<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:c="http://www.springframework.org/schema/c"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
default-init-method="initialize"
default-destroy-method="destroy">
<bean id="shibboleth.IdentifiableBeanPostProcessor"
class="net.shibboleth.ext.spring.config.IdentifiableBeanPostProcessor" />
<bean id="pathEscaper" class="com.google.common.net.UrlEscapers" factory-method="urlPathSegmentEscaper" />
<!-- Used as activationCondition-ref in resolver "proper" to trigger lookup with a tag. -->
<bean id="GrouperCondition" parent="shibboleth.Conditions.EntityDescriptor">
<constructor-arg name="pred">
<bean class="org.opensaml.saml.common.profile.logic.EntityAttributesPredicate">
<constructor-arg>
<list>
<bean class="org.opensaml.saml.common.profile.logic.EntityAttributesPredicate.Candidate"
c:name="http://shibboleth.net/ns/attributes/releaseAllValues"
p:values="grouperGroups" />
</list>
</constructor-arg>
</bean>
</constructor-arg>
</bean>
<!-- HttpClient bean for web service calls. -->
<bean id="grouperHttpClient" parent="shibboleth.HttpClientFactory" lazy-init="true"
class="net.shibboleth.idp.profile.spring.relyingparty.metadata.HttpClientFactoryBean"
p:maxConnectionsPerRoute="20"
p:maxConnectionsTotal="20"
p:connectionTimeout="PT2S"
p:connectionRequestTimeout="PT2S"
p:socketTimeout="PT5S"
p:tLSSocketFactory-ref="shibboleth.SecurityEnhancedTLSSocketFactory" />
<!-- Security parameters for HTTP client. -->
<bean id="grouperHttpSecurity" lazy-init="true"
class="org.opensaml.security.httpclient.HttpClientSecurityParameters"
p:preemptiveBasicAuthMap-ref="grouperAuthMap">
<property name="tLSTrustEngine">
<bean parent="shibboleth.StaticPKIXTrustEngine"
p:checkNames="true"
p:trustedNames="*.service.osu.edu"
p:verifyDepth="3">
<property name="certificates">
<list>
<value>%{idp.home}/credentials/usertrust.pem</value>
</list>
</property>
</bean>
</property>
</bean>
<util:map id="grouperAuthMap">
<entry>
<key>
<bean parent="shibboleth.HttpHost"
p:scheme="https" p:hostname="group-management-ws.service.osu.edu" p:port="443" />
</key>
<bean parent="shibboleth.BasicAuthCredentials"
p:username="%{idp.grouper-ws.username}" p:password="%{idp.grouper-ws.password}" />
</entry>
</util:map>
<!-- Custom object used to hash SP entityIDs. -->
<bean id="osu.StringDigester" class="net.shibboleth.utilities.java.support.codec.StringDigester" c:algorithm="SHA1" c:format="HEX_LOWER" />
<util:map id="osu.GroupsCustomObjects">
<entry key="digester" value-ref="osu.StringDigester" />
<entry key="servletRequestSupplier" value-ref="shibboleth.HttpServletRequestSupplier" />
</util:map>
</beans> |