1 <?xml version="1.0" encoding="ISO-8859-1"?>
4 PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
5 "http://java.sun.com/dtd/web-app_2_3.dtd">
7 <!-- A Servlet deployment descriptor (WEB-INF/web.xml) file
8 defining Servlets, Filters, and Listeners for a /shibboleth
9 context containing both an IdP and an SP.
14 <display-name>Shibboleth</display-name>
17 <param-name>IdPConfigFile</param-name>
18 <param-value>/conf/IdP.xml</param-value>
22 <param-name>ServiceProviderConfigFile</param-name>
23 <param-value>/conf/SP.xml</param-value>
27 <!-- Gather log data in a per-request in memory buffer
28 Requires /showlog Servlet to return log data to client
30 <filter-name>RequestLogFilter</filter-name>
32 edu.internet2.middleware.commons.log4j.RequestLoggingFilter
37 <!-- You must create an instance of the Filter class in
38 the /shibboleth application context to allow Filter-Support
39 communication to other applications.
41 <filter-name>ShibFilter</filter-name>
43 edu.internet2.middleware.shibboleth.resource.AuthenticationFilter
47 <!-- Attach per-request in memory log data gathering to the
48 processing of the POST through the AssertionConsumer.
51 <filter-name>RequestLogFilter</filter-name>
52 <servlet-name>AssertionConsumer</servlet-name>
55 <!-- The IdP context initialization -->
58 edu.internet2.middleware.shibboleth.log.LoggingContextListener
62 <!-- Servlets for Shibboleth/SAML Protocol endpoints -->
64 <!-- All IdP Services -->
65 <servlet-name>IdP</servlet-name>
66 <display-name>Shibboleth Identity Provider</display-name>
68 edu.internet2.middleware.shibboleth.idp.IdPResponder
72 <!-- SP Assertion Consumer -->
73 <servlet-name>AssertionConsumer</servlet-name>
74 <display-name>Authentication Assertion Consumer</display-name>
76 edu.internet2.middleware.shibboleth.serviceprovider.AuthenticationAssertionConsumerServlet
78 <load-on-startup>1</load-on-startup>
81 <!-- Servlets for administrative functions -->
83 <!-- Display in memory log data from the previous request
84 from the same Browser.
85 Requires the RequestLogFilter to be installed and mapped.
87 <servlet-name>ShowLog</servlet-name>
88 <display-name>Return log data</display-name>
90 edu.internet2.middleware.commons.log4j.ShowLog
94 <!-- Mapping for SAML/Shibboleth protocol endpoints -->
96 <servlet-name>IdP</servlet-name>
97 <url-pattern>/SSO</url-pattern>
100 <servlet-name>IdP</servlet-name>
101 <url-pattern>/AA</url-pattern>
104 <servlet-name>IdP</servlet-name>
105 <url-pattern>/Artifact</url-pattern>
109 <servlet-name>AssertionConsumer</servlet-name>
110 <url-pattern>*.shire</url-pattern>
113 <!-- Mapping for administrative functions -->
115 <servlet-name>ShowLog</servlet-name>
116 <url-pattern>/showlog</url-pattern>
120 <extension>css</extension>
121 <mime-type>text/css</mime-type>
125 <!-- For testing, without a real institutional Single Signon,
126 use the Tomcat support to require Basic Authentication
127 (against user names and passwords configured in the
128 {tomcat}/conf/tomcat-users file) when the user arrives at
129 the IdP SSO Servlet URL.
131 <security-constraint>
132 <web-resource-collection>
133 <web-resource-name>IdP SSO Endpoint URL suffix</web-resource-name>
134 <url-pattern>/SSO</url-pattern>
135 </web-resource-collection>
137 <role-name>user</role-name>
139 </security-constraint>
140 <!-- Define the Login Configuration for this Application -->
142 <auth-method>BASIC</auth-method>
145 <description>group of users</description>
146 <role-name>user</role-name>