Updated Server configuration (markdown)

Server-configuration.md

@@ -7,3 +7,30 @@ The MITREid Connect server can function as an OpenID Connect Identity Provider (
 * `task-config.xml`: Defines scheduled tasks that should be run repeatedly with a fixed-delay. In our master branch, we have 2 tasks defined: clear out expired tokens, and clear out expired ApprovedSite definitions.
 * `local-config.xml`: Any remaining new bean definitions that don't fit existing categories but need to be added to the configuration. This is loaded last.
 
+## user-context.xml
+
+If you override this file, be sure to include the `promptFilter` in your configured filters stack for handling `prompt=login`, `prompt=consent`, and `prompt=none` functions. Also make sure your primary authentication filter references `authenticationTimeStamper` as its `authenticationSuccessHandler`. An example of a custom configuration follows:
+
+```xml
+
+    <bean id="ssoFilter" class="org.mitre.openid.connect.mitreadaptor.filter.X509LoginUrlFilter">
+    	<property name="authenticationSuccessHandler" ref="authenticationTimeStamper" /> 
+        <property name="authenticationManager" ref="authenticationManager" />
+        <property name="principalExtractor" ref="principalExtractor" />
+    </bean>
+
+	<security:http entry-point-ref="authenticationEntryPoint" use-expressions="true" disable-url-rewriting="true"
+			authentication-manager-ref="authenticationManager" pattern="/**">
+		<security:intercept-url pattern="/**" access="permitAll" />
+		
+		<security:custom-filter ref="promptFilter" after="SECURITY_CONTEXT_FILTER" />
+ 		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
+		<security:custom-filter ref="ssoFilter" before="BASIC_AUTH_FILTER" />
+		
+		<security:expression-handler ref="oauthWebExpressionHandler" />
+		<security:logout logout-url="/logout" />
+		<security:anonymous />
+	</security:http>	
+
+
+```