122 lines
5.5 KiB
XML
122 lines
5.5 KiB
XML
|
<?xml version="1.0" encoding="UTF-8"?>
|
||
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
||
|
xmlns:context="http://www.springframework.org/schema/context"
|
||
|
xmlns:util="http://www.springframework.org/schema/util"
|
||
|
xmlns:p="http://www.springframework.org/schema/p"
|
||
|
xmlns:c="http://www.springframework.org/schema/c"
|
||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
||
|
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
|
||
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
|
||
|
|
||
|
default-init-method="initialize"
|
||
|
default-destroy-method="destroy">
|
||
|
|
||
|
<!-- Choose an import based on the back-end you want to use. -->
|
||
|
<!-- <import resource="jaas-authn-config.xml" /> -->
|
||
|
<!-- <import resource="krb5-authn-config.xml" /> -->
|
||
|
<import resource="ldap-authn-config.xml" />
|
||
|
|
||
|
|
||
|
<!-- Names of form fields to pull username and password from. -->
|
||
|
<bean id="shibboleth.authn.Password.UsernameFieldName" class="java.lang.String" c:_0="j_username" />
|
||
|
<bean id="shibboleth.authn.Password.PasswordFieldName" class="java.lang.String" c:_0="j_password" />
|
||
|
<bean id="shibboleth.authn.Password.SSOBypassFieldName" class="java.lang.String" c:_0="donotcache" />
|
||
|
|
||
|
<!-- Simple transforms to apply to username before validation. -->
|
||
|
<util:constant id="shibboleth.authn.Password.Lowercase" static-field="java.lang.Boolean.FALSE"/>
|
||
|
<util:constant id="shibboleth.authn.Password.Uppercase" static-field="java.lang.Boolean.FALSE"/>
|
||
|
<util:constant id="shibboleth.authn.Password.Trim" static-field="java.lang.Boolean.TRUE"/>
|
||
|
|
||
|
<!-- Set to TRUE if you want the password kept in the resulting Subject as a private credential. -->
|
||
|
<util:constant id="shibboleth.authn.Password.RetainAsPrivateCredential" static-field="java.lang.Boolean.FALSE"/>
|
||
|
|
||
|
<!-- Apply any regular expression replacement pairs to username before validation. -->
|
||
|
<util:list id="shibboleth.authn.Password.Transforms">
|
||
|
<!--
|
||
|
<bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
|
||
|
-->
|
||
|
</util:list>
|
||
|
|
||
|
<!-- Uncomment to configure account lockout backed by in-memory storage. -->
|
||
|
<!--
|
||
|
<bean id="shibboleth.authn.Password.AccountLockoutManager"
|
||
|
parent="shibboleth.StorageBackedAccountLockoutManager"
|
||
|
p:maxAttempts="5"
|
||
|
p:counterInterval="PT5M"
|
||
|
p:lockoutDuration="PT5M"
|
||
|
p:extendLockoutDuration="false" />
|
||
|
-->
|
||
|
|
||
|
<!--
|
||
|
Define entries here to map error messages detected by validation actions and classify them as particular
|
||
|
kinds of errors for use in your templates and as events in flows.
|
||
|
|
||
|
Keys are events to signal, values are error codes.
|
||
|
-->
|
||
|
<util:map id="shibboleth.authn.Password.ClassifiedMessageMap">
|
||
|
<entry key="UnknownUsername">
|
||
|
<list>
|
||
|
<value>NoCredentials</value>
|
||
|
<value>CLIENT_NOT_FOUND</value>
|
||
|
<value>Client not found</value>
|
||
|
<value>DN_RESOLUTION_FAILURE</value>
|
||
|
</list>
|
||
|
</entry>
|
||
|
<entry key="InvalidPassword">
|
||
|
<list>
|
||
|
<value>InvalidCredentials</value>
|
||
|
<value>PREAUTH_FAILED</value>
|
||
|
<value>INVALID_CREDENTIALS</value>
|
||
|
<value>Checksum failed</value>
|
||
|
</list>
|
||
|
</entry>
|
||
|
<entry key="AccountLocked">
|
||
|
<list>
|
||
|
<value>AccountLocked</value>
|
||
|
<value>Clients credentials have been revoked</value>
|
||
|
</list>
|
||
|
</entry>
|
||
|
<entry key="ExpiredPassword">
|
||
|
<list>
|
||
|
<value>PASSWORD_EXPIRED</value>
|
||
|
</list>
|
||
|
</entry>
|
||
|
<entry key="ExpiringPassword">
|
||
|
<list>
|
||
|
<value>ACCOUNT_WARNING</value>
|
||
|
</list>
|
||
|
</entry>
|
||
|
</util:map>
|
||
|
|
||
|
<!--
|
||
|
Configuration of "extended" login methods to offer in the password login form.
|
||
|
|
||
|
The String bean is a regular expression identifying the flows to offer. These flows
|
||
|
must also be enabled at the "top" level to be available for use.
|
||
|
|
||
|
The ExtendedFlowParameters bean can be used to transfer custom parameters from the
|
||
|
login form into the context tree for use later by other flows.
|
||
|
|
||
|
The last bean provides the set of custom Principals to use for results produced by the
|
||
|
Password flow itself. You would use this if you need the Password flow to run as a shell
|
||
|
to run the "extended" login methods, but want to limit its own results more narrowly.
|
||
|
-->
|
||
|
<!--
|
||
|
<bean id="shibboleth.authn.Password.ExtendedFlows" class="java.lang.String" c:_0="" />
|
||
|
|
||
|
<util:list id="shibboleth.authn.Password.ExtendedFlowParameters">
|
||
|
</util:list>
|
||
|
|
||
|
<util:list id="shibboleth.authn.Password.PrincipalOverride">
|
||
|
<bean parent="shibboleth.SAML2AuthnContextClassRef"
|
||
|
c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
|
||
|
<bean parent="shibboleth.SAML2AuthnContextClassRef"
|
||
|
c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" />
|
||
|
<bean parent="shibboleth.SAML1AuthenticationMethod"
|
||
|
c:method="urn:oasis:names:tc:SAML:1.0:am:password" />
|
||
|
</util:list>
|
||
|
-->
|
||
|
|
||
|
</beans>
|