webAppConfig/IdP-SP.xml

   1 <?xml version="1.0" encoding="ISO-8859-1"?>
   2
   3 <!DOCTYPE web-app
   4     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
   5     "http://java.sun.com/dtd/web-app_2_3.dtd">
   6
   7 <!--  A Servlet deployment descriptor (WEB-INF/web.xml) file
   8         defining Servlets, Filters, and Listeners for a /shibboleth
   9         context containing both an IdP and an SP  -->
  10
  11 <web-app>
  12         <display-name>Shibboleth</display-name>
  13         <context-param>
  14                 <param-name>OriginConfigFile</param-name>
  15                 <param-value>/conf/IdP.xml</param-value>
  16         </context-param>
  17
  18         <context-param>
  19                 <param-name>ServiceProviderConfigFile</param-name>
  20                 <param-value>/conf/SP.xml</param-value>
  21         </context-param>
  22
  23         <filter>
  24                 <!--  Filter used if per-request thread local logging will
  25                         be enabled for this context -->
  26                 <filter-name>RequestLogFilter</filter-name>
  27                 <filter-class>
  28                         edu.internet2.middleware.commons.log4j.RequestLoggingFilter
  29                 </filter-class>
  30         </filter>
  31
  32         <filter>
  33                 <!--  The /shibboleth context is not currently a meaningful
  34                         resource. However, there is an intent to expose
  35                         administrative pages and to restrict access to them
  36                         through Shibboleth. -->
  37                 <filter-name>ShibFilter</filter-name>
  38                 <filter-class>
  39                         edu.internet2.middleware.shibboleth.resource.AuthenticationFilter
  40                 </filter-class>
  41                 <init-param>
  42                         <param-name>shireURL</param-name>
  43                         <param-value>
  44                                 http://shibdev.sample.edu:8080/shibboleth/Shibboleth.shire
  45                         </param-value>
  46                 </init-param>
  47                 <init-param>
  48                         <param-name>wayfURL</param-name>
  49                         <param-value>/shibboleth/HS</param-value>
  50                 </init-param>
  51                 <init-param>
  52                         <param-name>providerId</param-name>
  53                         <param-value>
  54                                 http://shibdev.sample.edu/shibboleth
  55                         </param-value>
  56                 </init-param>
  57                 <init-param>
  58                         <param-name>requireId</param-name>
  59                         <param-value>*/text.txt</param-value>
  60                 </init-param>
  61         </filter>
  62
  63         <!--  Put your own Web-ISO Filter here. This Filter will be mapped
  64                 to front-end the IdP login Servlet -->
  65         <!--  CAS Example
  66                 <filter>
  67                 <filter-name>CAS Filter</filter-name>
  68                 <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
  69                 <init-param>
  70                 <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
  71                 <param-value>https://secure.its.yale.edu/cas/login</param-value>
  72                 </init-param>
  73                 <init-param>
  74                 <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
  75                 <param-value>https://secure.its.yale.edu/cas/serviceValidate</param-value>
  76                 </init-param>
  77                 <init-param>
  78                 <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
  79                 <param-value>shibdev.sample.edu:8080</param-value>
  80                 </init-param>
  81                 <init-param>
  82                 <param-name>edu.yale.its.tp.cas.client.filter.wrapRequest</param-name>
  83                 <param-value>true</param-value>
  84                 </init-param>
  85                 </filter>
  86         -->
  87         <!--  Frontend the IdP SSO Servlet with the institution's
  88                 locally selected WebISO Filter. -->
  89         <!--  CAS Example
  90                 <filter-mapping>
  91                 <filter-name>CAS Filter</filter-name>
  92                 <servlet-name>HS</servlet-name>
  93                 </filter-mapping>
  94         -->
  95
  96
  97         <!-- Frontend any protocol endpoints with the RequestLogFilter
  98                 if you want to gather per-request thread local log data
  99                 for subsequent request failure diagnosis. Note that
 100                 this will only gather data if the Log4J configuration
 101                 in effect for the request processing includes the
 102                 ThreadLocal Appender. -->
 103         <filter-mapping>
 104                 <filter-name>RequestLogFilter</filter-name>
 105                 <servlet-name>AssertionConsumer</servlet-name>
 106         </filter-mapping>
 107
 108
 109         <listener>
 110                 <listener-class>
 111                         edu.internet2.middleware.shibboleth.log.LoggingContextListener
 112                 </listener-class>
 113         </listener>
 114
 115         <!-- Servlets for Shibboleth/SAML Protocol endpoints -->
 116         <servlet>
 117                 <!-- IdP SSO  -->
 118                 <servlet-name>HS</servlet-name>
 119                 <display-name>Shibboleth Handle Service</display-name>
 120                 <servlet-class>
 121                         edu.internet2.middleware.shibboleth.hs.HandleServlet
 122                 </servlet-class>
 123         </servlet>
 124         <servlet>
 125                 <!--  IdP AttributeAuthority -->
 126                 <servlet-name>AA</servlet-name>
 127                 <display-name>Shibboleth Attribute Authority</display-name>
 128                 <servlet-class>
 129                         edu.internet2.middleware.shibboleth.aa.AAServlet
 130                 </servlet-class>
 131         </servlet>
 132         <servlet>
 133                 <!--  SP Assertion Consumer -->
 134                 <servlet-name>AssertionConsumer</servlet-name>
 135                 <display-name>Authentication Assertion Consumer</display-name>
 136                 <servlet-class>
 137                         edu.internet2.middleware.shibboleth.serviceprovider.AuthenticationAssertionConsumerServlet
 138                 </servlet-class>
 139                 <load-on-startup>1</load-on-startup>
 140         </servlet>
 141
 142         <!-- Servlets for administrative functions -->
 143         <servlet>
 144                 <!-- Display the Request thread local log data
 145                         This Servlet should not be mapped if the RequestLogFilter
 146                         was not installed previously -->
 147                 <servlet-name>ShowLog</servlet-name>
 148                 <display-name>Return log data</display-name>
 149                 <servlet-class>
 150                         edu.internet2.middleware.commons.log4j.ShowLog
 151                 </servlet-class>
 152         </servlet>
 153
 154         <!--  Mapping for SAML/Shibboleth protocol endpoints -->
 155         <servlet-mapping>
 156                 <servlet-name>HS</servlet-name>
 157                 <url-pattern>/HS</url-pattern>
 158         </servlet-mapping>
 159         <servlet-mapping>
 160                 <servlet-name>AA</servlet-name>
 161                 <url-pattern>/AA</url-pattern>
 162         </servlet-mapping>
 163         <servlet-mapping>
 164                 <servlet-name>AssertionConsumer</servlet-name>
 165                 <url-pattern>*.SHIRE</url-pattern>
 166         </servlet-mapping>
 167
 168         <!-- Mapping for administrative functions -->
 169         <servlet-mapping>
 170                 <servlet-name>ShowLog</servlet-name>
 171                 <url-pattern>/showlog</url-pattern>
 172         </servlet-mapping>
 173
 174         <mime-mapping>
 175                 <extension>css</extension>
 176                 <mime-type>text/css</mime-type>
 177         </mime-mapping>
 178 </web-app>