diff options
Diffstat (limited to 'conf-from-container/conf/cas-protocol.xml')
| -rw-r--r-- | conf-from-container/conf/cas-protocol.xml | 84 |
1 files changed, 0 insertions, 84 deletions
diff --git a/conf-from-container/conf/cas-protocol.xml b/conf-from-container/conf/cas-protocol.xml deleted file mode 100644 index d0b3d55..0000000 --- a/conf-from-container/conf/cas-protocol.xml +++ /dev/null @@ -1,84 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<beans xmlns="http://www.springframework.org/schema/beans" - xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xmlns:c="http://www.springframework.org/schema/c" - xmlns:p="http://www.springframework.org/schema/p" - xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd - http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd - http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" - default-init-method="initialize" - default-destroy-method="destroy"> - - <!-- - | The CAS service registry defines verified relying parties by endpoint URI. - | The default implementation treats the ID of each entry as a regular expression defining a logical group of - | services whose URIs match the expression. - | - | This bean is reloaded periodically according to %{idp.home}/conf/services.properties. - --> - <bean id="reloadableServiceRegistry" - class="%{idp.cas.serviceRegistryClass:net.shibboleth.idp.cas.service.PatternServiceRegistry}"> - <property name="definitions"> - <list> - <!-- - <bean class="net.shibboleth.idp.cas.service.ServiceDefinition" - c:regex="https://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*" - p:group="proxying-services" - p:authorizedToProxy="true" - p:singleLogoutParticipant="true" /> - <bean class="net.shibboleth.idp.cas.service.ServiceDefinition" - c:regex="http://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*" - p:group="non-proxying-services" - p:authorizedToProxy="false" / - --> - </list> - </property> - </bean> - - <!-- - | The default ticket service as of 3.3.0 serializes ticket data into the opaque section of the ticket ID - | for service tickets and proxy tickets. Proxy-granting tickets still require server-side storage, and - | a StorageService defined by the idp.cas.StorageService is used. Thus for deployers that do not require - | CAS proxy capabilities, no stateful storage mechanism is required; that means no memcached or database - | is required for HA deployments that want CAS (without proxy) support. A notable limitation of the new - | component is that the one-time use feature of service and proxy tickets is not available due to the lack - | of a ticket-tracking mechanism. Instead, tickets expire when their expiration period is exceeded. - | If this limitation is of concern, one may consider decreasing ticketValidityPeriod on the profile - | configuration from the default 15000ms. - --> - <alias name="encodingTicketService" alias="shibboleth.CASTicketService" /> - - <!-- - | Uncomment the following element and comment out the above to enable the previous default ticket service - | that uses a StorageService for ticket persistence. Use this if the one-time use limitation of - | EncodingTicketService is problematic and can't be mitigated by decreasing ticketValidityPeriod. - --> - <!--<alias name="simpleTicketService" alias="shibboleth.CASTicketService" /> --> - - <!-- - | The predicate used to determine whether IdP session validation is performed during the process of granting - | a proxy ticket. When the predicate evaluates to true, an IdP session is resolved and validated prior to - | granting a proxy ticket. This feature prevents issuing proxy tickets when an IdP session is expired, but comes - | at the cost of requiring server-side storage of IdP session data. If this is configured to a predicate that - | evaluates to true under any condition, a server-side storage service must be enabled for IdP session - | storage. The most common non-default value is "alwaysTrue." - --> - <bean id="shibboleth.CASProxyValidateIdPSessionPredicate" - class="com.google.common.base.Predicates" - factory-method="alwaysFalse" /> - - - <!-- ============== Advanced CAS Configuration ============== --> - - <!-- Configure a third-party ticket service. --> - <!-- - <bean id="shibboleth.CASTicketService" - class="org.example.idp.cas.CustomTicketService" /> - --> - - <!-- Configure a third-party proxy authenticator. --> - <!-- - <bean id="shibboleth.CASProxyAuthenticator" - class="org.example.idp.cas.CustomProxyAuthenticator" /> - --> -</beans>
\ No newline at end of file |