Add all unit tests to ant task.

[java-idp.git] / webAppConfig / IdP-SP.xml

<?xml version="1.0" encoding="ISO-8859-1"?>

<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<!--  A Servlet deployment descriptor (WEB-INF/web.xml) file
        defining Servlets, Filters, and Listeners for a /shibboleth
        context containing both an IdP and an SP.  
-->

<web-app>

        <display-name>Shibboleth</display-name>
        
        <context-param>
                <param-name>IdPConfigFile</param-name>
                <param-value>/conf/IdP.xml</param-value>
        </context-param>

        <context-param>
                <param-name>ServiceProviderConfigFile</param-name>
                <param-value>/conf/SP.xml</param-value>
        </context-param>

        <filter>
                <!-- Gather log data in a per-request in memory buffer
                         Requires /showlog Servlet to return log data to client
                -->
                <filter-name>RequestLogFilter</filter-name>
                <filter-class>
                        edu.internet2.middleware.commons.log4j.RequestLoggingFilter
                </filter-class>
        </filter>

        <filter>
                <!-- You must create an instance of the Filter class in
                         the /shibboleth application context to allow Filter-Support
                         communication to other applications. 
                         -->
                <filter-name>ShibFilter</filter-name>
                <filter-class>
                        edu.internet2.middleware.shibboleth.resource.AuthenticationFilter
                </filter-class>
        </filter>

        <!-- Attach per-request in memory log data gathering to the 
                 processing of the POST through the AssertionConsumer.
        -->
        <filter-mapping>
                <filter-name>RequestLogFilter</filter-name>
                <servlet-name>AssertionConsumer</servlet-name>
        </filter-mapping>

        <!-- The IdP context initialization -->
        <listener>
                <listener-class>
                        edu.internet2.middleware.shibboleth.log.LoggingContextListener
                </listener-class>
        </listener>

        <!-- Servlets for Shibboleth/SAML Protocol endpoints -->
        <servlet>
                <!-- All IdP Services -->
                <servlet-name>IdP</servlet-name>
                <display-name>Shibboleth Identity Provider</display-name>
                <servlet-class>
                        edu.internet2.middleware.shibboleth.idp.IdPResponder
                </servlet-class>
        </servlet>
        <servlet>
                <!--  SP Assertion Consumer -->
                <servlet-name>AssertionConsumer</servlet-name>
                <display-name>Authentication Assertion Consumer</display-name>
                <servlet-class>
                        edu.internet2.middleware.shibboleth.serviceprovider.AuthenticationAssertionConsumerServlet
                </servlet-class>
                <load-on-startup>1</load-on-startup>
        </servlet>

        <!-- Servlets for administrative functions -->
        <servlet>
                <!-- Display in memory log data from the previous request
                        from the same Browser. 
                        Requires the RequestLogFilter to be installed and mapped. 
                -->
                <servlet-name>ShowLog</servlet-name>
                <display-name>Return log data</display-name>
                <servlet-class>
                        edu.internet2.middleware.commons.log4j.ShowLog
                </servlet-class>
        </servlet>

        <!--  Mapping for SAML/Shibboleth protocol endpoints -->
        <servlet-mapping>
                <servlet-name>IdP</servlet-name>
                <url-pattern>/SSO</url-pattern>
        </servlet-mapping>
        <servlet-mapping>
                <servlet-name>IdP</servlet-name>
                <url-pattern>/AA</url-pattern>
        </servlet-mapping>
        <servlet-mapping>
                <servlet-name>IdP</servlet-name>
                <url-pattern>/Artifact</url-pattern>
        </servlet-mapping>
        
        <servlet-mapping>
                <servlet-name>AssertionConsumer</servlet-name>
                <url-pattern>*.shire</url-pattern>
        </servlet-mapping>

        <!-- Mapping for administrative functions -->
        <servlet-mapping>
                <servlet-name>ShowLog</servlet-name>
                <url-pattern>/showlog</url-pattern>
        </servlet-mapping>

        <mime-mapping>
                <extension>css</extension>
                <mime-type>text/css</mime-type>
        </mime-mapping>
        
        
<!-- For testing, without a real institutional Single Signon,
         use the Tomcat support to require Basic Authentication
         (against user names and passwords configured in the
         {tomcat}/conf/tomcat-users file) when the user arrives at
         the IdP SSO Servlet URL.
-->     
        <security-constraint>
                <web-resource-collection>
                        <web-resource-name>IdP SSO Endpoint URL suffix</web-resource-name>
                        <url-pattern>/SSO</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <role-name>user</role-name>
                </auth-constraint>
        </security-constraint>
        <!-- Define the Login Configuration for this Application -->
        <login-config>
                <auth-method>BASIC</auth-method>
        </login-config>
        <security-role>
                <description>group of users</description>
                <role-name>user</role-name>
        </security-role>
</web-app>