conf-from-container/conf/authn/remoteuser-authn-config.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:c="http://www.springframework.org/schema/c"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
                           
       default-init-method="initialize"
       default-destroy-method="destroy">

    <!-- Servlet context-relative path to wherever your implementation lives. -->
    <bean id="shibboleth.authn.RemoteUser.externalAuthnPath" class="java.lang.String"
        c:_0="contextRelative:Authn/RemoteUser" />
    
    <!--
    Default is to always use the path in the bean above. If you want to determine it
    dynamically, define a bean called "shibboleth.authn.RemoteUser.externalAuthnPathStrategy"
    of type Function<ProfileRequestContext,String> that returns the path to use.
    -->

    <!--
    Add authentication flow descriptor's supportedPrincipals collection to the resulting Subject?
    You would normally only unset this if you plan to use the authnMethodHeader servlet parameter to
    supply authentication method string(s) from the external authentication system.
    -->
    <util:constant id="shibboleth.authn.RemoteUser.addDefaultPrincipals" static-field="java.lang.Boolean.TRUE" />

    <!--
    <bean id="shibboleth.authn.RemoteUser.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
        c:_0="^(.+)@example\.edu]$" />
    -->

    <!--
    Define entries here to map error messages returned by external modules and classify them as particular
    kinds of errors for use in your templates and as events in flows.

    Keys are events to signal, values are error codes.

    The examples here just allow external signaling of an exact condition.
    
    If you want to "fall-through" to other login flows, include a mapping to "ReselectFlow".
    -->
    <util:map id="shibboleth.authn.RemoteUser.ClassifiedMessageMap">
        <entry key="ReselectFlow">
            <list>
                <value>NoCredentials</value>
            </list>
        </entry>
        <entry key="UnknownUsername">
            <list>
                <value>UnknownUsername</value>
            </list>
        </entry>
        <entry key="InvalidPassword">
            <list>
                <value>InvalidPassword</value>
            </list>
        </entry>
        <entry key="ExpiredPassword">
            <list>
                <value>ExpiredPassword</value>
            </list>
        </entry>
        <entry key="ExpiringPassword">
            <list>
                <value>ExpiringPassword</value>
            </list>
        </entry>
    </util:map>
    
</beans>