mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-03-07 19:39:53 +00:00
b8733eab00
The change replaces the Vagrant box based fixture with a fixture based on docker compose and 2 docker images, one for an openldap server and one for a Shibboleth SAML Identity Provider. The configuration of both openldap and shibboleth is identical to the previous one, in order to minimize required changes in the tests
63 lines
2.9 KiB
XML
63 lines
2.9 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<beans xmlns="http://www.springframework.org/schema/beans"
|
|
xmlns:context="http://www.springframework.org/schema/context"
|
|
xmlns:util="http://www.springframework.org/schema/util"
|
|
xmlns:p="http://www.springframework.org/schema/p"
|
|
xmlns:c="http://www.springframework.org/schema/c"
|
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
|
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
|
|
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
|
|
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
|
|
|
|
default-init-method="initialize"
|
|
default-destroy-method="destroy">
|
|
|
|
<!--
|
|
Condition to evaluate to interrupt SSO flows to check the state of the transaction before allowing.
|
|
|
|
Typically the flow itself will be activated based on configuration in relying-party.xml, and this controls
|
|
whether to proceed if the flow is activated. The most common use for this flow is to check the set of
|
|
resolved/filtered attributes and values to see if the user is authorized or provisioned into a service.
|
|
-->
|
|
<bean id="shibboleth.context-check.Condition" parent="shibboleth.Conditions.AND">
|
|
<constructor-arg>
|
|
<list>
|
|
<bean parent="shibboleth.Conditions.RelyingPartyId" c:candidates="#{{'https://sp.example.org'}}" />
|
|
<bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate"
|
|
p:useUnfilteredAttributes="true">
|
|
<property name="attributeValueMap">
|
|
<map>
|
|
<entry key="eppn">
|
|
<list>
|
|
<value>*</value>
|
|
</list>
|
|
</entry>
|
|
</map>
|
|
</property>
|
|
</bean>
|
|
</list>
|
|
</constructor-arg>
|
|
</bean>
|
|
|
|
<!--
|
|
More general purpose approach using a Function that returns either "proceed" or a custom error Event.
|
|
This is a cleaner way of applying multiple conditions in different cases or triggering different events.
|
|
-->
|
|
<!--
|
|
<bean id="shibboleth.context-check.Function" parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript"
|
|
p:customObject-ref="shibboleth.context-check.Condition">
|
|
<constructor-arg>
|
|
<value>
|
|
<![CDATA[
|
|
var event = "proceed";
|
|
if (!custom.apply(input)) {
|
|
event = "ContextCheckDenied";
|
|
}
|
|
event;
|
|
]]>
|
|
</value>
|
|
</constructor-arg>
|
|
</bean>
|
|
-->
|
|
|
|
</beans> |