OpenSearch/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/external-authn-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:c="http://www.springframework.org/schema/c"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
                           
       default-init-method="initialize"
       default-destroy-method="destroy">

    <!-- Servlet context-relative path to wherever your implementation lives. -->
    <bean id="shibboleth.authn.External.externalAuthnPath" class="java.lang.String"
        c:_0="contextRelative:Authn/External" />

    <!--
    Default is to always use the path in the bean above. If you want to determine it
    dynamically, define a bean called "shibboleth.authn.External.externalAuthnPathStrategy"
    of type Function<ProfileRequestContext,String> that returns the path to use.
    -->

    <!--
    Add authentication flow descriptor's supportedPrincipals collection to the resulting Subject?
    You would normally only unset this if you plan to return a fully decorated Java Subject from your
    external authentication source.
    -->
    <util:constant id="shibboleth.authn.External.addDefaultPrincipals" static-field="java.lang.Boolean.TRUE" />

    <!--
    <bean id="shibboleth.authn.External.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
        c:_0="^(.+)@example\.edu]$" />
    -->

    <!--
    Define entries here to map error messages returned by external modules and classify them as particular
    kinds of errors for use in your templates and as events in flows.

    Keys are events to signal, values are error codes.

    The examples here just allow external signaling of the exact type of condition to record.
    
    If you want to "fall-through" to other login flows, include a mapping to "ReselectFlow".
    -->
    <util:map id="shibboleth.authn.External.ClassifiedMessageMap">
        <entry key="UnknownUsername">
            <list>
                <value>UnknownUsername</value>
            </list>
        </entry>
        <entry key="InvalidPassword">
            <list>
                <value>InvalidPassword</value>
            </list>
        </entry>
        <entry key="ExpiredPassword">
            <list>
                <value>ExpiredPassword</value>
            </list>
        </entry>
        <entry key="ExpiringPassword">
            <list>
                <value>ExpiringPassword</value>
            </list>
        </entry>
    </util:map>
    
</beans>