conf-from-container/conf/errors.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:context="http://www.springframework.org/schema/context"
    xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:c="http://www.springframework.org/schema/c" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
                        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"

    default-init-method="initialize"
    default-destroy-method="destroy">

    <bean id="shibboleth.DefaultErrorView" class="java.lang.String" c:_0="%{idp.errors.defaultView:error}" />

    <!-- Map local events to alternate view templates. -->
    <util:map id="shibboleth.EventViewMap">
        <!-- <entry key="EventToChange" value="viewname" /> -->
    </util:map>

    <!--
    Map of events to trap and handle with local views, without returning to SPs.
    The map values are flags indicating whether to write an audit log record.
    -->
    <util:map id="shibboleth.LocalEventMap">
        <entry key="ContextCheckDenied" value="true" />
        <entry key="AttributeReleaseRejected" value="true" />
        <entry key="TermsRejected" value="true" />
        <entry key="RuntimeException" value="false" />
        <!--
        <entry key="IdentitySwitch" value="false" />
        <entry key="NoPotentialFlow" value="false" />
        -->
    </util:map>
    
    <!-- Mappings of error events during requests to SAML status codes and SOAP fault codes. -->

    <util:map id="shibboleth.SAML1StatusMappings">
        <entry key="InvalidMessageVersion" value-ref="shibboleth.SAML1Status.VersionMismatch" />
        
        <entry key="UnableToDecode" value-ref="shibboleth.SAML1Status.Requester" />
        
        <entry key="UnableToEncode" value-ref="shibboleth.SAML1Status.Requester" />

        <entry key="MessageReplay" value-ref="shibboleth.SAML1Status.Requester" />
        <entry key="MessageExpired" value-ref="shibboleth.SAML1Status.Requester" />
        <entry key="MessageAuthenticationError" value-ref="shibboleth.SAML1Status.Requester" />

        <entry key="RequestUnsupported" value-ref="shibboleth.SAML1Status.Requester" />
        
        <entry key="NoPassive" value-ref="shibboleth.SAML1Status.Requester" />
        <entry key="NoPotentialFlow" value-ref="shibboleth.SAML1Status.Requester" />
        <entry key="NoCredentials" value-ref="shibboleth.SAML1Status.Requester" />
        <entry key="InvalidCredentials" value-ref="shibboleth.SAML1Status.Requester" />
        <entry key="AccountError" value-ref="shibboleth.SAML1Status.Requester" />
        <entry key="IdentitySwitch" value-ref="shibboleth.SAML1Status.Requester" />
        <entry key="AuthenticationException" value-ref="shibboleth.SAML1Status.Requester" />
        
        <entry key="InvalidSubject" value-ref="shibboleth.SAML1Status.Requester" />
        <entry key="SubjectCanonicalizationError" value-ref="shibboleth.SAML1Status.Requester" />
    </util:map>
    
    <util:map id="shibboleth.SAML2StatusMappings">
        <entry key="InvalidMessageVersion" value-ref="shibboleth.SAML2Status.VersionMismatch" />
        
        <entry key="UnableToDecode" value-ref="shibboleth.SAML2Status.RequestUnsupported" />
        
        <entry key="UnableToEncode" value-ref="shibboleth.SAML2Status.UnsupportedBinding" />

        <entry key="MessageReplay" value-ref="shibboleth.SAML2Status.RequestDenied" />
        <entry key="MessageExpired" value-ref="shibboleth.SAML2Status.RequestDenied" />
        <entry key="MessageAuthenticationError" value-ref="shibboleth.SAML2Status.RequestDenied" />
        
        <entry key="RequestUnsupported" value-ref="shibboleth.SAML2Status.NoAuthnContext" />
        
        <entry key="NoPassive" value-ref="shibboleth.SAML2Status.NoPassive" />
        
        <entry key="NoPotentialFlow" value-ref="shibboleth.SAML2Status.AuthnFailed" />
        <entry key="NoCredentials" value-ref="shibboleth.SAML2Status.AuthnFailed" />
        <entry key="InvalidCredentials" value-ref="shibboleth.SAML2Status.AuthnFailed" />
        <entry key="AccountError" value-ref="shibboleth.SAML2Status.AuthnFailed" />
        <entry key="IdentitySwitch" value-ref="shibboleth.SAML2Status.AuthnFailed" />
        <entry key="AuthenticationException" value-ref="shibboleth.SAML2Status.AuthnFailed" />
        
        <entry key="InvalidSubject" value-ref="shibboleth.SAML2Status.UnknownPrincipal" />
        <entry key="SubjectCanonicalizationError" value-ref="shibboleth.SAML2Status.UnknownPrincipal" />
        <entry key="SessionNotFound" value-ref="shibboleth.SAML2Status.UnknownPrincipal" />
        
        <entry key="InvalidNameIDPolicy" value-ref="shibboleth.SAML2Status.InvalidNameIDPolicy" />
        
        <entry key="ChannelBindingsError" value-ref="shibboleth.SAML2Status.ChannelBindingsError" />
    </util:map>

    <util:map id="shibboleth.SOAPFaultCodeMappings">
        <entry key="InvalidMessageVersion" value-ref="shibboleth.SOAP.VersionMismatch" />
        
        <entry key="UnableToDecode" value-ref="shibboleth.SOAP.Client" />

        <entry key="MessageReplay" value-ref="shibboleth.SOAP.Client" />
        <entry key="MessageExpired" value-ref="shibboleth.SOAP.Client" />
        <entry key="MessageAuthenticationError" value-ref="shibboleth.SOAP.Client" />
        
        <entry key="RequestUnsupported" value-ref="shibboleth.SOAP.Client" />
    
        <entry key="NoPassive" value-ref="shibboleth.SOAP.Client" />
        
        <entry key="NoPotentialFlow" value-ref="shibboleth.SOAP.Client" />
        <entry key="NoCredentials" value-ref="shibboleth.SOAP.Client" />
        <entry key="InvalidCredentials" value-ref="shibboleth.SOAP.Client" />
        <entry key="AccountError" value-ref="shibboleth.SOAP.Client" />
        <entry key="AuthenticationException" value-ref="shibboleth.SOAP.Client" />

        <entry key="InvalidSubject" value-ref="shibboleth.SOAP.Client" />
        <entry key="SubjectCanonicalizationError" value-ref="shibboleth.SOAP.Client" />
        
        <entry key="InvalidNameIDPolicy" value-ref="shibboleth.SOAP.Client" />
        
        <entry key="ChannelBindingsError" value-ref="shibboleth.SOAP.Client" />
    </util:map>
    
</beans>