4.3.1→5.0.0
@@ -4,173 +4,46 @@ <display-name>Shibboleth Identity Provider</display-name> - <!-- Spring application context files. Files are loaded in the order they appear with subsequent files overwriting - same named beans in previous files. --> + <!-- + The context parameters below control V5+ auto-registration support. + Those desiring complete control over all of these steps can disable them + but this is not generally recommended, apart from toggling the optional + servlets that may not be needed. + --> + + <!-- Registers Spring support. --> <context-param> - <param-name>contextConfigLocation</param-name> - <param-value>classpath*:/META-INF/net.shibboleth.idp/preconfig.xml,classpath:/net/shibboleth/idp/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/postconfig.xml</param-value> + <param-name>net.shibboleth.idp.registerSpringConfig</param-name> + <param-value>true</param-value> </context-param> - + + <!-- Auto-registers Java filter chain required by IdP. --> <context-param> - <param-name>contextClass</param-name> - <param-value>net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext</param-value> + <param-name>net.shibboleth.idp.registerFilterChain</param-name> + <param-value>true</param-value> </context-param> - + + <!-- Auto-registers IdP dispatcher servlet. --> <context-param> - <param-name>contextInitializerClasses</param-name> - <param-value>net.shibboleth.idp.spring.IdPPropertiesApplicationContextInitializer</param-value> + <param-name>net.shibboleth.idp.registerIdPServlet</param-name> + <param-value>true</param-value> </context-param> - - <!-- Spring listener used to load up the configuration --> - <listener> - <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> - </listener> - <!-- Filters and filter mappings --> - - <!-- Try and force I18N, probably won't help much. --> - <filter> - <filter-name>CharacterEncodingFilter</filter-name> - <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> - <init-param> - <param-name>encoding</param-name> - <param-value>UTF-8</param-value> - </init-param> - <init-param> - <param-name>forceEncoding</param-name> - <param-value>true</param-value> - </init-param> - </filter> - <!-- Automates SameSite handling until Java API catches up. --> - <filter> - <filter-name>SameSiteCookieFilter</filter-name> - <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> - <init-param> - <param-name>targetBeanName</param-name> - <param-value>shibboleth.SameSiteCookieFilter</param-value> - </init-param> - </filter> - <!-- Lets us lump repeated Set-Cookie headers into one, something containers rarely support. --> - <filter> - <filter-name>CookieBufferingFilter</filter-name> - <filter-class>net.shibboleth.utilities.java.support.net.CookieBufferingFilter</filter-class> - </filter> - <!-- Allows control of response headers from within Spring beans. --> - <filter> - <filter-name>DynamicResponseHeaderFilter</filter-name> - <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> - <init-param> - <param-name>targetBeanName</param-name> - <param-value>shibboleth.ResponseHeaderFilter</param-value> - </init-param> - </filter> - <!-- Automates TLS-based propagation of HttpServletRequest/Response into beans. --> - <filter> - <filter-name>RequestResponseContextFilter</filter-name> - <filter-class>net.shibboleth.utilities.java.support.net.RequestResponseContextFilter</filter-class> - </filter> - <!-- Manages logging MDC. --> - <filter> - <filter-name>SLF4JMDCServletFilter</filter-name> - <filter-class>net.shibboleth.idp.log.SLF4JMDCServletFilter</filter-class> - </filter> + <!-- Registers optional servlets used for RemoteUser and X509 login flows. --> + <context-param> + <param-name>net.shibboleth.idp.registerRemoteUserServlet</param-name> + <param-value>true</param-value> + </context-param> + <context-param> + <param-name>net.shibboleth.idp.registerX509Servlet</param-name> + <param-value>true</param-value> + </context-param> - <filter-mapping> - <filter-name>SameSiteCookieFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - <filter-mapping> - <filter-name>CookieBufferingFilter</filter-name> - <url-pattern>/profile/admin/*</url-pattern> - <url-pattern>/profile/Logout</url-pattern> - <url-pattern>/profile/Shibboleth/SSO</url-pattern> - <url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern> - <url-pattern>/profile/SAML2/Redirect/SSO</url-pattern> - <url-pattern>/profile/SAML2/POST/SSO</url-pattern> - <url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern> - <url-pattern>/profile/SAML2/Artifact/SSO</url-pattern> - <url-pattern>/profile/SAML2/Redirect/SLO</url-pattern> - <url-pattern>/profile/SAML2/POST/SLO</url-pattern> - <url-pattern>/profile/SAML2/POST-SimpleSign/SLO</url-pattern> - <url-pattern>/profile/SAML2/Artifact/SLO</url-pattern> - <url-pattern>/profile/cas/login</url-pattern> - </filter-mapping> - <filter-mapping> - <filter-name>DynamicResponseHeaderFilter</filter-name> - <url-pattern>/profile/admin/*</url-pattern> - <url-pattern>/profile/Shibboleth/SSO</url-pattern> - <url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern> - <url-pattern>/profile/SAML2/Redirect/SSO</url-pattern> - <url-pattern>/profile/SAML2/POST/SSO</url-pattern> - <url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern> - <url-pattern>/profile/SAML2/Artifact/SSO</url-pattern> - <url-pattern>/profile/cas/login</url-pattern> - <url-pattern>/Authn/*</url-pattern> - </filter-mapping> - <filter-mapping> - <filter-name>CharacterEncodingFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - <filter-mapping> - <filter-name>RequestResponseContextFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - <filter-mapping> - <filter-name>SLF4JMDCServletFilter</filter-name> - <url-pattern>/*</url-pattern> - </filter-mapping> - - <!-- Servlets and servlet mappings --> - <servlet> - <servlet-name>idp</servlet-name> - <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> - <init-param> - <param-name>contextConfigLocation</param-name> - <param-value>classpath*:/META-INF/net/shibboleth/idp/mvc/preconfig.xml,classpath:/net/shibboleth/idp/conf/mvc-beans.xml,classpath:/net/shibboleth/idp/conf/webflow-config.xml,classpath*:/META-INF/net/shibboleth/idp/mvc/postconfig.xml</param-value> - </init-param> - <init-param> - <param-name>contextClass</param-name> - <param-value>net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext</param-value> - </init-param> - <load-on-startup>1</load-on-startup> - </servlet> - <servlet-mapping> - <servlet-name>idp</servlet-name> - <url-pattern>/status</url-pattern> - <url-pattern>/profile/*</url-pattern> - </servlet-mapping> - - <!-- Servlet protected by container used for RemoteUser authentication --> - <servlet> - <servlet-name>RemoteUserAuthHandler</servlet-name> - <servlet-class>net.shibboleth.idp.authn.impl.RemoteUserAuthServlet</servlet-class> - <load-on-startup>2</load-on-startup> - </servlet> - <servlet-mapping> - <servlet-name>RemoteUserAuthHandler</servlet-name> - <url-pattern>/Authn/RemoteUser</url-pattern> - </servlet-mapping> - - <!-- Servlet protected by container used for X.509 authentication --> - <servlet> - <servlet-name>X509AuthHandler</servlet-name> - <servlet-class>net.shibboleth.idp.authn.impl.X509AuthServlet</servlet-class> - <load-on-startup>3</load-on-startup> - </servlet> - <servlet-mapping> - <servlet-name>X509AuthHandler</servlet-name> - <url-pattern>/Authn/X509</url-pattern> - </servlet-mapping> - - <!-- Send request for the EntityID to the SAML metadata echoing JSP. --> - <servlet> - <servlet-name>shibboleth_jsp</servlet-name> - <jsp-file>/WEB-INF/jsp/metadata.jsp</jsp-file> - </servlet> - <servlet-mapping> - <servlet-name>shibboleth_jsp</servlet-name> - <url-pattern>/shibboleth</url-pattern> - </servlet-mapping> + <!-- Registers /shibboleth to return metadata file. --> + <context-param> + <param-name>net.shibboleth.idp.registerMetadataServlet</param-name> + <param-value>true</param-value> + </context-param> <!-- Send servlet errors through the IdP's MVC error handling. --> <error-page> @@ -181,11 +54,9 @@ <session-config> <session-timeout>15</session-timeout> <cookie-config> - <!-- Uncomment to add __Host- protection. --> - <!-- + <!-- Comment name and path to revert __Host- protection. --> <name>__Host-JSESSIONID</name> <path>/</path> - --> <secure>true</secure> <http-only>true</http-only> </cookie-config>
4.2.1→4.3.1
変更なし
4.1.7→4.2.1
@@ -181,8 +181,13 @@ <session-config> <session-timeout>15</session-timeout> <cookie-config> - <http-only>true</http-only> + <!-- Uncomment to add __Host- protection. --> + <!-- + <name>__Host-JSESSIONID</name> + <path>/</path> + --> <secure>true</secure> + <http-only>true</http-only> </cookie-config> <tracking-mode>COOKIE</tracking-mode> </session-config>
4.1.2→4.1.7
変更なし
4.1.0→4.1.2
@@ -179,6 +179,7 @@ </error-page> <session-config> + <session-timeout>15</session-timeout> <cookie-config> <http-only>true</http-only> <secure>true</secure>
4.0.1→4.1.0
@@ -8,7 +8,7 @@ same named beans in previous files. --> <context-param> <param-name>contextConfigLocation</param-name> - <param-value>classpath*:/META-INF/net.shibboleth.idp/preconfig.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/postconfig.xml</param-value> + <param-value>classpath*:/META-INF/net.shibboleth.idp/preconfig.xml,classpath:/net/shibboleth/idp/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/postconfig.xml</param-value> </context-param> <context-param> @@ -126,7 +126,7 @@ <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> - <param-value>${idp.home}/system/conf/mvc-beans.xml, ${idp.home}/system/conf/webflow-config.xml</param-value> + <param-value>classpath*:/META-INF/net/shibboleth/idp/mvc/preconfig.xml,classpath:/net/shibboleth/idp/conf/mvc-beans.xml,classpath:/net/shibboleth/idp/conf/webflow-config.xml,classpath*:/META-INF/net/shibboleth/idp/mvc/postconfig.xml</param-value> </init-param> <init-param> <param-name>contextClass</param-name> @@ -209,7 +209,7 @@ <http-method-omission>OPTIONS</http-method-omission> <http-method-omission>POST</http-method-omission> </web-resource-collection> - <authn-constraint/> + <auth-constraint/> </security-constraint> <!-- Allow any HTTP methods to the API flows. -->
4.0.0→4.0.1
@@ -186,17 +186,30 @@ <tracking-mode>COOKIE</tracking-mode> </session-config> - <!-- Block commonly flagged methods by using an empty auth-constraint. --> + <!-- Allow intended methods by using an absent auth-constraint. --> <security-constraint> <web-resource-collection> <web-resource-name>Non-API Content</web-resource-name> <url-pattern>/*</url-pattern> - <http-method>PUT</http-method> - <http-method>PATCH</http-method> - <http-method>DELETE</http-method> - <http-method>TRACE</http-method> + <http-method>GET</http-method> + <http-method>HEAD</http-method> + <http-method>OPTIONS</http-method> + <http-method>POST</http-method> </web-resource-collection> - <auth-constraint/> + <!-- no auth-constraint tag here --> + </security-constraint> + + <!-- Disallow other methods by using an empty auth-constraint. --> + <security-constraint> + <web-resource-collection> + <web-resource-name>Non-API Content</web-resource-name> + <url-pattern>/*</url-pattern> + <http-method-omission>GET</http-method-omission> + <http-method-omission>HEAD</http-method-omission> + <http-method-omission>OPTIONS</http-method-omission> + <http-method-omission>POST</http-method-omission> + </web-resource-collection> + <authn-constraint/> </security-constraint> <!-- Allow any HTTP methods to the API flows. -->
3.4.8→4.0.0
@@ -8,7 +8,7 @@ same named beans in previous files. --> <context-param> <param-name>contextConfigLocation</param-name> - <param-value>classpath*:/META-INF/net.shibboleth.idp/preconfig.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml,classpath*:/META-INF/net.shibboleth.idp/postconfig.xml</param-value> + <param-value>classpath*:/META-INF/net.shibboleth.idp/preconfig.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/postconfig.xml</param-value> </context-param> <context-param> @@ -27,6 +27,7 @@ </listener> <!-- Filters and filter mappings --> + <!-- Try and force I18N, probably won't help much. --> <filter> <filter-name>CharacterEncodingFilter</filter-name> @@ -40,6 +41,15 @@ <param-value>true</param-value> </init-param> </filter> + <!-- Automates SameSite handling until Java API catches up. --> + <filter> + <filter-name>SameSiteCookieFilter</filter-name> + <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> + <init-param> + <param-name>targetBeanName</param-name> + <param-value>shibboleth.SameSiteCookieFilter</param-value> + </init-param> + </filter> <!-- Lets us lump repeated Set-Cookie headers into one, something containers rarely support. --> <filter> <filter-name>CookieBufferingFilter</filter-name> @@ -64,6 +74,11 @@ <filter-name>SLF4JMDCServletFilter</filter-name> <filter-class>net.shibboleth.idp.log.SLF4JMDCServletFilter</filter-class> </filter> + + <filter-mapping> + <filter-name>SameSiteCookieFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> <filter-mapping> <filter-name>CookieBufferingFilter</filter-name> <url-pattern>/profile/admin/*</url-pattern>
3.4.0→3.4.8
@@ -73,9 +73,11 @@ <url-pattern>/profile/SAML2/Redirect/SSO</url-pattern> <url-pattern>/profile/SAML2/POST/SSO</url-pattern> <url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern> + <url-pattern>/profile/SAML2/Artifact/SSO</url-pattern> <url-pattern>/profile/SAML2/Redirect/SLO</url-pattern> <url-pattern>/profile/SAML2/POST/SLO</url-pattern> <url-pattern>/profile/SAML2/POST-SimpleSign/SLO</url-pattern> + <url-pattern>/profile/SAML2/Artifact/SLO</url-pattern> <url-pattern>/profile/cas/login</url-pattern> </filter-mapping> <filter-mapping> @@ -86,6 +88,7 @@ <url-pattern>/profile/SAML2/Redirect/SSO</url-pattern> <url-pattern>/profile/SAML2/POST/SSO</url-pattern> <url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern> + <url-pattern>/profile/SAML2/Artifact/SSO</url-pattern> <url-pattern>/profile/cas/login</url-pattern> <url-pattern>/Authn/*</url-pattern> </filter-mapping> @@ -176,7 +179,6 @@ <http-method>PUT</http-method> <http-method>PATCH</http-method> <http-method>DELETE</http-method> - <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint/>
3.3.0→3.4.0
@@ -45,6 +45,15 @@ <filter-name>CookieBufferingFilter</filter-name> <filter-class>net.shibboleth.utilities.java.support.net.CookieBufferingFilter</filter-class> </filter> + <!-- Allows control of response headers from within Spring beans. --> + <filter> + <filter-name>DynamicResponseHeaderFilter</filter-name> + <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> + <init-param> + <param-name>targetBeanName</param-name> + <param-value>shibboleth.ResponseHeaderFilter</param-value> + </init-param> + </filter> <!-- Automates TLS-based propagation of HttpServletRequest/Response into beans. --> <filter> <filter-name>RequestResponseContextFilter</filter-name> @@ -57,6 +66,7 @@ </filter> <filter-mapping> <filter-name>CookieBufferingFilter</filter-name> + <url-pattern>/profile/admin/*</url-pattern> <url-pattern>/profile/Logout</url-pattern> <url-pattern>/profile/Shibboleth/SSO</url-pattern> <url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern> @@ -69,6 +79,17 @@ <url-pattern>/profile/cas/login</url-pattern> </filter-mapping> <filter-mapping> + <filter-name>DynamicResponseHeaderFilter</filter-name> + <url-pattern>/profile/admin/*</url-pattern> + <url-pattern>/profile/Shibboleth/SSO</url-pattern> + <url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern> + <url-pattern>/profile/SAML2/Redirect/SSO</url-pattern> + <url-pattern>/profile/SAML2/POST/SSO</url-pattern> + <url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern> + <url-pattern>/profile/cas/login</url-pattern> + <url-pattern>/Authn/*</url-pattern> + </filter-mapping> + <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> @@ -139,6 +160,14 @@ <location>/profile/RaiseError</location> </error-page> + <session-config> + <cookie-config> + <http-only>true</http-only> + <secure>true</secure> + </cookie-config> + <tracking-mode>COOKIE</tracking-mode> + </session-config> + <!-- Block commonly flagged methods by using an empty auth-constraint. --> <security-constraint> <web-resource-collection>
3.2.1→3.3.0
@@ -8,7 +8,7 @@ same named beans in previous files. --> <context-param> <param-name>contextConfigLocation</param-name> - <param-value>${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value> + <param-value>classpath*:/META-INF/net.shibboleth.idp/preconfig.xml,${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml,classpath*:/META-INF/net.shibboleth.idp/postconfig.xml</param-value> </context-param> <context-param> @@ -52,7 +52,7 @@ </filter> <!-- Manages logging MDC. --> <filter> - <filter-name>SL4JMDCServletFilter</filter-name> + <filter-name>SLF4JMDCServletFilter</filter-name> <filter-class>net.shibboleth.idp.log.SLF4JMDCServletFilter</filter-class> </filter> <filter-mapping> @@ -77,14 +77,10 @@ <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> - <filter-name>SL4JMDCServletFilter</filter-name> + <filter-name>SLF4JMDCServletFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> - <!-- HTTP headers to every response in order to prevent response caching --> - <!-- <filter> <filter-name>IdPNoCacheFilter</filter-name> <filter-class>edu.internet2.middleware.shibboleth.idp.util.NoCacheFilter</filter-class> - </filter> <filter-mapping> <filter-name>IdPNoCacheFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> --> - <!-- Servlets and servlet mappings --> <servlet> <servlet-name>idp</servlet-name> @@ -136,6 +132,35 @@ <servlet-name>shibboleth_jsp</servlet-name> <url-pattern>/shibboleth</url-pattern> </servlet-mapping> + + <!-- Send servlet errors through the IdP's MVC error handling. --> + <error-page> + <exception-type>net.shibboleth.idp.authn.ExternalAuthenticationException</exception-type> + <location>/profile/RaiseError</location> + </error-page> + + <!-- Block commonly flagged methods by using an empty auth-constraint. --> + <security-constraint> + <web-resource-collection> + <web-resource-name>Non-API Content</web-resource-name> + <url-pattern>/*</url-pattern> + <http-method>PUT</http-method> + <http-method>PATCH</http-method> + <http-method>DELETE</http-method> + <http-method>OPTIONS</http-method> + <http-method>TRACE</http-method> + </web-resource-collection> + <auth-constraint/> + </security-constraint> + + <!-- Allow any HTTP methods to the API flows. --> + <security-constraint> + <web-resource-collection> + <web-resource-name>Administrative APIs</web-resource-name> + <url-pattern>/profile/admin/*</url-pattern> + </web-resource-collection> + <!-- no auth-constraint tag here --> + </security-constraint> <!-- Uncomment to use container managed authentication. The new servlet spec (3.1) @@ -150,7 +175,6 @@ <web-resource-name>user authentication</web-resource-name> <url-pattern>/Authn/RemoteUser</url-pattern> <url-pattern>/profile/SAML2/SOAP/ECP</url-pattern> - <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint>
3.1.2→3.2.1
@@ -8,12 +8,12 @@ same named beans in previous files. --> <context-param> <param-name>contextConfigLocation</param-name> - <param-value>${idp.home}/system/conf/global-system.xml</param-value> + <param-value>${idp.home}/system/conf/global-system.xml,classpath*:/META-INF/net.shibboleth.idp/config.xml</param-value> </context-param> <context-param> <param-name>contextClass</param-name> - <param-value>net.shibboleth.ext.spring.context.DeferPlaceholderFileSystemXmlWebApplicationContext</param-value> + <param-value>net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext</param-value> </context-param> <context-param> @@ -45,24 +45,6 @@ <filter-name>CookieBufferingFilter</filter-name> <filter-class>net.shibboleth.utilities.java.support.net.CookieBufferingFilter</filter-class> </filter> - <!-- Automates the unpack and pack of the cookie-based storage model. --> - <filter> - <filter-name>ClientSessionStorageServiceFilter</filter-name> - <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> - <init-param> - <param-name>targetBeanName</param-name> - <param-value>shibboleth.ClientSessionStorageService</param-value> - </init-param> - </filter> - <!-- Automates the unpack and pack of the cookie-based storage model. --> - <filter> - <filter-name>ClientPersistentStorageServiceFilter</filter-name> - <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> - <init-param> - <param-name>targetBeanName</param-name> - <param-value>shibboleth.ClientPersistentStorageService</param-value> - </init-param> - </filter> <!-- Automates TLS-based propagation of HttpServletRequest/Response into beans. --> <filter> <filter-name>RequestResponseContextFilter</filter-name> @@ -87,28 +69,6 @@ <url-pattern>/profile/cas/login</url-pattern> </filter-mapping> <filter-mapping> - <filter-name>ClientSessionStorageServiceFilter</filter-name> - <url-pattern>/profile/Logout</url-pattern> - <url-pattern>/profile/Shibboleth/SSO</url-pattern> - <url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern> - <url-pattern>/profile/SAML2/Redirect/SSO</url-pattern> - <url-pattern>/profile/SAML2/POST/SSO</url-pattern> - <url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern> - <url-pattern>/profile/SAML2/Redirect/SLO</url-pattern> - <url-pattern>/profile/SAML2/POST/SLO</url-pattern> - <url-pattern>/profile/SAML2/POST-SimpleSign/SLO</url-pattern> - <url-pattern>/profile/cas/login</url-pattern> - </filter-mapping> - <filter-mapping> - <filter-name>ClientPersistentStorageServiceFilter</filter-name> - <url-pattern>/profile/Shibboleth/SSO</url-pattern> - <url-pattern>/profile/SAML2/Unsolicited/SSO</url-pattern> - <url-pattern>/profile/SAML2/Redirect/SSO</url-pattern> - <url-pattern>/profile/SAML2/POST/SSO</url-pattern> - <url-pattern>/profile/SAML2/POST-SimpleSign/SSO</url-pattern> - <url-pattern>/profile/cas/login</url-pattern> - </filter-mapping> - <filter-mapping> <filter-name>CharacterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> @@ -131,11 +91,11 @@ <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> - <param-value>${idp.home}/system/conf/mvc-beans.xml ${idp.home}/system/conf/webflow-config.xml</param-value> + <param-value>${idp.home}/system/conf/mvc-beans.xml, ${idp.home}/system/conf/webflow-config.xml</param-value> </init-param> <init-param> <param-name>contextClass</param-name> - <param-value>net.shibboleth.ext.spring.context.DeferPlaceholderFileSystemXmlWebApplicationContext</param-value> + <param-value>net.shibboleth.ext.spring.context.DelimiterAwareApplicationContext</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet>
1 Comment
Takeshi Nishimura
参考: https://git.shibboleth.net/view/?p=java-identity-provider.git;a=history;f=idp-war/src/main/webapp/WEB-INF/web.xml;h=0940c5739ba34a071cf4e81085ceb03e0982390b;hb=HEAD