OpenSearch/x-pack/test/idp-fixture/idp/shibboleth-idp/conf/authn/external-authn-config.xml

71 lines
3.0 KiB
XML

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
default-init-method="initialize"
default-destroy-method="destroy">
<!-- Servlet context-relative path to wherever your implementation lives. -->
<bean id="shibboleth.authn.External.externalAuthnPath" class="java.lang.String"
c:_0="contextRelative:Authn/External" />
<!--
Default is to always use the path in the bean above. If you want to determine it
dynamically, define a bean called "shibboleth.authn.External.externalAuthnPathStrategy"
of type Function<ProfileRequestContext,String> that returns the path to use.
-->
<!--
Add authentication flow descriptor's supportedPrincipals collection to the resulting Subject?
You would normally only unset this if you plan to return a fully decorated Java Subject from your
external authentication source.
-->
<util:constant id="shibboleth.authn.External.addDefaultPrincipals" static-field="java.lang.Boolean.TRUE" />
<!--
<bean id="shibboleth.authn.External.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
c:_0="^(.+)@example\.edu]$" />
-->
<!--
Define entries here to map error messages returned by external modules and classify them as particular
kinds of errors for use in your templates and as events in flows.
Keys are events to signal, values are error codes.
The examples here just allow external signaling of the exact type of condition to record.
If you want to "fall-through" to other login flows, include a mapping to "ReselectFlow".
-->
<util:map id="shibboleth.authn.External.ClassifiedMessageMap">
<entry key="UnknownUsername">
<list>
<value>UnknownUsername</value>
</list>
</entry>
<entry key="InvalidPassword">
<list>
<value>InvalidPassword</value>
</list>
</entry>
<entry key="ExpiredPassword">
<list>
<value>ExpiredPassword</value>
</list>
</entry>
<entry key="ExpiringPassword">
<list>
<value>ExpiringPassword</value>
</list>
</entry>
</util:map>
</beans>