Refine comments
[java-idp.git] / webAppConfig / IdP-SP.xml
1 <?xml version="1.0" encoding="ISO-8859-1"?>
2
3 <!DOCTYPE web-app
4     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
5     "http://java.sun.com/dtd/web-app_2_3.dtd">
6
7 <!--  A Servlet deployment descriptor (WEB-INF/web.xml) file
8         defining Servlets, Filters, and Listeners for a /shibboleth
9         context containing both an IdP and an SP.  
10 -->
11
12 <web-app>
13
14         <display-name>Shibboleth</display-name>
15         
16         <context-param>
17                 <param-name>OriginConfigFile</param-name>
18                 <param-value>/conf/IdP.xml</param-value>
19         </context-param>
20
21         <context-param>
22                 <param-name>ServiceProviderConfigFile</param-name>
23                 <param-value>/conf/SP.xml</param-value>
24         </context-param>
25
26         <filter>
27                 <!-- Gather log data in a per-request in memory buffer
28                          Requires /showlog Servlet to return log data to client
29                 -->
30                 <filter-name>RequestLogFilter</filter-name>
31                 <filter-class>
32                         edu.internet2.middleware.commons.log4j.RequestLoggingFilter
33                 </filter-class>
34         </filter>
35
36         <filter>
37                 <!-- You must create an instance of the Filter class in
38                          the /shibboleth application context to allow Filter-Support
39                          communication to other applications. 
40                          -->
41                 <filter-name>ShibFilter</filter-name>
42                 <filter-class>
43                         edu.internet2.middleware.shibboleth.resource.AuthenticationFilter
44                 </filter-class>
45         </filter>
46
47         <!-- Attach per-request in memory log data gathering to the 
48                  processing of the POST through the AssertionConsumer.
49         -->
50         <filter-mapping>
51                 <filter-name>RequestLogFilter</filter-name>
52                 <servlet-name>AssertionConsumer</servlet-name>
53         </filter-mapping>
54
55         <!-- The IdP context initialization -->
56         <listener>
57                 <listener-class>
58                         edu.internet2.middleware.shibboleth.log.LoggingContextListener
59                 </listener-class>
60         </listener>
61
62         <!-- Servlets for Shibboleth/SAML Protocol endpoints -->
63         <servlet>
64                 <!-- All IdP Services -->
65                 <servlet-name>IdP</servlet-name>
66                 <display-name>Shibboleth Identity Provider</display-name>
67                 <servlet-class>
68                         edu.internet2.middleware.shibboleth.idp.IdPResponder
69                 </servlet-class>
70         </servlet>
71         <servlet>
72                 <!--  SP Assertion Consumer -->
73                 <servlet-name>AssertionConsumer</servlet-name>
74                 <display-name>Authentication Assertion Consumer</display-name>
75                 <servlet-class>
76                         edu.internet2.middleware.shibboleth.serviceprovider.AuthenticationAssertionConsumerServlet
77                 </servlet-class>
78                 <load-on-startup>1</load-on-startup>
79         </servlet>
80
81         <!-- Servlets for administrative functions -->
82         <servlet>
83                 <!-- Display in memory log data from the previous request
84                         from the same Browser. 
85                         Requires the RequestLogFilter to be installed and mapped. 
86                 -->
87                 <servlet-name>ShowLog</servlet-name>
88                 <display-name>Return log data</display-name>
89                 <servlet-class>
90                         edu.internet2.middleware.commons.log4j.ShowLog
91                 </servlet-class>
92         </servlet>
93
94         <!--  Mapping for SAML/Shibboleth protocol endpoints -->
95         <servlet-mapping>
96                 <servlet-name>IdP</servlet-name>
97                 <url-pattern>/SSO</url-pattern>
98         </servlet-mapping>
99         <servlet-mapping>
100                 <servlet-name>IdP</servlet-name>
101                 <url-pattern>/AA</url-pattern>
102         </servlet-mapping>
103         <servlet-mapping>
104                 <servlet-name>IdP</servlet-name>
105                 <url-pattern>/Artifact</url-pattern>
106         </servlet-mapping>
107         
108         <servlet-mapping>
109                 <servlet-name>AssertionConsumer</servlet-name>
110                 <url-pattern>*.shire</url-pattern>
111         </servlet-mapping>
112
113         <!-- Mapping for administrative functions -->
114         <servlet-mapping>
115                 <servlet-name>ShowLog</servlet-name>
116                 <url-pattern>/showlog</url-pattern>
117         </servlet-mapping>
118
119         <mime-mapping>
120                 <extension>css</extension>
121                 <mime-type>text/css</mime-type>
122         </mime-mapping>
123         
124         
125 <!-- For testing, without a real institutional Single Signon,
126          use the Tomcat support to require Basic Authentication
127          (against user names and passwords configured in the
128          {tomcat}/conf/tomcat-users file) when the user arrives at
129          the IdP SSO Servlet URL.
130 -->     
131         <security-constraint>
132                 <web-resource-collection>
133                         <web-resource-name>IdP SSO Endpoint URL suffix</web-resource-name>
134                         <url-pattern>/SSO</url-pattern>
135                 </web-resource-collection>
136                 <auth-constraint>
137                         <role-name>user</role-name>
138                 </auth-constraint>
139         </security-constraint>
140         <!-- Define the Login Configuration for this Application -->
141         <login-config>
142                 <auth-method>BASIC</auth-method>
143         </login-config>
144         <security-role>
145                 <description>group of users</description>
146                 <role-name>user</role-name>
147         </security-role>
148 </web-app>