OpenSearch/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/spnego-authn-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:c="http://www.springframework.org/schema/c"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                           http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
                           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
                           
       default-init-method="initialize"
       default-destroy-method="destroy">

    <!--  General Configuration -->

    <!--
    Enforce running SPNEGO for all users, independent of user's autologin state.
    TRUE means that SPNEGO login is always tried (if available).
    FALSE means that SPNEGO login is run only if the user has enabled autologin.
    -->
    <util:constant id="shibboleth.authn.SPNEGO.EnforceRun" static-field="java.lang.Boolean.FALSE" />
   
    <!-- Kerberos Configuration-->

    <!-- General Kerberos Settings -->
    
    <util:constant id="shibboleth.authn.SPNEGO.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" />

    <!--  Kerberos Service Principal(s) -->
    
    <!--
    For each service principal/realm, a "RealmSettings" bean must be created.
    For each "RealmSettings" bean, the following settings are supported:
      p:servicePrincipal: - kerberos service principal (required)
      p:keytab:           - path to the keytab file containing the kerberos service principal's credentials
                            (optional; either "p:keytab" or "p:password" is required)
      p:password:         - kerberos service principal's password
                            (optional; either "p:keytab" or "p:password" is required)
    -->
    <util:list id="shibboleth.authn.SPNEGO.Krb5.Realms">

        <bean parent="shibboleth.KerberosRealmSettings"
            p:servicePrincipal="HTTP/aai-logon.domain_a.com@DOMAIN_A.COM"
            p:keytab="%{idp.home}/credentials/http_domainA.keytab" />

    </util:list>

    <!--
    <bean id="shibboleth.authn.SPNEGO.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
        c:_0="^(.+)@example\.edu]$" />
    -->

    <!--
    Define entries here to map events or error messages returned by the SPNEGO module
    and classify them as particular kinds of errors for use in your templates and as
    events in flows.

    Keys are events to signal, values are error codes.
    -->
    <util:map id="shibboleth.authn.SPNEGO.ClassifiedMessageMap">
        <entry key="SPNEGONotAvailable">
            <list>
                <value>SPNEGONotAvailable</value>
            </list>
        </entry>
        <entry key="NTLMUnsupported">
            <list>
                <value>NTLMUnsupported</value>
            </list>
        </entry>
    </util:map>
 
</beans>