There is no context listener in the IdP any more.
[java-idp.git] / webAppConfig / IdP-SP.xml
1 <?xml version="1.0" encoding="ISO-8859-1"?>
2
3 <!DOCTYPE web-app
4     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
5     "http://java.sun.com/dtd/web-app_2_3.dtd">
6
7 <!--  A Servlet deployment descriptor (WEB-INF/web.xml) file
8         defining Servlets, Filters, and Listeners for a /shibboleth
9         context containing both an IdP and an SP.  
10 -->
11
12 <web-app>
13
14         <display-name>Shibboleth</display-name>
15         
16         <context-param>
17                 <param-name>IdPConfigFile</param-name>
18                 <param-value>/conf/IdP.xml</param-value>
19         </context-param>
20
21         <context-param>
22                 <param-name>ServiceProviderConfigFile</param-name>
23                 <param-value>/conf/SP.xml</param-value>
24         </context-param>
25
26         <filter>
27                 <!-- Gather log data in a per-request in memory buffer
28                          Requires /showlog Servlet to return log data to client
29                 -->
30                 <filter-name>RequestLogFilter</filter-name>
31                 <filter-class>
32                         edu.internet2.middleware.commons.log4j.RequestLoggingFilter
33                 </filter-class>
34         </filter>
35
36         <filter>
37                 <!-- You must create an instance of the Filter class in
38                          the /shibboleth application context to allow Filter-Support
39                          communication to other applications. 
40                          -->
41                 <filter-name>ShibFilter</filter-name>
42                 <filter-class>
43                         edu.internet2.middleware.shibboleth.resource.AuthenticationFilter
44                 </filter-class>
45         </filter>
46
47         <!-- Attach per-request in memory log data gathering to the 
48                  processing of the POST through the AssertionConsumer.
49         -->
50         <filter-mapping>
51                 <filter-name>RequestLogFilter</filter-name>
52                 <servlet-name>AssertionConsumer</servlet-name>
53         </filter-mapping>
54
55         <!-- Servlets for Shibboleth/SAML Protocol endpoints -->
56         <servlet>
57                 <!-- All IdP Services -->
58                 <servlet-name>IdP</servlet-name>
59                 <display-name>Shibboleth Identity Provider</display-name>
60                 <servlet-class>
61                         edu.internet2.middleware.shibboleth.idp.IdPResponder
62                 </servlet-class>
63         </servlet>
64         <servlet>
65                 <!--  SP Assertion Consumer -->
66                 <servlet-name>AssertionConsumer</servlet-name>
67                 <display-name>Authentication Assertion Consumer</display-name>
68                 <servlet-class>
69                         edu.internet2.middleware.shibboleth.serviceprovider.AuthenticationAssertionConsumerServlet
70                 </servlet-class>
71                 <load-on-startup>1</load-on-startup>
72         </servlet>
73
74         <!-- Servlets for administrative functions -->
75         <servlet>
76                 <!-- Display in memory log data from the previous request
77                         from the same Browser. 
78                         Requires the RequestLogFilter to be installed and mapped. 
79                 -->
80                 <servlet-name>ShowLog</servlet-name>
81                 <display-name>Return log data</display-name>
82                 <servlet-class>
83                         edu.internet2.middleware.commons.log4j.ShowLog
84                 </servlet-class>
85         </servlet>
86
87         <!--  Mapping for SAML/Shibboleth protocol endpoints -->
88         <servlet-mapping>
89                 <servlet-name>IdP</servlet-name>
90                 <url-pattern>/SSO</url-pattern>
91         </servlet-mapping>
92         <servlet-mapping>
93                 <servlet-name>IdP</servlet-name>
94                 <url-pattern>/AA</url-pattern>
95         </servlet-mapping>
96         <servlet-mapping>
97                 <servlet-name>IdP</servlet-name>
98                 <url-pattern>/Artifact</url-pattern>
99         </servlet-mapping>
100         
101         <servlet-mapping>
102                 <servlet-name>AssertionConsumer</servlet-name>
103                 <url-pattern>*.shire</url-pattern>
104         </servlet-mapping>
105
106         <!-- Mapping for administrative functions -->
107         <servlet-mapping>
108                 <servlet-name>ShowLog</servlet-name>
109                 <url-pattern>/showlog</url-pattern>
110         </servlet-mapping>
111
112         <mime-mapping>
113                 <extension>css</extension>
114                 <mime-type>text/css</mime-type>
115         </mime-mapping>
116         
117         
118 <!-- For testing, without a real institutional Single Signon,
119          use the Tomcat support to require Basic Authentication
120          (against user names and passwords configured in the
121          {tomcat}/conf/tomcat-users file) when the user arrives at
122          the IdP SSO Servlet URL.
123 -->     
124         <security-constraint>
125                 <web-resource-collection>
126                         <web-resource-name>IdP SSO Endpoint URL suffix</web-resource-name>
127                         <url-pattern>/SSO</url-pattern>
128                 </web-resource-collection>
129                 <auth-constraint>
130                         <role-name>user</role-name>
131                 </auth-constraint>
132         </security-constraint>
133         <!-- Define the Login Configuration for this Application -->
134         <login-config>
135                 <auth-method>BASIC</auth-method>
136         </login-config>
137         <security-role>
138                 <description>group of users</description>
139                 <role-name>user</role-name>
140         </security-role>
141 </web-app>