honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-07 13:38:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/password-authn-config.xml
Ioannis Kakavas b8733eab00 Replace Vagrant with Docker for idp-fixture (#39948) 
The change replaces the Vagrant box based fixture with a fixture
based on docker compose and 2 docker images, one for an openldap
server and one for a Shibboleth SAML Identity Provider.

The configuration of both openldap and shibboleth is identical to
the previous one, in order to minimize required changes in the
tests
2019-03-13 08:30:03 +02:00

122 lines
5.5 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
default-init-method="initialize"
default-destroy-method="destroy">
<!-- Choose an import based on the back-end you want to use. -->
<!-- <import resource="jaas-authn-config.xml" /> -->
<!-- <import resource="krb5-authn-config.xml" /> -->
<import resource="ldap-authn-config.xml" />
<!-- Names of form fields to pull username and password from. -->
<bean id="shibboleth.authn.Password.UsernameFieldName" class="java.lang.String" c:_0="j_username" />
<bean id="shibboleth.authn.Password.PasswordFieldName" class="java.lang.String" c:_0="j_password" />
<bean id="shibboleth.authn.Password.SSOBypassFieldName" class="java.lang.String" c:_0="donotcache" />
<!-- Simple transforms to apply to username before validation. -->
<util:constant id="shibboleth.authn.Password.Lowercase" static-field="java.lang.Boolean.FALSE"/>
<util:constant id="shibboleth.authn.Password.Uppercase" static-field="java.lang.Boolean.FALSE"/>
<util:constant id="shibboleth.authn.Password.Trim" static-field="java.lang.Boolean.TRUE"/>
<!-- Set to TRUE if you want the password kept in the resulting Subject as a private credential. -->
<util:constant id="shibboleth.authn.Password.RetainAsPrivateCredential" static-field="java.lang.Boolean.FALSE"/>
<!-- Apply any regular expression replacement pairs to username before validation. -->
<util:list id="shibboleth.authn.Password.Transforms">
<!--
<bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
-->
</util:list>
<!-- Uncomment to configure account lockout backed by in-memory storage. -->
<!--
<bean id="shibboleth.authn.Password.AccountLockoutManager"
parent="shibboleth.StorageBackedAccountLockoutManager"
p:maxAttempts="5"
p:counterInterval="PT5M"
p:lockoutDuration="PT5M"
p:extendLockoutDuration="false" />
-->
<!--
Define entries here to map error messages detected by validation actions and classify them as particular
kinds of errors for use in your templates and as events in flows.
Keys are events to signal, values are error codes.
-->
<util:map id="shibboleth.authn.Password.ClassifiedMessageMap">
<entry key="UnknownUsername">
<list>
<value>NoCredentials</value>
<value>CLIENT_NOT_FOUND</value>
<value>Client not found</value>
<value>DN_RESOLUTION_FAILURE</value>
</list>
</entry>
<entry key="InvalidPassword">
<list>
<value>InvalidCredentials</value>
<value>PREAUTH_FAILED</value>
<value>INVALID_CREDENTIALS</value>
<value>Checksum failed</value>
</list>
</entry>
<entry key="AccountLocked">
<list>
<value>AccountLocked</value>
<value>Clients credentials have been revoked</value>
</list>
</entry>
<entry key="ExpiredPassword">
<list>
<value>PASSWORD_EXPIRED</value>
</list>
</entry>
<entry key="ExpiringPassword">
<list>
<value>ACCOUNT_WARNING</value>
</list>
</entry>
</util:map>
<!--
Configuration of "extended" login methods to offer in the password login form.
The String bean is a regular expression identifying the flows to offer. These flows
must also be enabled at the "top" level to be available for use.
The ExtendedFlowParameters bean can be used to transfer custom parameters from the
login form into the context tree for use later by other flows.
The last bean provides the set of custom Principals to use for results produced by the
Password flow itself. You would use this if you need the Password flow to run as a shell
to run the "extended" login methods, but want to limit its own results more narrowly.
-->
<!--
<bean id="shibboleth.authn.Password.ExtendedFlows" class="java.lang.String" c:_0="" />
<util:list id="shibboleth.authn.Password.ExtendedFlowParameters">
</util:list>
<util:list id="shibboleth.authn.Password.PrincipalOverride">
<bean parent="shibboleth.SAML2AuthnContextClassRef"
c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
<bean parent="shibboleth.SAML2AuthnContextClassRef"
c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" />
<bean parent="shibboleth.SAML1AuthenticationMethod"
c:method="urn:oasis:names:tc:SAML:1.0:am:password" />
</util:list>
-->
</beans>
Reference in New Issue View Git Blame Copy Permalink