75 lines
3.1 KiB
XML
75 lines
3.1 KiB
XML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
||
|
xmlns:context="http://www.springframework.org/schema/context"
|
||
|
xmlns:util="http://www.springframework.org/schema/util"
|
||
|
xmlns:p="http://www.springframework.org/schema/p"
|
||
|
xmlns:c="http://www.springframework.org/schema/c"
|
||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||
|
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
|
||
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
|
||
|
|
||
|
default-init-method="initialize"
|
||
|
default-destroy-method="destroy">
|
||
|
|
||
|
<!-- General Configuration -->
|
||
|
|
||
|
<!--
|
||
|
Enforce running SPNEGO for all users, independent of user's autologin state.
|
||
|
TRUE means that SPNEGO login is always tried (if available).
|
||
|
FALSE means that SPNEGO login is run only if the user has enabled autologin.
|
||
|
-->
|
||
|
<util:constant id="shibboleth.authn.SPNEGO.EnforceRun" static-field="java.lang.Boolean.FALSE" />
|
||
|
|
||
|
<!-- Kerberos Configuration-->
|
||
|
|
||
|
<!-- General Kerberos Settings -->
|
||
|
|
||
|
<util:constant id="shibboleth.authn.SPNEGO.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" />
|
||
|
|
||
|
<!-- Kerberos Service Principal(s) -->
|
||
|
|
||
|
<!--
|
||
|
For each service principal/realm, a "RealmSettings" bean must be created.
|
||
|
For each "RealmSettings" bean, the following settings are supported:
|
||
|
p:servicePrincipal: - kerberos service principal (required)
|
||
|
p:keytab: - path to the keytab file containing the kerberos service principal's credentials
|
||
|
(optional; either "p:keytab" or "p:password" is required)
|
||
|
p:password: - kerberos service principal's password
|
||
|
(optional; either "p:keytab" or "p:password" is required)
|
||
|
-->
|
||
|
<util:list id="shibboleth.authn.SPNEGO.Krb5.Realms">
|
||
|
|
||
|
<bean parent="shibboleth.KerberosRealmSettings"
|
||
|
p:servicePrincipal="HTTP/aai-logon.domain_a.com@DOMAIN_A.COM"
|
||
|
p:keytab="%{idp.home}/credentials/http_domainA.keytab" />
|
||
|
|
||
|
</util:list>
|
||
|
|
||
|
<!--
|
||
|
<bean id="shibboleth.authn.SPNEGO.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
|
||
|
c:_0="^(.+)@example\.edu]$" />
|
||
|
-->
|
||
|
|
||
|
<!--
|
||
|
Define entries here to map events or error messages returned by the SPNEGO module
|
||
|
and classify them as particular kinds of errors for use in your templates and as
|
||
|
events in flows.
|
||
|
|
||
|
Keys are events to signal, values are error codes.
|
||
|
-->
|
||
|
<util:map id="shibboleth.authn.SPNEGO.ClassifiedMessageMap">
|
||
|
<entry key="SPNEGONotAvailable">
|
||
|
<list>
|
||
|
<value>SPNEGONotAvailable</value>
|
||
|
</list>
|
||
|
</entry>
|
||
|
<entry key="NTLMUnsupported">
|
||
|
<list>
|
||
|
<value>NTLMUnsupported</value>
|
||
|
</list>
|
||
|
</entry>
|
||
|
</util:map>
|
||
|
|
||
|
</beans>
|