-resource-collection>
98         <auth-constraint> 
99             <role-name>users</role-name> 
100         </auth-constraint>
101         <user-data-constraint>
102             <transport-guarantee>CONFIDENTIAL</transport-guarantee>
103         </user-data-constraint>
104     </security-constraint>
105     
106     <security-role>
107       <role-name>user</role-name>
108     </security-role> 
109 -->
110
111 <!-- Uncomment if you want BASIC auth managed by the container -->
112 <!--
113     <login-config>
114       <auth-method>BASIC</auth-method>
115       <realm-name>IdP Password Authentication</realm-name>
116     </login-config>
117 -->
118
119 <!-- Uncomment if you want form-based auth managed by the container -->
120 <!--
121     <login-config>
122         <auth-method>FORM</auth-method>
123         <realm-name>IdP Password Authentication</realm-name>
124         <form-login-config>
125             <form-login-page>/login.jsp</form-login-page>
126             <form-error-page>/login-error.jsp</form-error-page>
127         </form-login-config>
128     </login-config>
129 -->
130
131 </web-app>