Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
shib-idp-conftree/conf/access-control.xml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
68 lines (58 sloc)
2.9 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <beans xmlns="http://www.springframework.org/schema/beans" | |
| xmlns:context="http://www.springframework.org/schema/context" | |
| xmlns:util="http://www.springframework.org/schema/util" | |
| xmlns:p="http://www.springframework.org/schema/p" | |
| xmlns:c="http://www.springframework.org/schema/c" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd | |
| http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd | |
| http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" | |
| default-init-method="initialize" | |
| default-destroy-method="destroy"> | |
| <!-- | |
| Map of access control policies used to limit access to administrative functions. | |
| The purpose of the map is to label policies with a key/name so they can be reused. | |
| --> | |
| <!-- | |
| Use the "shibboleth.IPRangeAccessControl" parent bean for IP-based access control. | |
| The ranges provided MUST be CIDR network expressions. To specify a single address, | |
| add "/32" or "/128" for IPv4 or IPv6 respectively. | |
| The additional examples below demonstrate how to control access by username | |
| and by attribute(s), in the case of authenticated access to admin functions. | |
| --> | |
| <util:map id="shibboleth.AccessControlPolicies"> | |
| <entry key="AccessByIPAddress"> | |
| <bean id="AccessByIPAddress" parent="shibboleth.IPRangeAccessControl" | |
| p:allowedRanges="#{ {'127.0.0.1/32', '::1/128'} }" /> | |
| </entry> | |
| <!-- | |
| <entry key="AccessByUser"> | |
| <bean parent="shibboleth.PredicateAccessControl"> | |
| <constructor-arg> | |
| <bean parent="shibboleth.Conditions.SubjectName" c:collection="#{'jdoe'}" /> | |
| </constructor-arg> | |
| </bean> | |
| </entry> | |
| --> | |
| <!-- | |
| <entry key="AccessByAttribute"> | |
| <bean parent="shibboleth.PredicateAccessControl"> | |
| <constructor-arg> | |
| <bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate"> | |
| <property name="attributeValueMap"> | |
| <map> | |
| <entry key="eduPersonEntitlement"> | |
| <list> | |
| <value>https://example.org/entitlement/idpadmin</value> | |
| </list> | |
| </entry> | |
| </map> | |
| </property> | |
| </bean> | |
| </constructor-arg> | |
| </bean> | |
| </entry> | |
| --> | |
| </util:map> | |
| </beans> |