Add explicit PreviousSession support
[java-idp.git] / resources / conf / handler.xml
index df80af9..e95d972 100644 (file)
@@ -1,33 +1,85 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
-<ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+<ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler"
+                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
 
     <ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" />
 
     <ProfileHandler xsi:type="Status">
-        <RequestPath>/status</RequestPath>
+        <RequestPath>/Status</RequestPath>
     </ProfileHandler>
 
-    <ProfileHandler xsi:type="ShibbolethSSO">
-        <RequestPath>/shibboleth/SSO</RequestPath>
+    <ProfileHandler xsi:type="ShibbolethSSO"
+                    inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post 
+                                                urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
+        <RequestPath>/Shibboleth/SSO</RequestPath>
     </ProfileHandler>
     
-    <ProfileHandler xsi:type="SAML1AttributeQuery">
-        <RequestPath>/saml1/SSO</RequestPath>
+    <ProfileHandler xsi:type="SAML1AttributeQuery" 
+                    inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+        <RequestPath>/SAML1/SOAP/AttributeQuery</RequestPath>
     </ProfileHandler>
     
-    <ProfileHandler xsi:type="SAML2SSO">
-        <RequestPath>/saml2/SSO</RequestPath>
+    <ProfileHandler xsi:type="SAML1ArtifactResolution" 
+                    inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
+        <RequestPath>/SAML1/SOAP/ArtifactResolution</RequestPath>
     </ProfileHandler>
     
-    <ProfileHandler xsi:type="SAML2AttributeQuery">
-        <RequestPath>/saml2/SOAP/AttributeQuery</RequestPath>
+    <ProfileHandler xsi:type="SAML2SSO" 
+                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
+                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+        <RequestPath>/SAML2/POST/SSO</RequestPath>
+    </ProfileHandler>
+
+    <ProfileHandler xsi:type="SAML2SSO" 
+                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
+                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+        <RequestPath>/SAML2/POST-SimpleSign/SSO</RequestPath>
+    </ProfileHandler>
+
+    <ProfileHandler xsi:type="SAML2SSO" 
+                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
+                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
+                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
+        <RequestPath>/SAML2/Redirect/SSO</RequestPath>
     </ProfileHandler>
     
-    <AuthenticationHandler xsi:type="RemoteUser">
-        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
+    <ProfileHandler xsi:type="SAML2AttributeQuery"
+                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+        <RequestPath>/SAML2/SOAP/AttributeQuery</RequestPath>
+    </ProfileHandler>
+    
+    <ProfileHandler xsi:type="SAML2ArtifactResolution" 
+                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
+                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
+        <RequestPath>/SAML2/SOAP/ArtifactResolution</RequestPath>
+    </ProfileHandler>
+    
+    <LoginHandler xsi:type="RemoteUser">
         <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
-    </AuthenticationHandler>
+    </LoginHandler>
+    
+    <LoginHandler xsi:type="UsernamePassword" 
+                  jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
+        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
+    </LoginHandler>
+    
+    <!-- 
+        Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
+        on every request.
+    -->
+    <LoginHandler xsi:type="PreviousSession">
+        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod>
+    </LoginHandler>
 
-</ProfileHandlerGroup>
\ No newline at end of file
+</ProfileHandlerGroup>