Skip to content
Permalink
a4b0f8c109
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

midPoint_container/demo/grouper/midpoint_server/container_files/mp-home/post-initial-objects/securityPolicy/000-security-policy.xml

Go to file
 
 
Cannot retrieve contributors at this time
148 lines (147 sloc) 6.75 KB
Raw Blame
<?xml version="1.0" encoding="UTF-8"?>
<objects xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3"
xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3">
<securityPolicy xmlns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:c="http://midpoint.evolveum.com/xml/ns/public/common/common-3" xmlns:icfs="http://midpoint.evolveum.com/xml/ns/public/connector/icf-1/resource-schema-3" xmlns:org="http://midpoint.evolveum.com/xml/ns/public/common/org-3" xmlns:q="http://prism.evolveum.com/xml/ns/public/query-3" xmlns:ri="http://midpoint.evolveum.com/xml/ns/public/resource/instance-3" xmlns:t="http://prism.evolveum.com/xml/ns/public/types-3" oid="00000000-0000-0000-0000-000000000120" version="2">
<name>Default Security Policy</name>
<authentication>
<modules>
<loginForm>
<name>internalLoginForm</name>
<description>Internal username/password authentication, default user password, login form</description>
</loginForm>
<httpBasic>
<name>internalBasic</name>
<description>Internal username/password authentication, using HTTP basic auth</description>
</httpBasic>
<saml2>
<name>mySamlSso</name>
<description>My internal enterprise SAML-based SSO system.</description>
<network>
<readTimeout>10000</readTimeout>
<connectTimeout>5000</connectTimeout>
</network>
<serviceProvider>
<entityId>midpointdemo-shibboleth</entityId>
<signRequests>true</signRequests>
<wantAssertionsSigned>true</wantAssertionsSigned>
<singleLogoutEnabled>true</singleLogoutEnabled>
<nameId>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</nameId>
<keys>
<activeKeyStoreKey>
<keyStorePath>/etc/pki/mp/sp-shibboleth-keys.jks</keyStorePath>
<keyStorePassword>
<t:clearValue>changeit</t:clearValue>
</keyStorePassword>
<keyAlias>signing-key</keyAlias>
<keyPassword>
<t:clearValue>password</t:clearValue>
</keyPassword>
</activeKeyStoreKey>
<standByKeyStoreKey>
<keyStorePath>/etc/pki/mp/sp-shibboleth-keys.jks</keyStorePath>
<keyStorePassword>
<t:clearValue>changeit</t:clearValue>
</keyStorePassword>
<keyAlias>encrypt-key</keyAlias>
<keyPassword>
<t:clearValue>password</t:clearValue>
</keyPassword>
<type>encryption</type>
</standByKeyStoreKey>
</keys>
<provider>
<entityId>https://idptestbed/idp/shibboleth</entityId>
<alias>idp-shibboleth</alias>
<metadata>
<pathToFile>/etc/shibboleth/idp-metadata.xml</pathToFile>
</metadata>
<skipSslValidation>true</skipSslValidation>
<linkText>Shibboleth</linkText>
<authenticationRequestBinding>urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST</authenticationRequestBinding>
<nameOfUsernameAttribute>uid</nameOfUsernameAttribute>
</provider>
</serviceProvider>
</saml2>
</modules>
<sequence>
<name>admin-gui-default</name>
<description>
Default GUI authentication sequence.
</description>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
<default>true</default>
<urlSuffix>gui-default</urlSuffix>
</channel>
<module>
<name>internalLoginForm</name>
<order>30</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<sequence>
<name>admin-gui-emergency</name>
<description>
Special GUI authentication sequence that is using just the internal user password.
</description>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#user</channelId>
<default>false</default>
<urlSuffix>emergency</urlSuffix>
</channel>
<requireAssignmentTarget oid="00000000-0000-0000-0000-000000000004" relation="org:default" type="c:RoleType">
</requireAssignmentTarget>
<module>
<name>internalLoginForm</name>
<order>30</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<sequence>
<name>rest</name>
<description>
Authentication sequence for REST service.
</description>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#rest</channelId>
<default>true</default>
<urlSuffix>rest-default</urlSuffix>
</channel>
<module>
<name>internalBasic</name>
<order>10</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<sequence>
<name>actuator</name>
<description>
Authentication sequence for actuator.
</description>
<channel>
<channelId>http://midpoint.evolveum.com/xml/ns/public/common/channels-3#actuator</channelId>
<default>true</default>
<urlSuffix>actuator-default</urlSuffix>
</channel>
<module>
<name>internalBasic</name>
<order>10</order>
<necessity>sufficient</necessity>
</module>
</sequence>
<ignoredLocalPath>/actuator</ignoredLocalPath>
<ignoredLocalPath>/actuator/health</ignoredLocalPath>
</authentication>
<credentials>
<password>
<minOccurs>0</minOccurs>
<lockoutMaxFailedAttempts>3</lockoutMaxFailedAttempts>
<lockoutFailedAttemptsDuration>PT3M</lockoutFailedAttemptsDuration>
<lockoutDuration>PT15M</lockoutDuration>
<valuePolicyRef xmlns:tns="http://midpoint.evolveum.com/xml/ns/public/common/common-3" oid="00000000-0000-0000-0000-000000000003" relation="org:default" type="tns:ValuePolicyType">
</valuePolicyRef>
</password>
</credentials>
</securityPolicy>
</objects>