diff options
Diffstat (limited to 'conf-from-container/conf/authn/spnego-authn-config.xml')
| -rw-r--r-- | conf-from-container/conf/authn/spnego-authn-config.xml | 74 |
1 files changed, 74 insertions, 0 deletions
diff --git a/conf-from-container/conf/authn/spnego-authn-config.xml b/conf-from-container/conf/authn/spnego-authn-config.xml new file mode 100644 index 0000000..07563b9 --- /dev/null +++ b/conf-from-container/conf/authn/spnego-authn-config.xml @@ -0,0 +1,74 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:util="http://www.springframework.org/schema/util" + xmlns:p="http://www.springframework.org/schema/p" + xmlns:c="http://www.springframework.org/schema/c" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd + http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" + + default-init-method="initialize" + default-destroy-method="destroy"> + + <!-- General Configuration --> + + <!-- + Enforce running SPNEGO for all users, independent of user's autologin state. + TRUE means that SPNEGO login is always tried (if available). + FALSE means that SPNEGO login is run only if the user has enabled autologin. + --> + <util:constant id="shibboleth.authn.SPNEGO.EnforceRun" static-field="java.lang.Boolean.FALSE" /> + + <!-- Kerberos Configuration--> + + <!-- General Kerberos Settings --> + + <util:constant id="shibboleth.authn.SPNEGO.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" /> + + <!-- Kerberos Service Principal(s) --> + + <!-- + For each service principal/realm, a "RealmSettings" bean must be created. + For each "RealmSettings" bean, the following settings are supported: + p:servicePrincipal: - kerberos service principal (required) + p:keytab: - path to the keytab file containing the kerberos service principal's credentials + (optional; either "p:keytab" or "p:password" is required) + p:password: - kerberos service principal's password + (optional; either "p:keytab" or "p:password" is required) + --> + <util:list id="shibboleth.authn.SPNEGO.Krb5.Realms"> + + <bean parent="shibboleth.KerberosRealmSettings" + p:servicePrincipal="HTTP/aai-logon.domain_a.com@DOMAIN_A.COM" + p:keytab="%{idp.home}/credentials/http_domainA.keytab" /> + + </util:list> + + <!-- + <bean id="shibboleth.authn.SPNEGO.matchExpression" class="java.util.regex.Pattern" factory-method="compile" + c:_0="^(.+)@example\.edu]$" /> + --> + + <!-- + Define entries here to map events or error messages returned by the SPNEGO module + and classify them as particular kinds of errors for use in your templates and as + events in flows. + + Keys are events to signal, values are error codes. + --> + <util:map id="shibboleth.authn.SPNEGO.ClassifiedMessageMap"> + <entry key="SPNEGONotAvailable"> + <list> + <value>SPNEGONotAvailable</value> + </list> + </entry> + <entry key="NTLMUnsupported"> + <list> + <value>NTLMUnsupported</value> + </list> + </entry> + </util:map> + +</beans> |