mattias-lidman · July 12, 2011 19:54
diff --git a/gistfile1.txt b/gistfile1.txt
 <?xml version="1.0" encoding="UTF-8"?>

 <ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler"
                     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                     xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">

    <!-- Error Handler -->
    <ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" />

    <!-- Profile Handlers -->
    <!-- 
        All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile 
        handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status"
     -->
    <ProfileHandler xsi:type="Status">
        <RequestPath>/Status</RequestPath>
    </ProfileHandler>
    
    <ProfileHandler xsi:type="SAMLMetadata" metadataFile="/usr/local/idp/metadata/idp-metadata.xml">
        <RequestPath>/Metadata/SAML</RequestPath>
    </ProfileHandler>    

    <ProfileHandler xsi:type="ShibbolethSSO"
                    inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post 
                                                urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
        <RequestPath>/Shibboleth/SSO</RequestPath>
    </ProfileHandler>
    
    <ProfileHandler xsi:type="SAML1AttributeQuery" 
                    inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
        <RequestPath>/SAML1/SOAP/AttributeQuery</RequestPath>
    </ProfileHandler>
    
    <ProfileHandler xsi:type="SAML1ArtifactResolution" 
                    inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
        <RequestPath>/SAML1/SOAP/ArtifactResolution</RequestPath>
    </ProfileHandler>
    
    <ProfileHandler xsi:type="SAML2SSO" 
                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
        <RequestPath>/SAML2/POST/SSO</RequestPath>
    </ProfileHandler>

    <ProfileHandler xsi:type="SAML2SSO" 
                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
        <RequestPath>/SAML2/POST-SimpleSign/SSO</RequestPath>
    </ProfileHandler>

    <ProfileHandler xsi:type="SAML2SSO" 
                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 
                                                urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
        <RequestPath>/SAML2/Redirect/SSO</RequestPath>
    </ProfileHandler>
    
    <ProfileHandler xsi:type="SAML2AttributeQuery"
                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
        <RequestPath>/SAML2/SOAP/AttributeQuery</RequestPath>
    </ProfileHandler>
    
    <ProfileHandler xsi:type="SAML2ArtifactResolution" 
                    inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
                    outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
        <RequestPath>/SAML2/SOAP/ArtifactResolution</RequestPath>
    </ProfileHandler>
    
    <!-- Login Handlers -->
    <LoginHandler xsi:type="RemoteUser">
        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
    </LoginHandler>
    
    <!--  Username/password login handler -->
    <!-- 
    <LoginHandler xsi:type="UsernamePassword" 
                  jaasConfigurationLocation="file:///usr/local/idp/conf/login.config">
        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
    </LoginHandler>
    -->
    
    <!-- 
        Removal of this login handler will disable SSO support, that is it will require the user to authenticate 
        on every request.
    -->
    <LoginHandler xsi:type="PreviousSession">
        <AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod>
    </LoginHandler>

 </ProfileHandlerGroup>
	<?xml version="1.0" encoding="UTF-8"?>

	<ProfileHandlerGroup xmlns="urn:mace:shibboleth:2.0:idp:profile-handler"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="urn:mace:shibboleth:2.0:idp:profile-handler classpath:/schema/shibboleth-2.0-idp-profile-handler.xsd">

	<!-- Error Handler -->
	<ErrorHandler xsi:type="JSPErrorHandler" jspPagePath="/error.jsp" />

	<!-- Profile Handlers -->
	<!--
	All profile handlers defined below are accessed via the Servlet path "/profile" so if your profile
	handler's request path is "/Status" then the full path is "<servletContextName>/profile/Status"
	-->
	<ProfileHandler xsi:type="Status">
	<RequestPath>/Status</RequestPath>
	</ProfileHandler>

	<ProfileHandler xsi:type="SAMLMetadata" metadataFile="/usr/local/idp/metadata/idp-metadata.xml">
	<RequestPath>/Metadata/SAML</RequestPath>
	</ProfileHandler>

	<ProfileHandler xsi:type="ShibbolethSSO"
	inboundBinding="urn:mace:shibboleth:1.0:profiles:AuthnRequest"
	outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:profiles:browser-post
	urn:oasis:names:tc:SAML:1.0:profiles:artifact-01">
	<RequestPath>/Shibboleth/SSO</RequestPath>
	</ProfileHandler>

	<ProfileHandler xsi:type="SAML1AttributeQuery"
	inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
	outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
	<RequestPath>/SAML1/SOAP/AttributeQuery</RequestPath>
	</ProfileHandler>

	<ProfileHandler xsi:type="SAML1ArtifactResolution"
	inboundBinding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding"
	outboundBindingEnumeration="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding">
	<RequestPath>/SAML1/SOAP/ArtifactResolution</RequestPath>
	</ProfileHandler>

	<ProfileHandler xsi:type="SAML2SSO"
	inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
	outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
	urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
	urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
	<RequestPath>/SAML2/POST/SSO</RequestPath>
	</ProfileHandler>

	<ProfileHandler xsi:type="SAML2SSO"
	inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign"
	outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
	urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
	urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
	<RequestPath>/SAML2/POST-SimpleSign/SSO</RequestPath>
	</ProfileHandler>

	<ProfileHandler xsi:type="SAML2SSO"
	inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
	outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign
	urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
	urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact">
	<RequestPath>/SAML2/Redirect/SSO</RequestPath>
	</ProfileHandler>

	<ProfileHandler xsi:type="SAML2AttributeQuery"
	inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
	outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
	<RequestPath>/SAML2/SOAP/AttributeQuery</RequestPath>
	</ProfileHandler>

	<ProfileHandler xsi:type="SAML2ArtifactResolution"
	inboundBinding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP"
	outboundBindingEnumeration="urn:oasis:names:tc:SAML:2.0:bindings:SOAP">
	<RequestPath>/SAML2/SOAP/ArtifactResolution</RequestPath>
	</ProfileHandler>

	<!-- Login Handlers -->
	<LoginHandler xsi:type="RemoteUser">
	<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</AuthenticationMethod>
	</LoginHandler>

	<!-- Username/password login handler -->
	<!--
	<LoginHandler xsi:type="UsernamePassword"
	jaasConfigurationLocation="file:///usr/local/idp/conf/login.config">
	<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</AuthenticationMethod>
	</LoginHandler>
	-->

	<!--
	Removal of this login handler will disable SSO support, that is it will require the user to authenticate
	on every request.
	-->
	<LoginHandler xsi:type="PreviousSession">
	<AuthenticationMethod>urn:oasis:names:tc:SAML:2.0:ac:classes:PreviousSession</AuthenticationMethod>
	</LoginHandler>

	</ProfileHandlerGroup>