Add explicit PreviousSession support
[java-idp.git] / resources / conf / handler.xml
index 9cf93d2..e95d972 100644 (file)
@@ -31,7 +31,8 @@
     
     <ProfileHandler xsi:type="SAML2SSO" 
                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <RequestPath>/SAML2/POST/SSO</RequestPath>
     </ProfileHandler>
@@ -46,7 +47,8 @@
 
     <ProfileHandler xsi:type="SAML2SSO" 
                     inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
-                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
                                                 urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
         <RequestPath>/SAML2/Redirect/SSO</RequestPath>
     </ProfileHandler>
                   jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
     </LoginHandler>
+    
+    <!-- 
+        Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
+        on every request.
+    -->
+    <LoginHandler xsi:type="PreviousSession">
+        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod>
+    </LoginHandler>
 
 </ProfileHandlerGroup>