[SIDP-359] - HttpServletHelper.getRelyingPartyConfirmationManager misnamed
[SIDP-355] - Idp reinstall from source overwrite some config files even when "no overwrite" is specified
[SIDP-301] - Remove use of events in SessionManager so that different StorageService implementations may be more easily used
+[SIDP-288] - Improve consistency of XML configuration defaults/examples
[SIDP-275] - Using standard JAAS LoginException in UP LoginHandler servlet
[SC-63] - Use XML Schema duration syntax instead of integers for duration configuration options
and their options.
-->
-<AttributeFilterPolicyGroup id="ShibbolethFilterPolicy" xmlns="urn:mace:shibboleth:2.0:afp"
+<afp:AttributeFilterPolicyGroup id="ShibbolethFilterPolicy"
+ xmlns:afp="urn:mace:shibboleth:2.0:afp"
xmlns:basic="urn:mace:shibboleth:2.0:afp:mf:basic"
xmlns:saml="urn:mace:shibboleth:2.0:afp:mf:saml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
urn:mace:shibboleth:2.0:afp:mf:saml classpath:/schema/shibboleth-2.0-afp-mf-saml.xsd">
<!-- Release the transient ID to anyone -->
- <AttributeFilterPolicy id="releaseTransientIdToAnyone">
- <PolicyRequirementRule xsi:type="basic:ANY" />
+ <afp:AttributeFilterPolicy id="releaseTransientIdToAnyone">
+ <afp:PolicyRequirementRule xsi:type="basic:ANY" />
- <AttributeRule attributeID="transientId">
- <PermitValueRule xsi:type="basic:ANY" />
- </AttributeRule>
+ <afp:AttributeRule attributeID="transientId">
+ <afp:PermitValueRule xsi:type="basic:ANY" />
+ </afp:AttributeRule>
- </AttributeFilterPolicy>
+ </afp:AttributeFilterPolicy>
<!--
to any SP that is a member of InCommon, UK federation, or SWITCHaai
-->
<!--
- <AttributeFilterPolicy>
- <PolicyRequirementRule xsi:type="basic:OR">
+ <afp:AttributeFilterPolicy>
+ <afp:PolicyRequirementRule xsi:type="basic:OR">
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:incommon" />
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="http://ukfederation.org.uk" />
<basic:Rule xsi:type="saml:AttributeRequesterInEntityGroup" groupID="urn:mace:switch.ch:SWITCHaai" />
- </PolicyRequirementRule>
+ </afp:PolicyRequirementRule>
- <AttributeRule attributeID="eduPersonAffiliation">
- <PermitValueRule xsi:type="basic:OR">
+ <afp:AttributeRule attributeID="eduPersonAffiliation">
+ <afp:PermitValueRule xsi:type="basic:OR">
<basic:Rule xsi:type="basic:AttributeValueString" value="faculty" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="student" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="staff" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="affiliate" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="employee" ignoreCase="true" />
<basic:Rule xsi:type="basic:AttributeValueString" value="library-walk-in" ignoreCase="true" />
- </PermitValueRule>
- </AttributeRule>
+ </afp:PermitValueRule>
+ </afp:AttributeRule>
- </AttributeFilterPolicy>
+ </afp:AttributeFilterPolicy>
-->
<!--
Release the given name of the user to our portal service provider
-->
<!--
- <AttributeFilterPolicy>
- <PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="urn:example.org:sp:myPortal" />
+ <afp:AttributeFilterPolicy>
+ <afp:PolicyRequirementRule xsi:type="basic:AttributeRequesterString" value="urn:example.org:sp:myPortal" />
- <AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="basic:ANY" />
- </AttributeRule>
- </AttributeFilterPolicy>
+ <afp:AttributeRule attributeID="givenName">
+ <afp:PermitValueRule xsi:type="basic:ANY" />
+ </afp:AttributeRule>
+ </afp:AttributeFilterPolicy>
-->
-</AttributeFilterPolicyGroup>
\ No newline at end of file
+</afp:AttributeFilterPolicyGroup>
\ No newline at end of file
-->
-<AttributeResolver xmlns="urn:mace:shibboleth:2.0:resolver" xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
+<resolver:AttributeResolver xmlns:resolver="urn:mace:shibboleth:2.0:resolver"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:pc="urn:mace:shibboleth:2.0:resolver:pc"
xmlns:ad="urn:mace:shibboleth:2.0:resolver:ad" xmlns:dc="urn:mace:shibboleth:2.0:resolver:dc"
xmlns:enc="urn:mace:shibboleth:2.0:attribute:encoder" xmlns:sec="urn:mace:shibboleth:2.0:security"
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml1Unspec" nameIDFormat="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" />
<resolver:PrincipalConnector xsi:type="pc:Transient" id="saml2Transient" nameIDFormat="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" />
-</AttributeResolver>
\ No newline at end of file
+</resolver:AttributeResolver>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
-<ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler"
+<ph:ProfileHandlerGroup xmlns:ph="urn:mace:shibboleth:2.0:idp:profile-handler"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">
<!-- Error Handler -->
- <ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" />
+ <ph:ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" />
<!-- Profile Handlers -->
<!--
All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile
handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status"
-->
- <ProfileHandler xsi:type="Status">
- <RequestPath>/Status</RequestPath>
- </ProfileHandler>
+ <ph:ProfileHandler xsi:type="Status">
+ <ph:RequestPath>/Status</ph:RequestPath>
+ </ph:ProfileHandler>
- <ProfileHandler xsi:type="SAMLMetadata" metadataFile="$IDP_HOME$/metadata/idp-metadata.xml">
- <RequestPath>/Metadata/SAML</RequestPath>
- </ProfileHandler>
+ <ph:ProfileHandler xsi:type="SAMLMetadata" metadataFile="$IDP_HOME$/metadata/idp-metadata.xml">
+ <ph:RequestPath>/Metadata/SAML</ph:RequestPath>
+ </ph:ProfileHandler>
- <ProfileHandler xsi:type="ShibbolethSSO"
+ <ph:ProfileHandler xsi:type="ShibbolethSSO"
inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post
urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
- <RequestPath>/Shibboleth/SSO</RequestPath>
- </ProfileHandler>
+ <ph:RequestPath>/Shibboleth/SSO</ph:RequestPath>
+ </ph:ProfileHandler>
- <ProfileHandler xsi:type="SAML1AttributeQuery"
+ <ph:ProfileHandler xsi:type="SAML1AttributeQuery"
inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
- <RequestPath>/SAML1/SOAP/AttributeQuery</RequestPath>
- </ProfileHandler>
+ <ph:RequestPath>/SAML1/SOAP/AttributeQuery</ph:RequestPath>
+ </ph:ProfileHandler>
- <ProfileHandler xsi:type="SAML1ArtifactResolution"
+ <ph:ProfileHandler xsi:type="SAML1ArtifactResolution"
inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
- <RequestPath>/SAML1/SOAP/ArtifactResolution</RequestPath>
- </ProfileHandler>
+ <ph:RequestPath>/SAML1/SOAP/ArtifactResolution</ph:RequestPath>
+ </ph:ProfileHandler>
- <ProfileHandler xsi:type="SAML2SSO"
+ <ph:ProfileHandler xsi:type="SAML2SSO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
- <RequestPath>/SAML2/POST/SSO</RequestPath>
- </ProfileHandler>
+ <ph:RequestPath>/SAML2/POST/SSO</ph:RequestPath>
+ </ph:ProfileHandler>
- <ProfileHandler xsi:type="SAML2SSO"
+ <ph:ProfileHandler xsi:type="SAML2SSO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
- <RequestPath>/SAML2/POST-SimpleSign/SSO</RequestPath>
- </ProfileHandler>
+ <ph:RequestPath>/SAML2/POST-SimpleSign/SSO</ph:RequestPath>
+ </ph:ProfileHandler>
- <ProfileHandler xsi:type="SAML2SSO"
+ <ph:ProfileHandler xsi:type="SAML2SSO"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
- <RequestPath>/SAML2/Redirect/SSO</RequestPath>
- </ProfileHandler>
+ <ph:RequestPath>/SAML2/Redirect/SSO</ph:RequestPath>
+ </ph:ProfileHandler>
- <ProfileHandler xsi:type="SAML2AttributeQuery"
+ <ph:ProfileHandler xsi:type="SAML2AttributeQuery"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
- <RequestPath>/SAML2/SOAP/AttributeQuery</RequestPath>
- </ProfileHandler>
+ <ph:RequestPath>/SAML2/SOAP/AttributeQuery</ph:RequestPath>
+ </ph:ProfileHandler>
- <ProfileHandler xsi:type="SAML2ArtifactResolution"
+ <ph:ProfileHandler xsi:type="SAML2ArtifactResolution"
inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
- <RequestPath>/SAML2/SOAP/ArtifactResolution</RequestPath>
- </ProfileHandler>
+ <ph:RequestPath>/SAML2/SOAP/ArtifactResolution</ph:RequestPath>
+ </ph:ProfileHandler>
<!-- Login Handlers -->
- <LoginHandler xsi:type="RemoteUser">
- <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
- </LoginHandler>
+ <ph:LoginHandler xsi:type="RemoteUser">
+ <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</ph:AuthenticationMethod>
+ </ph:LoginHandler>
<!-- Username/password login handler -->
<!--
- <LoginHandler xsi:type="UsernamePassword"
+ <ph:LoginHandler xsi:type="UsernamePassword"
jaasConfigurationLocation="file://$IDP_HOME$/conf/login.config">
- <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
- </LoginHandler>
+ <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</ph:AuthenticationMethod>
+ </ph:LoginHandler>
-->
<!--
Removal of this login handler will disable SSO support, that is it will require the user to authenticate
on every request.
-->
- <LoginHandler xsi:type="PreviousSession">
- <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod>
- </LoginHandler>
+ <ph:LoginHandler xsi:type="PreviousSession">
+ <ph:AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</ph:AuthenticationMethod>
+ </ph:LoginHandler>
-</ProfileHandlerGroup>
+</ph:ProfileHandlerGroup>
when answering requests to a relying party.
-->
-<RelyingPartyGroup xmlns="urn:mace:shibboleth:2.0:relying-party"
+<rp:RelyingPartyGroup xmlns:rp="urn:mace:shibboleth:2.0:relying-party"
xmlns:saml="urn:mace:shibboleth:2.0:relying-party:saml"
xmlns:metadata="urn:mace:shibboleth:2.0:metadata"
xmlns:resource="urn:mace:shibboleth:2.0:resource"
<!-- ========================================== -->
<!-- Relying Party Configurations -->
<!-- ========================================== -->
- <AnonymousRelyingParty provider="$IDP_ENTITY_ID$"
+ <rp:AnonymousRelyingParty provider="$IDP_ENTITY_ID$"
defaultSigningCredentialRef="IdPCredential" />
- <DefaultRelyingParty provider="$IDP_ENTITY_ID$"
+ <rp:DefaultRelyingParty provider="$IDP_ENTITY_ID$"
defaultSigningCredentialRef="IdPCredential">
<!--
Each attribute in these profiles configuration is set to its default value,
We list them here so that people are aware of them (since they seem reluctant to
read the documentation).
-->
- <ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile"
+ <rp:ProfileConfiguration xsi:type="saml:ShibbolethSSOProfile"
includeAttributeStatement="false"
assertionLifetime="PT5M"
signResponses="conditional"
signAssertions="never" />
- <ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"
+ <rp:ProfileConfiguration xsi:type="saml:SAML1AttributeQueryProfile"
assertionLifetime="PT5M"
signResponses="conditional"
signAssertions="never" />
- <ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"
+ <rp:ProfileConfiguration xsi:type="saml:SAML1ArtifactResolutionProfile"
signResponses="conditional"
signAssertions="never" />
- <ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
+ <rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
includeAttributeStatement="true"
assertionLifetime="PT5M"
assertionProxyCount="0"
encryptAssertions="conditional"
encryptNameIds="never" />
- <ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile"
+ <rp:ProfileConfiguration xsi:type="saml:SAML2AttributeQueryProfile"
assertionLifetime="PT5M"
assertionProxyCount="0"
signResponses="conditional"
encryptAssertions="conditional"
encryptNameIds="never" />
- <ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile"
+ <rp:ProfileConfiguration xsi:type="saml:SAML2ArtifactResolutionProfile"
signResponses="conditional"
signAssertions="never"
encryptAssertions="conditional"
encryptNameIds="never"/>
- </DefaultRelyingParty>
+ </rp:DefaultRelyingParty>
<!-- ========================================== -->
<security:Rule xsi:type="security:MandatoryMessageAuthentication" />
</security:SecurityPolicy>
-</RelyingPartyGroup>
\ No newline at end of file
+</rp:RelyingPartyGroup>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
-<Services xmlns="urn:mace:shibboleth:2.0:services"
+<srv:Services xmlns:srv="urn:mace:shibboleth:2.0:services"
xmlns:attribute-afp="urn:mace:shibboleth:2.0:afp"
xmlns:attribute-authority="urn:mace:shibboleth:2.0:attribute:authority"
xmlns:attribute-resolver="urn:mace:shibboleth:2.0:resolver"
urn:mace:shibboleth:2.0:relying-party classpath:/schema/shibboleth-2.0-relying-party.xsd
urn:mace:shibboleth:2.0:resource classpath:/schema/shibboleth-2.0-resource.xsd">
- <Service id="shibboleth.AttributeResolver"
+ <srv:Service id="shibboleth.AttributeResolver"
xsi:type="attribute-resolver:ShibbolethAttributeResolver">
- <ConfigurationResource file="$IDP_HOME$/conf/attribute-resolver.xml" xsi:type="resource:FilesystemResource" />
- </Service>
+ <srv:ConfigurationResource file="$IDP_HOME$/conf/attribute-resolver.xml" xsi:type="resource:FilesystemResource" />
+ </srv:Service>
- <Service id="shibboleth.AttributeFilterEngine"
+ <srv:Service id="shibboleth.AttributeFilterEngine"
xsi:type="attribute-afp:ShibbolethAttributeFilteringEngine">
- <ConfigurationResource file="$IDP_HOME$/conf/attribute-filter.xml" xsi:type="resource:FilesystemResource" />
- </Service>
+ <srv:ConfigurationResource file="$IDP_HOME$/conf/attribute-filter.xml" xsi:type="resource:FilesystemResource" />
+ </srv:Service>
- <Service id="shibboleth.SAML1AttributeAuthority"
+ <srv:Service id="shibboleth.SAML1AttributeAuthority"
xsi:type="attribute-authority:SAML1AttributeAuthority"
depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine"
resolver="shibboleth.AttributeResolver"
filter="shibboleth.AttributeFilterEngine" />
- <Service id="shibboleth.SAML2AttributeAuthority"
+ <srv:Service id="shibboleth.SAML2AttributeAuthority"
xsi:type="attribute-authority:SAML2AttributeAuthority"
depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine"
resolver="shibboleth.AttributeResolver"
filter="shibboleth.AttributeFilterEngine" />
- <Service id="shibboleth.RelyingPartyConfigurationManager"
+ <srv:Service id="shibboleth.RelyingPartyConfigurationManager"
xsi:type="relyingParty:SAMLMDRelyingPartyConfigurationManager"
depends-on="shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority">
- <ConfigurationResource file="$IDP_HOME$/conf/relying-party.xml" xsi:type="resource:FilesystemResource" />
- </Service>
+ <srv:ConfigurationResource file="$IDP_HOME$/conf/relying-party.xml" xsi:type="resource:FilesystemResource" />
+ </srv:Service>
- <Service id="shibboleth.HandlerManager"
+ <srv:Service id="shibboleth.HandlerManager"
depends-on="shibboleth.RelyingPartyConfigurationManager"
xsi:type="profile:IdPProfileHandlerManager">
- <ConfigurationResource file="$IDP_HOME$/conf/handler.xml" xsi:type="resource:FilesystemResource" />
- </Service>
+ <srv:ConfigurationResource file="$IDP_HOME$/conf/handler.xml" xsi:type="resource:FilesystemResource" />
+ </srv:Service>
<!--
A special service that exports all services upon which it depends into the ServletContext as an attribute
with the same name as the service's ID.
-->
- <Service id="shibboleth.ServiceServletContextAttributeExporter"
+ <srv:Service id="shibboleth.ServiceServletContextAttributeExporter"
depends-on="shibboleth.AttributeResolver shibboleth.AttributeFilterEngine
shibboleth.SAML1AttributeAuthority shibboleth.SAML2AttributeAuthority
shibboleth.RelyingPartyConfigurationManager shibboleth.HandlerManager
shibboleth.StorageService"
xsi:type="ServletContextAttributeExporter" />
-</Services>
\ No newline at end of file
+</srv:Services>
\ No newline at end of file
projects / java-idp.git / commitdiff