Set new config files
[java-idp.git] / webAppConfig / IdP-SP.xml
1 <?xml version="1.0" encoding="ISO-8859-1"?>
2
3 <!DOCTYPE web-app
4     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
5     "http://java.sun.com/dtd/web-app_2_3.dtd">
6
7 <!--  A Servlet deployment descriptor (WEB-INF/web.xml) file
8         defining Servlets, Filters, and Listeners for a /shibboleth
9         context containing both an IdP and an SP  -->
10
11 <web-app>
12         <display-name>Shibboleth</display-name>
13         <context-param>
14                 <param-name>OriginConfigFile</param-name>
15                 <param-value>/conf/IdP.xml</param-value>
16         </context-param>
17
18         <context-param>
19                 <param-name>ServiceProviderConfigFile</param-name>
20                 <param-value>/conf/SP.xml</param-value>
21         </context-param>
22
23         <filter>
24                 <!--  Filter used if per-request thread local logging will
25                         be enabled for this context -->
26                 <filter-name>RequestLogFilter</filter-name>
27                 <filter-class>
28                         edu.internet2.middleware.commons.log4j.RequestLoggingFilter
29                 </filter-class>
30         </filter>
31
32         <filter>
33                 <!--  The /shibboleth context is not currently a meaningful
34                         resource. However, there is an intent to expose
35                         administrative pages and to restrict access to them
36                         through Shibboleth. -->
37                 <filter-name>ShibFilter</filter-name>
38                 <filter-class>
39                         edu.internet2.middleware.shibboleth.resource.AuthenticationFilter
40                 </filter-class>
41                 <init-param>
42                         <param-name>shireURL</param-name>
43                         <param-value>
44                                 http://shibdev.sample.edu:8080/shibboleth/Shibboleth.shire
45                         </param-value>
46                 </init-param>
47                 <init-param>
48                         <param-name>wayfURL</param-name>
49                         <param-value>/shibboleth/HS</param-value>
50                 </init-param>
51                 <init-param>
52                         <param-name>providerId</param-name>
53                         <param-value>
54                                 http://shibdev.sample.edu/shibboleth
55                         </param-value>
56                 </init-param>
57                 <init-param>
58                         <param-name>requireId</param-name>
59                         <param-value>*/text.txt</param-value>
60                 </init-param>
61         </filter>
62
63         <!--  Put your own Web-ISO Filter here. This Filter will be mapped
64                 to front-end the IdP login Servlet -->
65         <!--  CAS Example       
66                 <filter>
67                 <filter-name>CAS Filter</filter-name>
68                 <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
69                 <init-param>
70                 <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
71                 <param-value>https://secure.its.yale.edu/cas/login</param-value>
72                 </init-param>
73                 <init-param>
74                 <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
75                 <param-value>https://secure.its.yale.edu/cas/serviceValidate</param-value>
76                 </init-param>
77                 <init-param>
78                 <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
79                 <param-value>shibdev.sample.edu:8080</param-value>
80                 </init-param>
81                 <init-param>
82                 <param-name>edu.yale.its.tp.cas.client.filter.wrapRequest</param-name>
83                 <param-value>true</param-value>
84                 </init-param>
85                 </filter>
86         -->
87         <!--  Frontend the IdP SSO Servlet with the institution's
88                 locally selected WebISO Filter. -->
89         <!--  CAS Example               
90                 <filter-mapping>
91                 <filter-name>CAS Filter</filter-name>
92                 <servlet-name>HS</servlet-name>
93                 </filter-mapping>
94         -->
95
96
97         <!-- Frontend any protocol endpoints with the RequestLogFilter
98                 if you want to gather per-request thread local log data
99                 for subsequent request failure diagnosis. Note that 
100                 this will only gather data if the Log4J configuration
101                 in effect for the request processing includes the
102                 ThreadLocal Appender. -->
103         <filter-mapping>
104                 <filter-name>RequestLogFilter</filter-name>
105                 <servlet-name>AssertionConsumer</servlet-name>
106         </filter-mapping>
107
108
109         <listener>
110                 <listener-class>
111                         edu.internet2.middleware.shibboleth.log.LoggingContextListener
112                 </listener-class>
113         </listener>
114
115         <!-- Servlets for Shibboleth/SAML Protocol endpoints -->
116         <servlet>
117                 <!-- IdP SSO  -->
118                 <servlet-name>HS</servlet-name>
119                 <display-name>Shibboleth Handle Service</display-name>
120                 <servlet-class>
121                         edu.internet2.middleware.shibboleth.hs.HandleServlet
122                 </servlet-class>
123         </servlet>
124         <servlet>
125                 <!--  IdP AttributeAuthority -->
126                 <servlet-name>AA</servlet-name>
127                 <display-name>Shibboleth Attribute Authority</display-name>
128                 <servlet-class>
129                         edu.internet2.middleware.shibboleth.aa.AAServlet
130                 </servlet-class>
131         </servlet>
132         <servlet>
133                 <!--  SP Assertion Consumer -->
134                 <servlet-name>AssertionConsumer</servlet-name>
135                 <display-name>Authentication Assertion Consumer</display-name>
136                 <servlet-class>
137                         edu.internet2.middleware.shibboleth.serviceprovider.AuthenticationAssertionConsumerServlet
138                 </servlet-class>
139                 <load-on-startup>1</load-on-startup>
140         </servlet>
141
142         <!-- Servlets for administrative functions -->
143         <servlet>
144                 <!-- Display the Request thread local log data
145                         This Servlet should not be mapped if the RequestLogFilter
146                         was not installed previously -->
147                 <servlet-name>ShowLog</servlet-name>
148                 <display-name>Return log data</display-name>
149                 <servlet-class>
150                         edu.internet2.middleware.commons.log4j.ShowLog
151                 </servlet-class>
152         </servlet>
153
154         <!--  Mapping for SAML/Shibboleth protocol endpoints -->
155         <servlet-mapping>
156                 <servlet-name>HS</servlet-name>
157                 <url-pattern>/HS</url-pattern>
158         </servlet-mapping>
159         <servlet-mapping>
160                 <servlet-name>AA</servlet-name>
161                 <url-pattern>/AA</url-pattern>
162         </servlet-mapping>
163         <servlet-mapping>
164                 <servlet-name>AssertionConsumer</servlet-name>
165                 <url-pattern>*.SHIRE</url-pattern>
166         </servlet-mapping>
167
168         <!-- Mapping for administrative functions -->
169         <servlet-mapping>
170                 <servlet-name>ShowLog</servlet-name>
171                 <url-pattern>/showlog</url-pattern>
172         </servlet-mapping>
173
174         <mime-mapping>
175                 <extension>css</extension>
176                 <mime-type>text/css</mime-type>
177         </mime-mapping>
178 </web-app>