mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-09 14:34:43 +00:00
b8733eab00
The change replaces the Vagrant box based fixture with a fixture based on docker compose and 2 docker images, one for an openldap server and one for a Shibboleth SAML Identity Provider. The configuration of both openldap and shibboleth is identical to the previous one, in order to minimize required changes in the tests
75 lines
3.1 KiB
XML
75 lines
3.1 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
|
xmlns:context="http://www.springframework.org/schema/context"
|
|
xmlns:util="http://www.springframework.org/schema/util"
|
|
xmlns:p="http://www.springframework.org/schema/p"
|
|
xmlns:c="http://www.springframework.org/schema/c"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
|
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
|
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
|
|
|
|
default-init-method="initialize"
|
|
default-destroy-method="destroy">
|
|
|
|
<!-- General Configuration -->
|
|
|
|
<!--
|
|
Enforce running SPNEGO for all users, independent of user's autologin state.
|
|
TRUE means that SPNEGO login is always tried (if available).
|
|
FALSE means that SPNEGO login is run only if the user has enabled autologin.
|
|
-->
|
|
<util:constant id="shibboleth.authn.SPNEGO.EnforceRun" static-field="java.lang.Boolean.FALSE" />
|
|
|
|
<!-- Kerberos Configuration-->
|
|
|
|
<!-- General Kerberos Settings -->
|
|
|
|
<util:constant id="shibboleth.authn.SPNEGO.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" />
|
|
|
|
<!-- Kerberos Service Principal(s) -->
|
|
|
|
<!--
|
|
For each service principal/realm, a "RealmSettings" bean must be created.
|
|
For each "RealmSettings" bean, the following settings are supported:
|
|
p:servicePrincipal: - kerberos service principal (required)
|
|
p:keytab: - path to the keytab file containing the kerberos service principal's credentials
|
|
(optional; either "p:keytab" or "p:password" is required)
|
|
p:password: - kerberos service principal's password
|
|
(optional; either "p:keytab" or "p:password" is required)
|
|
-->
|
|
<util:list id="shibboleth.authn.SPNEGO.Krb5.Realms">
|
|
|
|
<bean parent="shibboleth.KerberosRealmSettings"
|
|
p:servicePrincipal="HTTP/aai-logon.domain_a.com@DOMAIN_A.COM"
|
|
p:keytab="%{idp.home}/credentials/http_domainA.keytab" />
|
|
|
|
</util:list>
|
|
|
|
<!--
|
|
<bean id="shibboleth.authn.SPNEGO.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
|
|
c:_0="^(.+)@example\.edu]$" />
|
|
-->
|
|
|
|
<!--
|
|
Define entries here to map events or error messages returned by the SPNEGO module
|
|
and classify them as particular kinds of errors for use in your templates and as
|
|
events in flows.
|
|
|
|
Keys are events to signal, values are error codes.
|
|
-->
|
|
<util:map id="shibboleth.authn.SPNEGO.ClassifiedMessageMap">
|
|
<entry key="SPNEGONotAvailable">
|
|
<list>
|
|
<value>SPNEGONotAvailable</value>
|
|
</list>
|
|
</entry>
|
|
<entry key="NTLMUnsupported">
|
|
<list>
|
|
<value>NTLMUnsupported</value>
|
|
</list>
|
|
</entry>
|
|
</util:map>
|
|
|
|
</beans>
|