Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
shib-idp-conftree/conf/authn/spnego-authn-config.xml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
74 lines (60 sloc)
3.13 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <beans xmlns="http://www.springframework.org/schema/beans" | |
| xmlns:context="http://www.springframework.org/schema/context" | |
| xmlns:util="http://www.springframework.org/schema/util" | |
| xmlns:p="http://www.springframework.org/schema/p" | |
| xmlns:c="http://www.springframework.org/schema/c" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd | |
| http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd | |
| http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" | |
| default-init-method="initialize" | |
| default-destroy-method="destroy"> | |
| <!-- General Configuration --> | |
| <!-- | |
| Enforce running SPNEGO for all users, independent of user's autologin state. | |
| TRUE means that SPNEGO login is always tried (if available). | |
| FALSE means that SPNEGO login is run only if the user has enabled autologin. | |
| --> | |
| <util:constant id="shibboleth.authn.SPNEGO.EnforceRun" static-field="java.lang.Boolean.FALSE" /> | |
| <!-- Kerberos Configuration--> | |
| <!-- General Kerberos Settings --> | |
| <util:constant id="shibboleth.authn.SPNEGO.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" /> | |
| <!-- Kerberos Service Principal(s) --> | |
| <!-- | |
| For each service principal/realm, a "RealmSettings" bean must be created. | |
| For each "RealmSettings" bean, the following settings are supported: | |
| p:servicePrincipal: - kerberos service principal (required) | |
| p:keytab: - path to the keytab file containing the kerberos service principal's credentials | |
| (optional; either "p:keytab" or "p:password" is required) | |
| p:password: - kerberos service principal's password | |
| (optional; either "p:keytab" or "p:password" is required) | |
| --> | |
| <util:list id="shibboleth.authn.SPNEGO.Krb5.Realms"> | |
| <bean parent="shibboleth.KerberosRealmSettings" | |
| p:servicePrincipal="HTTP/aai-logon.domain_a.com@DOMAIN_A.COM" | |
| p:keytab="%{idp.home}/credentials/http_domainA.keytab" /> | |
| </util:list> | |
| <!-- | |
| <bean id="shibboleth.authn.SPNEGO.matchExpression" class="java.util.regex.Pattern" factory-method="compile" | |
| c:_0="^(.+)@example\.edu$" /> | |
| --> | |
| <!-- | |
| Define entries here to map events or error messages returned by the SPNEGO module | |
| and classify them as particular kinds of errors for use in your templates and as | |
| events in flows. | |
| Keys are events to signal, values are error codes. | |
| --> | |
| <util:map id="shibboleth.authn.SPNEGO.ClassifiedMessageMap"> | |
| <entry key="SPNEGONotAvailable"> | |
| <list> | |
| <value>SPNEGONotAvailable</value> | |
| </list> | |
| </entry> | |
| <entry key="NTLMUnsupported"> | |
| <list> | |
| <value>NTLMUnsupported</value> | |
| </list> | |
| </entry> | |
| </util:map> | |
| </beans> |