diff options
Diffstat (limited to 'conf-from-container/conf/c14n')
5 files changed, 0 insertions, 235 deletions
diff --git a/conf-from-container/conf/c14n/attribute-sourced-subject-c14n-config.xml b/conf-from-container/conf/c14n/attribute-sourced-subject-c14n-config.xml deleted file mode 100644 index 938b30f..0000000 --- a/conf-from-container/conf/c14n/attribute-sourced-subject-c14n-config.xml +++ /dev/null @@ -1,44 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<beans xmlns="http://www.springframework.org/schema/beans" - xmlns:context="http://www.springframework.org/schema/context" - xmlns:util="http://www.springframework.org/schema/util" - xmlns:p="http://www.springframework.org/schema/p" - xmlns:c="http://www.springframework.org/schema/c" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd - http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" - - default-init-method="initialize" - default-destroy-method="destroy"> - - <!-- - A list of attributes to resolve for normalizing the subject. For example, you might - intend to lookup a uid in a directory based on what the user entered. You can make this - an empty list if you just want to resolve everything you normally would. - --> - <util:list id="shibboleth.c14n.attribute.AttributesToResolve"> - <value>altuid</value> - </util:list> - - <!-- - A list of attributes to search for a value to produce as the normalized subject name. - This will normally be something you resolve above. - --> - <util:list id="shibboleth.c14n.attribute.AttributeSourceIds"> - <value>altuid</value> - </util:list> - - <!-- Simple transforms to apply to attribute value used for canonicalization result. --> - <util:constant id="shibboleth.c14n.attribute.Lowercase" static-field="java.lang.Boolean.FALSE"/> - <util:constant id="shibboleth.c14n.attribute.Uppercase" static-field="java.lang.Boolean.FALSE"/> - <util:constant id="shibboleth.c14n.attribute.Trim" static-field="java.lang.Boolean.TRUE"/> - - <!-- Apply any regular expression replacement pairs. --> - <util:list id="shibboleth.c14n.attribute.Transforms"> - <!-- - <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" /> - --> - </util:list> - -</beans> diff --git a/conf-from-container/conf/c14n/simple-subject-c14n-config.xml b/conf-from-container/conf/c14n/simple-subject-c14n-config.xml deleted file mode 100644 index 3cddfa6..0000000 --- a/conf-from-container/conf/c14n/simple-subject-c14n-config.xml +++ /dev/null @@ -1,27 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<beans xmlns="http://www.springframework.org/schema/beans" - xmlns:context="http://www.springframework.org/schema/context" - xmlns:util="http://www.springframework.org/schema/util" - xmlns:p="http://www.springframework.org/schema/p" - xmlns:c="http://www.springframework.org/schema/c" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd - http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" - - default-init-method="initialize" - default-destroy-method="destroy"> - - <!-- Simple transforms to apply to username after authentication. --> - <util:constant id="shibboleth.c14n.simple.Lowercase" static-field="java.lang.Boolean.FALSE"/> - <util:constant id="shibboleth.c14n.simple.Uppercase" static-field="java.lang.Boolean.FALSE"/> - <util:constant id="shibboleth.c14n.simple.Trim" static-field="java.lang.Boolean.TRUE"/> - - <!-- Apply any regular expression replacement pairs after authentication. --> - <util:list id="shibboleth.c14n.simple.Transforms"> - <!-- - <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" /> - --> - </util:list> - -</beans> diff --git a/conf-from-container/conf/c14n/subject-c14n-events-flow.xml b/conf-from-container/conf/c14n/subject-c14n-events-flow.xml deleted file mode 100644 index d7458cd..0000000 --- a/conf-from-container/conf/c14n/subject-c14n-events-flow.xml +++ /dev/null @@ -1,18 +0,0 @@ -<flow xmlns="http://www.springframework.org/schema/webflow" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd" - abstract="true"> - - <!-- ADVANCED USE ONLY --> - - <!-- - You can ignore this file unless you are creating your own custom c14n subflows that want to - report custom events in response to unusual error or warning conditions. - --> - - <!-- Custom error events to reflect back from user-supplied c14n subflows. --> - <!-- - <end-state id="MyCustomEvent" /> - --> - -</flow> diff --git a/conf-from-container/conf/c14n/subject-c14n.xml b/conf-from-container/conf/c14n/subject-c14n.xml deleted file mode 100644 index 16fc6f1..0000000 --- a/conf-from-container/conf/c14n/subject-c14n.xml +++ /dev/null @@ -1,109 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<beans xmlns="http://www.springframework.org/schema/beans" - xmlns:context="http://www.springframework.org/schema/context" - xmlns:util="http://www.springframework.org/schema/util" - xmlns:p="http://www.springframework.org/schema/p" - xmlns:c="http://www.springframework.org/schema/c" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd - http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" - - default-init-method="initialize" - default-destroy-method="destroy"> - - <!-- ========================= Java Subject -> Principal Mapping ========================= --> - - <!-- - These are lists of Subject Canonicalization flows that turn complex Subject data into a string-based - principal name that the rest of the IdP can operate on. They're used both after authentication and - during operations like SAML attribute queries, to map the SAML Subject into a principal name. - Flows are identified with an ID that corresponds to a Spring Web Flow subflow name. - --> - - <!-- Flows used after authentication to produce canonical principal name. --> - <util:list id="shibboleth.PostLoginSubjectCanonicalizationFlows"> - <!-- - This is an advanced post-login step that performs attribute resolution and then produces a username - from an attribute value. Most of this configuration is handled by attribute-sourced-c14n-config.xml. - To enable universally, just uncomment, but if you want it to run under more specific conditions, - set an activationCondition property to a condition function to use to control when it should run. - --> - <!-- <bean id="c14n/attribute" parent="shibboleth.PostLoginSubjectCanonicalizationFlow" /> --> - - <!-- - This is an alternative that handles Subjects containing an X500Principal object and - allows extraction from the DN. - --> - <ref bean="c14n/x500" /> - - <!-- - This is the standard post-login step that returns a username derived from the login process. If you - have more complex needs such as mapping a certificate DN into a principal name, an alternative may - be required such as that above, but you can configure simple transforms in simple-subject-c14n-config.xml - --> - <ref bean="c14n/simple" /> - </util:list> - - <!-- - Flows used during SAML requests to reverse-map NameIdentifiers/NameIDs. The actual beans defining these - flows are in a system file. Below the list are some settings that might be useful to adjust. - --> - <util:list id="shibboleth.SAMLSubjectCanonicalizationFlows"> - - <!-- - This is installed to support the old mechanism of using PrincipalConnectors in the attribute resolver - to map SAML Subjects back into principals. If you don't use those (or this is a new install) you can - remove this. - --> - <ref bean="c14n/LegacyPrincipalConnector" /> - - <!-- The next four are for handling transient IDs (in-storage and stateless variants). --> - <ref bean="c14n/SAML2Transient" /> - <ref bean="c14n/SAML2CryptoTransient" /> - <ref bean="c14n/SAML1Transient" /> - <ref bean="c14n/SAML1CryptoTransient" /> - - <!-- Handle a SAML 2 persistent ID, provided a stored strategy is in use. --> - <!-- <ref bean="c14n/SAML2Persistent" /> --> - - <!-- - Finally we have beans for decoding arbitrary SAML formats directly. By default, these are turned off, - having *no* circumstances for which they apply (see shibboleth.TransformNamePredicate below). - --> - <ref bean="c14n/SAML2Transform" /> - <ref bean="c14n/SAML1Transform" /> - </util:list> - - <!-- What SAML NameID formats do you want to support direct transformations for? --> - <util:list id="shibboleth.NameTransformFormats"> - <value>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</value> - <value>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</value> - <value>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</value> - <value>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</value> - <value>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</value> - </util:list> - - <!-- - Under what conditions should direct NameID mapping be allowed? By default, never. - Any condition can be used here; the example is suitable for enumerating a number of SPs to allow. - --> - <bean id="shibboleth.NameTransformPredicate" parent="shibboleth.Conditions.RelyingPartyId"> - <constructor-arg> - <list> - <!-- <value>https://sp.example.org</value> --> - </list> - </constructor-arg> - </bean> - - <!-- - Regular expression transforms to apply to incoming subject names. The default empty list just - echoes the name through unmodified. - --> - <util:list id="shibboleth.NameTransforms"> - <!-- - <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" /> - --> - </util:list> - -</beans> diff --git a/conf-from-container/conf/c14n/x500-subject-c14n-config.xml b/conf-from-container/conf/c14n/x500-subject-c14n-config.xml deleted file mode 100644 index 1ae25e4..0000000 --- a/conf-from-container/conf/c14n/x500-subject-c14n-config.xml +++ /dev/null @@ -1,37 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<beans xmlns="http://www.springframework.org/schema/beans" - xmlns:context="http://www.springframework.org/schema/context" - xmlns:util="http://www.springframework.org/schema/util" - xmlns:p="http://www.springframework.org/schema/p" - xmlns:c="http://www.springframework.org/schema/c" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd - http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" - - default-init-method="initialize" - default-destroy-method="destroy"> - - <!-- First priority is given to any subjectAltNames specified (emailAddress is 1) --> - <util:list id="shibboleth.c14n.x500.SubjectAltNameTypes"> - <!-- <value>1</value> --> - </util:list> - - <!-- Second priority is a list of Certificate Subject RDN OIDs to look for. --> - <util:list id="shibboleth.c14n.x500.ObjectIDs"> - <value>2.5.4.3</value> - </util:list> - - <!-- Simple transforms to apply to username after authentication. --> - <util:constant id="shibboleth.c14n.x500.Lowercase" static-field="java.lang.Boolean.FALSE"/> - <util:constant id="shibboleth.c14n.x500.Uppercase" static-field="java.lang.Boolean.FALSE"/> - <util:constant id="shibboleth.c14n.x500.Trim" static-field="java.lang.Boolean.TRUE"/> - - <!-- Apply any regular expression replacement pairs after authentication. --> - <util:list id="shibboleth.c14n.x500.Transforms"> - <!-- - <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" /> - --> - </util:list> - -</beans> |