diff --git a/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/service/envers/EnversEntityDescriptorVersionServiceTests.groovy b/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/service/envers/EnversEntityDescriptorVersionServiceTests.groovy index f996c534d..76ca684e8 100644 --- a/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/service/envers/EnversEntityDescriptorVersionServiceTests.groovy +++ b/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/service/envers/EnversEntityDescriptorVersionServiceTests.groovy @@ -6,7 +6,7 @@ import edu.internet2.tier.shibboleth.admin.ui.configuration.Internationalization import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration import edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository import edu.internet2.tier.shibboleth.admin.ui.repository.envers.EnversTestsSupport import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService @@ -121,7 +121,7 @@ class EnversEntityDescriptorVersionServiceTests extends Specification { def edRepresentation = entityDescriptorVersionService.findSpecificVersionOfEntityDescriptor(ed.resourceId, '1000') false } - catch (EntityNotFoundException expected) { + catch (PersistentEntityNotFound expected) { true } } diff --git a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy index beb593a70..4a903610e 100644 --- a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy +++ b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy @@ -157,6 +157,8 @@ class SeleniumSIDETest extends Specification { 'SHIBUI-1674: Verify metadata source tooltips' | '/SHIBUI-1674-1.side' 'SHIBUI-1674: Verify metadata provider tooltips' | '/SHIBUI-1674-2.side' 'SHIBUI-1674: Verify advanced menu tooltips' | '/SHIBUI-1674-3.side' + 'SHIBUI-2270: Verify property set CRUD' | '/SHIBUI-2270-1.side' + 'SHIBUI-2270: Verify full property set' | '/SHIBUI-2270-2.side' 'SHIBUI-2268: Verify Algorithm Filter' | '/SHIBUI-2268.side' 'SHIBUI-2269: Verify XML generation of external filters' | '/SHIBUI-2269.side' } diff --git a/backend/src/integration/resources/SHIBUI-2270-1.side b/backend/src/integration/resources/SHIBUI-2270-1.side new file mode 100644 index 000000000..b9d67cff4 --- /dev/null +++ b/backend/src/integration/resources/SHIBUI-2270-1.side @@ -0,0 +1,562 @@ +{ + "id": "1b31a551-eb09-4bd4-8db9-694bf1539a46", + "version": "2.0", + "name": "SHIBUI-2270-1", + "url": "http://localhost:10101", + "tests": [{ + "id": "841ade0e-83bd-4a4b-94f2-de6bd5c536b2", + "name": "SHIBUI-2270-1", + "commands": [{ + "id": "d6b23986-6d14-4b10-be7b-a7e6f576e3b2", + "comment": "", + "command": "open", + "target": "/login", + "targets": [], + "value": "" + }, { + "id": "f77ecd77-01c2-4463-944e-1a69600f5297", + "comment": "", + "command": "type", + "target": "name=username", + "targets": [ + ["name=username", "name"], + ["css=tr:nth-child(1) input", "css:finder"], + ["xpath=//input[@name='username']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "admin" + }, { + "id": "c9bf0a22-faa9-494c-b2ed-6c9653248551", + "comment": "", + "command": "type", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "adminpass" + }, { + "id": "7ab1d854-3582-4101-bd19-f94b8f438090", + "comment": "", + "command": "sendKeys", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "${KEY_ENTER}" + }, { + "id": "4059cae7-b9f9-49d0-a213-343bcaba66d1", + "comment": "", + "command": "waitForElementVisible", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "f03af8d5-5875-4a2c-b93a-c3ddcbd4b16a", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "081f495b-4d84-4758-824c-1e85b6311e7f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }, { + "id": "9e912dd5-6ace-45be-bafd-2d1655906575", + "comment": "", + "command": "open", + "target": "/", + "targets": [], + "value": "" + }, { + "id": "d388e4d3-79b7-4948-a6f6-907d0a46f35c", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-toggle", + "targets": [ + ["id=advanced-nav-dropdown-toggle", "id"], + ["css=#advanced-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='advanced-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[3]/button", "xpath:position"], + ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "14841cc4-c8f1-48c2-9f85-a7aaf9f0a91d", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-properties", + "targets": [ + ["id=advanced-nav-dropdown-properties", "id"], + ["linkText=Shibboleth configurations", "linkText"], + ["css=#advanced-nav-dropdown-properties", "css:finder"], + ["xpath=//a[contains(text(),'Shibboleth configurations')]", "xpath:link"], + ["xpath=//a[@id='advanced-nav-dropdown-properties']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/div/a[5]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations')]", "xpath:href"], + ["xpath=//a[5]", "xpath:position"], + ["xpath=//a[contains(.,'Shibboleth configurations')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "8a824b21-89be-4531-baa3-db217375dfb1", + "comment": "", + "command": "click", + "target": "linkText=Create Shibboleth configuration set", + "targets": [ + ["linkText=Create Shibboleth configuration set", "linkText"], + ["css=.btn-success", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Create Shibboleth configuration set')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "da25d3be-ebb4-4ad7-8264-dfb688ef157d", + "comment": "", + "command": "type", + "target": "id=formName", + "targets": [ + ["id=formName", "id"], + ["name=name", "name"], + ["css=#formName", "css:finder"], + ["xpath=//input[@id='formName']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "Test Configuration" + }, { + "id": "7d40119c-c87f-4743-bdfb-3368f556ce89", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "a9ae0330-b553-49d6-aafd-0566d6ef8015", + "comment": "", + "command": "click", + "target": "id=property-selector-item-2", + "targets": [ + ["id=property-selector-item-2", "id"], + ["linkText=- idp.resolvertest.accessPolicy", "linkText"], + ["css=#property-selector-item-2", "css:finder"], + ["xpath=//a[contains(text(),'- idp.resolvertest.accessPolicy')]", "xpath:link"], + ["xpath=//a[@id='property-selector-item-2']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[2]", "xpath:href"], + ["xpath=//div[2]/div/div/div/div/div[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'- idp.resolvertest.accessPolicy')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "e9a4a85f-b6bb-4d3a-9042-4d873c3b6cc6", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[8]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "e4bc2487-9f04-45ee-b6ac-dd2b0de2b54e", + "comment": "", + "command": "click", + "target": "id=property-selector-item-10", + "targets": [ + ["id=property-selector-item-10", "id"], + ["linkText=- idp.lockout.defaultAuthenticationMethods", "linkText"], + ["css=#property-selector-item-10", "css:finder"], + ["xpath=//a[contains(text(),'- idp.lockout.defaultAuthenticationMethods')]", "xpath:link"], + ["xpath=//a[@id='property-selector-item-10']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/a[8]", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[10]", "xpath:href"], + ["xpath=//a[8]", "xpath:position"], + ["xpath=//a[contains(.,'- idp.lockout.defaultAuthenticationMethods')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "1384295d-fed8-42f4-9651-27a900fbb2ac", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[10]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "e90d0c3a-ef37-4c83-a7d1-1fc053e6404c", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.resolvertest.accessPolicy", + "targets": [ + ["id=valueInput-idp.resolvertest.accessPolicy", "id"], + ["name=properties.0.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.accessPolicy", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.accessPolicy']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr/td[4]/div/input", "xpath:idRelative"], + ["xpath=//td[4]/div/input", "xpath:position"] + ], + "value": "test1" + }, { + "id": "fa61e81b-309a-4e32-b5ce-61f7dcd06eb3", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.lockout.defaultAuthenticationMethods", + "targets": [ + ["id=valueInput-idp.lockout.defaultAuthenticationMethods", "id"], + ["name=properties.1.propertyValue", "name"], + ["css=#valueInput-idp\\.lockout\\.defaultAuthenticationMethods", "css:finder"], + ["xpath=//input[@id='valueInput-idp.lockout.defaultAuthenticationMethods']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[2]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[2]/td[4]/div/input", "xpath:position"] + ], + "value": "test2" + }, { + "id": "18d127f8-a5b9-4634-bf44-d4432fe4122d", + "comment": "", + "command": "click", + "target": "css=tr:nth-child(2) .svg-inline--fa", + "targets": [ + ["css=tr:nth-child(2) .svg-inline--fa", "css:finder"] + ], + "value": "" + }, { + "id": "63f4e5a3-8846-4d80-8c42-3d1f5d8ec5c9", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "420da5f7-5e5d-46c9-b58c-ff33e51bcd04", + "comment": "", + "command": "click", + "target": "id=property-selector-item-10", + "targets": [ + ["id=property-selector-item-10", "id"], + ["linkText=- idp.lockout.defaultAuthenticationMethods", "linkText"], + ["css=#property-selector-item-10", "css:finder"], + ["xpath=//a[contains(text(),'- idp.lockout.defaultAuthenticationMethods')]", "xpath:link"], + ["xpath=//a[@id='property-selector-item-10']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/a[8]", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[10]", "xpath:href"], + ["xpath=//a[8]", "xpath:position"], + ["xpath=//a[contains(.,'- idp.lockout.defaultAuthenticationMethods')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f54f3946-a1f5-4392-99c0-0e1ce5958993", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "7206299c-901e-4273-86f2-7f14002ff78b", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.lockout.defaultAuthenticationMethods", + "targets": [ + ["id=valueInput-idp.lockout.defaultAuthenticationMethods", "id"], + ["name=properties.1.propertyValue", "name"], + ["css=#valueInput-idp\\.lockout\\.defaultAuthenticationMethods", "css:finder"], + ["xpath=//input[@id='valueInput-idp.lockout.defaultAuthenticationMethods']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[2]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[2]/td[4]/div/input", "xpath:position"] + ], + "value": "test3" + }, { + "id": "23de6d39-9745-47a5-a3e1-84c0fb35d1e1", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "dfaa87c9-7a0b-445d-aa7a-942bc73d2f02", + "comment": "", + "command": "click", + "target": "linkText=Edit", + "targets": [ + ["linkText=Edit", "linkText"], + ["css=.btn-primary", "css:finder"], + ["xpath=//a[contains(text(),'Edit')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '/configurations/28/edit')])[2]", "xpath:href"], + ["xpath=//td[3]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Edit')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ed029697-17af-4ca6-9299-862ba5c43864", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "9b66c662-75a5-4ad8-9e19-ebe65905a108", + "comment": "", + "command": "click", + "target": "id=property-selector-item-58", + "targets": [ + ["id=property-selector-item-58", "id"], + ["linkText=- idp.csrf.token.parameter", "linkText"], + ["css=#property-selector-item-58", "css:finder"], + ["xpath=//a[contains(text(),'- idp.csrf.token.parameter')]", "xpath:link"], + ["xpath=//a[@id='property-selector-item-58']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/a[51]", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[58]", "xpath:href"], + ["xpath=//a[51]", "xpath:position"], + ["xpath=//a[contains(.,'- idp.csrf.token.parameter')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "2c2ccf47-4386-4e3d-8a2b-0b3e183462a7", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "e5a94855-f4c7-404c-8fa6-06c19f0f16f6", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.csrf.token.parameter", + "targets": [ + ["id=valueInput-idp.csrf.token.parameter", "id"], + ["name=properties.2.propertyValue", "name"], + ["css=#valueInput-idp\\.csrf\\.token\\.parameter", "css:finder"], + ["xpath=//input[@id='valueInput-idp.csrf.token.parameter']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[3]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[3]/td[4]/div/input", "xpath:position"] + ], + "value": "test4" + }, { + "id": "4e763745-940a-410b-9e49-89483a0927fd", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "137da111-edeb-4e27-a9f0-8b00d8f44e9f", + "comment": "", + "command": "click", + "target": "linkText=Create Shibboleth configuration set", + "targets": [ + ["linkText=Create Shibboleth configuration set", "linkText"], + ["css=.btn-success", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Create Shibboleth configuration set')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3348ed8d-812e-46cc-bfb4-bc751893291a", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a74652db-1910-473f-8f3a-7c955182895d", + "comment": "", + "command": "click", + "target": "id=property-selector-item-17", + "targets": [ + ["id=property-selector-item-17", "id"], + ["linkText=AttendedRestartConfiguration - Add all", "linkText"], + ["css=#property-selector-item-17", "css:finder"], + ["xpath=//a[@id='property-selector-item-17']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[6]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[17]", "xpath:href"], + ["xpath=//div[6]/a", "xpath:position"], + ["xpath=//a[contains(.,'AttendedRestartConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a7279237-b6c7-47ca-a16b-145405569c44", + "comment": "", + "command": "type", + "target": "id=formName", + "targets": [ + ["id=formName", "id"], + ["name=name", "name"], + ["css=#formName", "css:finder"], + ["xpath=//input[@id='formName']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "Test Configuration 2" + }, { + "id": "eadfb399-b11f-46d1-a665-a526a53f90b0", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "309348c8-22c7-4ff6-90c2-43a0aa2c68cc", + "comment": "", + "command": "assertText", + "target": "css=tr:nth-child(7) > td:nth-child(1)", + "targets": [ + ["css=tr:nth-child(7) > td:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[7]/td", "xpath:idRelative"], + ["xpath=//tr[7]/td", "xpath:position"], + ["xpath=//td[contains(.,'idp.unlock-keys.authenticated')]", "xpath:innerText"] + ], + "value": "idp.unlock-keys.authenticated" + }, { + "id": "2be9a988-be21-4258-9c8f-21928e860a24", + "comment": "", + "command": "click", + "target": "css=.fa-floppy-disk > path", + "targets": [ + ["css=.fa-floppy-disk > path", "css:finder"] + ], + "value": "" + }, { + "id": "728c88fd-020a-49dc-a979-ba123f7ed53a", + "comment": "", + "command": "click", + "target": "css=tr:nth-child(1) .btn-danger", + "targets": [ + ["css=tr:nth-child(1) .btn-danger", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/button", "xpath:idRelative"], + ["xpath=//td[3]/div/button", "xpath:position"], + ["xpath=//button[contains(.,'  Delete')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9c03d978-0d3b-4590-af7e-3b024c699e15", + "comment": "", + "command": "click", + "target": "css=.btn-danger:nth-child(1)", + "targets": [ + ["css=.btn-danger:nth-child(1)", "css:finder"], + ["xpath=(//button[@type='button'])[11]", "xpath:attributes"], + ["xpath=//div[4]/div/div/div[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "a8a0060c-a5d9-4597-ba57-f390073fc98b", + "comment": "", + "command": "click", + "target": "css=.btn-danger", + "targets": [ + ["css=.btn-danger", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/button", "xpath:idRelative"], + ["xpath=//td[3]/div/button", "xpath:position"], + ["xpath=//button[contains(.,'  Delete')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "7dc604df-8358-43bb-9401-49717be23ac6", + "comment": "", + "command": "click", + "target": "css=.btn-danger:nth-child(1)", + "targets": [ + ["css=.btn-danger:nth-child(1)", "css:finder"], + ["xpath=(//button[@type='button'])[8]", "xpath:attributes"], + ["xpath=//div[4]/div/div/div[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "e339a2e6-6e87-4a37-899c-8f7e9e309866", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "7e35b427-036a-49f6-a9f2-b31bc916490c", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] + }], + "suites": [{ + "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", + "name": "Default Suite", + "persistSession": false, + "parallel": false, + "timeout": 300, + "tests": ["841ade0e-83bd-4a4b-94f2-de6bd5c536b2"] + }], + "urls": ["http://localhost:10101/"], + "plugins": [] +} \ No newline at end of file diff --git a/backend/src/integration/resources/SHIBUI-2270-2.side b/backend/src/integration/resources/SHIBUI-2270-2.side new file mode 100644 index 000000000..2872ad331 --- /dev/null +++ b/backend/src/integration/resources/SHIBUI-2270-2.side @@ -0,0 +1,2143 @@ +{ + "id": "1b31a551-eb09-4bd4-8db9-694bf1539a46", + "version": "2.0", + "name": "SHIBUI-2270-2", + "url": "http://localhost:10101", + "tests": [{ + "id": "841ade0e-83bd-4a4b-94f2-de6bd5c536b2", + "name": "SHIBUI-2270-2", + "commands": [{ + "id": "d6b23986-6d14-4b10-be7b-a7e6f576e3b2", + "comment": "", + "command": "open", + "target": "/login", + "targets": [], + "value": "" + }, { + "id": "f77ecd77-01c2-4463-944e-1a69600f5297", + "comment": "", + "command": "type", + "target": "name=username", + "targets": [ + ["name=username", "name"], + ["css=tr:nth-child(1) input", "css:finder"], + ["xpath=//input[@name='username']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "admin" + }, { + "id": "c9bf0a22-faa9-494c-b2ed-6c9653248551", + "comment": "", + "command": "type", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "adminpass" + }, { + "id": "7ab1d854-3582-4101-bd19-f94b8f438090", + "comment": "", + "command": "sendKeys", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "${KEY_ENTER}" + }, { + "id": "4059cae7-b9f9-49d0-a213-343bcaba66d1", + "comment": "", + "command": "waitForElementVisible", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "f03af8d5-5875-4a2c-b93a-c3ddcbd4b16a", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "081f495b-4d84-4758-824c-1e85b6311e7f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }, { + "id": "9e912dd5-6ace-45be-bafd-2d1655906575", + "comment": "", + "command": "open", + "target": "/", + "targets": [], + "value": "" + }, { + "id": "d388e4d3-79b7-4948-a6f6-907d0a46f35c", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-toggle", + "targets": [ + ["id=advanced-nav-dropdown-toggle", "id"], + ["css=#advanced-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='advanced-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[3]/button", "xpath:position"], + ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "14841cc4-c8f1-48c2-9f85-a7aaf9f0a91d", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-properties", + "targets": [ + ["id=advanced-nav-dropdown-properties", "id"], + ["linkText=Shibboleth configurations", "linkText"], + ["css=#advanced-nav-dropdown-properties", "css:finder"], + ["xpath=//a[contains(text(),'Shibboleth configurations')]", "xpath:link"], + ["xpath=//a[@id='advanced-nav-dropdown-properties']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/div/a[5]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations')]", "xpath:href"], + ["xpath=//a[5]", "xpath:position"], + ["xpath=//a[contains(.,'Shibboleth configurations')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "8a824b21-89be-4531-baa3-db217375dfb1", + "comment": "", + "command": "click", + "target": "linkText=Create Shibboleth configuration set", + "targets": [ + ["linkText=Create Shibboleth configuration set", "linkText"], + ["css=.btn-success", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Create Shibboleth configuration set')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "da25d3be-ebb4-4ad7-8264-dfb688ef157d", + "comment": "", + "command": "type", + "target": "id=formName", + "targets": [ + ["id=formName", "id"], + ["name=name", "name"], + ["css=#formName", "css:finder"], + ["xpath=//input[@id='formName']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "Test Configuration" + }, { + "id": "3fae037d-0e59-4b9d-adf2-dbd624b72613", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "2fe0a124-dfe0-4c40-a3b3-b1d8861505a8", + "comment": "", + "command": "click", + "target": "id=property-selector-item-1", + "targets": [ + ["id=property-selector-item-1", "id"], + ["linkText=AACLI - Add all", "linkText"], + ["css=#property-selector-item-1", "css:finder"], + ["xpath=//a[@id='property-selector-item-1']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[2]/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '#')]", "xpath:href"], + ["xpath=//div[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'AACLI - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "be761931-fb77-4030-bc2c-2577d3a99580", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div[2]/input", "xpath:idRelative"], + ["xpath=//div[2]/input", "xpath:position"] + ], + "value": "" + }, { + "id": "eb50041f-bf6e-4ef4-92ee-9319f79b8336", + "comment": "", + "command": "click", + "target": "id=property-selector-item-9", + "targets": [ + ["id=property-selector-item-9", "id"], + ["linkText=AccountLockoutManagement - Add all", "linkText"], + ["css=#property-selector-item-9", "css:finder"], + ["xpath=//a[@id='property-selector-item-9']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[4]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[9]", "xpath:href"], + ["xpath=//div[4]/a", "xpath:position"], + ["xpath=//a[contains(.,'AccountLockoutManagement - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "de63d0c0-9504-4339-b76f-ce21b7c9f5f8", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9f0ee002-e494-4409-9461-35d70ec30bf3", + "comment": "", + "command": "click", + "target": "id=property-selector-item-17", + "targets": [ + ["id=property-selector-item-17", "id"], + ["linkText=AttendedRestartConfiguration - Add all", "linkText"], + ["css=#property-selector-item-17", "css:finder"], + ["xpath=//a[@id='property-selector-item-17']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[6]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[17]", "xpath:href"], + ["xpath=//div[6]/a", "xpath:position"], + ["xpath=//a[contains(.,'AttendedRestartConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b1cb5ac9-027c-45f2-b7c2-d1a661378928", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div[4]/input", "xpath:idRelative"], + ["xpath=//div[4]/input", "xpath:position"] + ], + "value": "" + }, { + "id": "53354967-a636-428a-8dea-c771e2ee3add", + "comment": "", + "command": "click", + "target": "id=property-selector-item-25", + "targets": [ + ["id=property-selector-item-25", "id"], + ["linkText=AttributePostLoginC14NConfiguration - Add all", "linkText"], + ["css=#property-selector-item-25", "css:finder"], + ["xpath=//a[@id='property-selector-item-25']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[8]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[25]", "xpath:href"], + ["xpath=//div[8]/a", "xpath:position"], + ["xpath=//a[contains(.,'AttributePostLoginC14NConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ff91bfaf-f6ce-42c2-9dd4-1c52268d140d", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "825680dd-0180-4b92-a2df-40d041c24831", + "comment": "", + "command": "click", + "target": "id=property-selector-item-33", + "targets": [ + ["id=property-selector-item-33", "id"], + ["linkText=AuditLoggingConfiguration - Add all", "linkText"], + ["css=#property-selector-item-33", "css:finder"], + ["xpath=//a[@id='property-selector-item-33']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[10]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[33]", "xpath:href"], + ["xpath=//div[10]/a", "xpath:position"], + ["xpath=//a[contains(.,'AuditLoggingConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "1c671949-1992-4cbd-930c-0153e1fea983", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[12]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "7e6f1147-95fa-4f2e-b71c-bdc2265c8537", + "comment": "", + "command": "click", + "target": "id=property-selector-item-49", + "targets": [ + ["id=property-selector-item-49", "id"], + ["linkText=AuthenticationConfiguration - Add all", "linkText"], + ["css=#property-selector-item-49", "css:finder"], + ["xpath=//a[@id='property-selector-item-49']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[12]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[49]", "xpath:href"], + ["xpath=//div[12]/a", "xpath:position"], + ["xpath=//a[contains(.,'AuthenticationConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "384ea0fc-0bc1-4f63-b736-7e1d67277662", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div[7]/input", "xpath:idRelative"], + ["xpath=//div[7]/input", "xpath:position"] + ], + "value": "" + }, { + "id": "2158cbdc-85be-4082-938c-00a14e0d6d63", + "comment": "", + "command": "click", + "target": "id=property-selector-item-59", + "targets": [ + ["id=property-selector-item-59", "id"], + ["linkText=CSRF - Add all", "linkText"], + ["css=#property-selector-item-59", "css:finder"], + ["xpath=//a[@id='property-selector-item-59']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[14]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[59]", "xpath:href"], + ["xpath=//div[14]/a", "xpath:position"], + ["xpath=//a[contains(.,'CSRF - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a861c6d1-277e-438f-a49c-d47521f67dcc", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[14]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f71b15c0-ff1b-4f26-8630-b755e1af00aa", + "comment": "", + "command": "click", + "target": "id=property-selector-item-62", + "targets": [ + ["id=property-selector-item-62", "id"], + ["linkText=CasProtocolConfiguration - Add all", "linkText"], + ["css=#property-selector-item-62", "css:finder"], + ["xpath=//a[@id='property-selector-item-62']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[16]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[62]", "xpath:href"], + ["xpath=//div[16]/a", "xpath:position"], + ["xpath=//a[contains(.,'CasProtocolConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "50f0c334-c0ca-43dc-8464-6d5d5b64de3e", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[15]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ab25fbad-3959-4b65-ae5b-cd8cf81679d3", + "comment": "", + "command": "click", + "target": "id=property-selector-item-66", + "targets": [ + ["id=property-selector-item-66", "id"], + ["linkText=ConsentConfiguration - Add all", "linkText"], + ["css=#property-selector-item-66", "css:finder"], + ["xpath=//a[@id='property-selector-item-66']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[18]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[66]", "xpath:href"], + ["xpath=//div[18]/a", "xpath:position"], + ["xpath=//a[contains(.,'ConsentConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5b5e0325-1735-4b9a-9920-5dac993cbb13", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[16]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d06957b0-f5fa-4960-ac87-750566eb8484", + "comment": "", + "command": "click", + "target": "id=property-selector-item-84", + "targets": [ + ["id=property-selector-item-84", "id"], + ["linkText=Core - Add all", "linkText"], + ["css=#property-selector-item-84", "css:finder"], + ["xpath=//a[@id='property-selector-item-84']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[20]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[84]", "xpath:href"], + ["xpath=//div[20]/a", "xpath:position"], + ["xpath=//a[contains(.,'Core - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cf7d85ba-7edc-4bf1-938a-a88fd04c7252", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[17]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "630e9dc2-89d6-435e-bd3d-040814109f16", + "comment": "", + "command": "click", + "target": "id=property-selector-item-100", + "targets": [ + ["id=property-selector-item-100", "id"], + ["linkText=DuoAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-100", "css:finder"], + ["xpath=//a[@id='property-selector-item-100']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[22]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[100]", "xpath:href"], + ["xpath=//div[22]/a", "xpath:position"], + ["xpath=//a[contains(.,'DuoAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9f2f0c50-7465-4879-bb68-822bca1f0fa3", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div[12]/input", "xpath:idRelative"], + ["xpath=//div[12]/input", "xpath:position"] + ], + "value": "" + }, { + "id": "6f28c9cc-1006-456b-ae72-b70006636829", + "comment": "", + "command": "click", + "target": "id=property-selector-item-127", + "targets": [ + ["id=property-selector-item-127", "id"], + ["linkText=DuoOIDCAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-127", "css:finder"], + ["xpath=//a[@id='property-selector-item-127']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[24]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[127]", "xpath:href"], + ["xpath=//div[24]/a", "xpath:position"], + ["xpath=//a[contains(.,'DuoOIDCAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3b326c6f-96d3-4f6c-ba82-e9ffd95517f1", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "ec3ac03f-c46b-4e1c-a89d-e2dc9826ca98", + "comment": "", + "command": "click", + "target": "id=property-selector-item-169", + "targets": [ + ["id=property-selector-item-169", "id"], + ["linkText=ErrorHandlingConfiguration - Add all", "linkText"], + ["css=#property-selector-item-169", "css:finder"], + ["xpath=//a[@id='property-selector-item-169']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[26]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[169]", "xpath:href"], + ["xpath=//div[26]/a", "xpath:position"], + ["xpath=//a[contains(.,'ErrorHandlingConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ce43ffb1-3979-4381-a155-9a2a59d1ac95", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[20]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "62d42fb7-00e2-400d-a1be-adcbf826ce3a", + "comment": "", + "command": "click", + "target": "id=property-selector-item-175", + "targets": [ + ["id=property-selector-item-175", "id"], + ["linkText=ExternalAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-175", "css:finder"], + ["xpath=//a[@id='property-selector-item-175']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[28]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[175]", "xpath:href"], + ["xpath=//div[28]/a", "xpath:position"], + ["xpath=//a[contains(.,'ExternalAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b1c01f80-778c-4ea3-b952-dd84c18e5904", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[21]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "8a3757ee-2564-436e-abc5-e0584a59a82e", + "comment": "", + "command": "click", + "target": "id=property-selector-item-192", + "targets": [ + ["id=property-selector-item-192", "id"], + ["linkText=FTICKSLoggingConfiguration - Add all", "linkText"], + ["css=#property-selector-item-192", "css:finder"], + ["xpath=//a[@id='property-selector-item-192']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[30]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[192]", "xpath:href"], + ["xpath=//div[30]/a", "xpath:position"], + ["xpath=//a[contains(.,'FTICKSLoggingConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "c6bfe838-9027-4c25-990e-e451e9d04a4d", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "0c462504-cb92-421d-aeb0-8afecac90aec", + "comment": "", + "command": "click", + "target": "id=property-selector-item-199", + "targets": [ + ["id=property-selector-item-199", "id"], + ["linkText=FunctionAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-199", "css:finder"], + ["xpath=//a[@id='property-selector-item-199']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[32]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[199]", "xpath:href"], + ["xpath=//div[32]/a", "xpath:position"], + ["xpath=//a[contains(.,'FunctionAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "892d14a0-9ab0-4c05-945b-bd96d461eba8", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[23]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9a809145-1f01-4a6b-8eaf-836f91a9bd5a", + "comment": "", + "command": "click", + "target": "id=property-selector-item-214", + "targets": [ + ["id=property-selector-item-214", "id"], + ["linkText=HelloWorldConfiguration - Add all", "linkText"], + ["css=#property-selector-item-214", "css:finder"], + ["xpath=//a[@id='property-selector-item-214']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[34]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[214]", "xpath:href"], + ["xpath=//div[34]/a", "xpath:position"], + ["xpath=//a[contains(.,'HelloWorldConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "8e3dc610-99f9-4a85-a0c0-cd572ccf0a84", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[24]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "fa182a6d-bba7-4f50-a6d8-a5391b592004", + "comment": "", + "command": "click", + "target": "id=property-selector-item-222", + "targets": [ + ["id=property-selector-item-222", "id"], + ["linkText=IPAddressAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-222", "css:finder"], + ["xpath=//a[@id='property-selector-item-222']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[36]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[222]", "xpath:href"], + ["xpath=//div[36]/a", "xpath:position"], + ["xpath=//a[contains(.,'IPAddressAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "17e45a4b-9d00-478f-9add-c1a7138a7959", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[25]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "2a3578cb-56d5-4805-8e82-2058e17c3ad5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-237", + "targets": [ + ["id=property-selector-item-237", "id"], + ["linkText=JAASAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-237", "css:finder"], + ["xpath=//a[@id='property-selector-item-237']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[38]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[237]", "xpath:href"], + ["xpath=//div[38]/a", "xpath:position"], + ["xpath=//a[contains(.,'JAASAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3aedee37-3445-4679-afe8-62e53b348e52", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down > path", + "targets": [ + ["css=.fa-caret-down > path", "css:finder"] + ], + "value": "" + }, { + "id": "fce00a94-ffe3-4771-b33d-e6c8cde6c690", + "comment": "", + "command": "click", + "target": "id=property-selector-item-240", + "targets": [ + ["id=property-selector-item-240", "id"], + ["linkText=KerberosAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-240", "css:finder"], + ["xpath=//a[@id='property-selector-item-240']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[40]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[240]", "xpath:href"], + ["xpath=//div[40]/a", "xpath:position"], + ["xpath=//a[contains(.,'KerberosAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "37642e97-2b2a-4cfd-9b71-d150c13b1b2d", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[27]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "fdae4c41-909b-44b1-b245-469c430a09a0", + "comment": "", + "command": "click", + "target": "id=property-selector-item-245", + "targets": [ + ["id=property-selector-item-245", "id"], + ["linkText=LDAPAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-245", "css:finder"], + ["xpath=//a[@id='property-selector-item-245']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[42]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[245]", "xpath:href"], + ["xpath=//div[42]/a", "xpath:position"], + ["xpath=//a[contains(.,'LDAPAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f34f0217-ff82-441b-a73b-b25f791bc546", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[28]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d30d9da8-65e0-41a1-b27f-c4cc998c97fd", + "comment": "", + "command": "click", + "target": "id=property-selector-item-281", + "targets": [ + ["id=property-selector-item-281", "id"], + ["linkText=LogoutConfiguration - Add all", "linkText"], + ["css=#property-selector-item-281", "css:finder"], + ["xpath=//a[@id='property-selector-item-281']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[44]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[281]", "xpath:href"], + ["xpath=//div[44]/a", "xpath:position"], + ["xpath=//a[contains(.,'LogoutConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cb442dbe-c609-4b8b-ac55-2d32362be80b", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[29]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "19b1de66-7601-4e41-a345-657c5417f23f", + "comment": "", + "command": "click", + "target": "id=property-selector-item-288", + "targets": [ + ["id=property-selector-item-288", "id"], + ["linkText=MetadataQuery - Add all", "linkText"], + ["css=#property-selector-item-288", "css:finder"], + ["xpath=//a[@id='property-selector-item-288']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[46]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[288]", "xpath:href"], + ["xpath=//div[46]/a", "xpath:position"], + ["xpath=//a[contains(.,'MetadataQuery - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "513c8bd3-cbb4-443f-9a90-8a2ae9d5c0ce", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[30]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "515cc435-61ee-430a-8cdc-ac41e3926fbc", + "comment": "", + "command": "click", + "target": "id=property-selector-item-296", + "targets": [ + ["id=property-selector-item-296", "id"], + ["linkText=MetadataReload - Add all", "linkText"], + ["css=#property-selector-item-296", "css:finder"], + ["xpath=//a[@id='property-selector-item-296']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[48]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[296]", "xpath:href"], + ["xpath=//div[48]/a", "xpath:position"], + ["xpath=//a[contains(.,'MetadataReload - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "6d5dcd3a-0d08-4140-9634-196e2e2fdb90", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "2b2a05d9-4e8b-45cf-882f-08328cb0b6e5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-304", + "targets": [ + ["id=property-selector-item-304", "id"], + ["linkText=Metadatagen - Add all", "linkText"], + ["css=#property-selector-item-304", "css:finder"], + ["xpath=//a[@id='property-selector-item-304']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[50]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[304]", "xpath:href"], + ["xpath=//div[50]/a", "xpath:position"], + ["xpath=//a[contains(.,'Metadatagen - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f1709162-b102-48da-81b0-5862158fd74d", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[32]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "643c1db8-10f8-4146-94fb-bf920b007c00", + "comment": "", + "command": "click", + "target": "id=property-selector-item-313", + "targets": [ + ["id=property-selector-item-313", "id"], + ["linkText=MetricsConfiguration - Add all", "linkText"], + ["css=#property-selector-item-313", "css:finder"], + ["xpath=//a[@id='property-selector-item-313']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[52]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[313]", "xpath:href"], + ["xpath=//div[52]/a", "xpath:position"], + ["xpath=//a[contains(.,'MetricsConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "206468ff-7786-4e32-96dd-4c0e9a2194b7", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[33]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "00f2e151-13aa-4ac0-bb0c-d7e531f422a5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-320", + "targets": [ + ["id=property-selector-item-320", "id"], + ["linkText=Misc - Add all", "linkText"], + ["css=#property-selector-item-320", "css:finder"], + ["xpath=//a[@id='property-selector-item-320']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[54]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[320]", "xpath:href"], + ["xpath=//div[54]/a", "xpath:position"], + ["xpath=//a[contains(.,'Misc - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "c06b4caf-e093-49b4-8cac-f71bda476995", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "031e88e8-bde7-4d25-8aab-919bc8882901", + "comment": "", + "command": "click", + "target": "id=property-selector-item-326", + "targets": [ + ["id=property-selector-item-326", "id"], + ["linkText=MultiFactorAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-326", "css:finder"], + ["xpath=//a[@id='property-selector-item-326']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[56]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[326]", "xpath:href"], + ["xpath=//div[56]/a", "xpath:position"], + ["xpath=//a[contains(.,'MultiFactorAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "7ab63a23-e0ab-4a07-8ef8-9fdb6af9f59b", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[35]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "34cbdae8-4b4c-4faa-a38c-f3a9c5475e45", + "comment": "", + "command": "click", + "target": "id=property-selector-item-342", + "targets": [ + ["id=property-selector-item-342", "id"], + ["linkText=NameIDConsumptionConfiguration - Add all", "linkText"], + ["css=#property-selector-item-342", "css:finder"], + ["xpath=//a[@id='property-selector-item-342']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[58]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[342]", "xpath:href"], + ["xpath=//div[58]/a", "xpath:position"], + ["xpath=//a[contains(.,'NameIDConsumptionConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "15c61405-c967-475f-b494-6bdb461b5283", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[36]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "6e13ab35-510b-4e7b-976c-457d59f65606", + "comment": "", + "command": "click", + "target": "id=property-selector-item-345", + "targets": [ + ["id=property-selector-item-345", "id"], + ["linkText=NameIDGenerationConfiguration - Add all", "linkText"], + ["css=#property-selector-item-345", "css:finder"], + ["xpath=//a[@id='property-selector-item-345']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[60]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[345]", "xpath:href"], + ["xpath=//div[60]/a", "xpath:position"], + ["xpath=//a[contains(.,'NameIDGenerationConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "74505e9c-1a4b-441d-9e21-fce8077576b4", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[37]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ec03564e-9ff9-4c53-914e-e33e8efec3b8", + "comment": "", + "command": "click", + "target": "id=property-selector-item-349", + "targets": [ + ["id=property-selector-item-349", "id"], + ["linkText=OAuth2ClientAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-349", "css:finder"], + ["xpath=//a[@id='property-selector-item-349']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[62]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[349]", "xpath:href"], + ["xpath=//div[62]/a", "xpath:position"], + ["xpath=//a[contains(.,'OAuth2ClientAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9bc758f1-8c06-429e-abf4-78fadd181d56", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[38]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a81e8d28-41b8-47d1-901b-6d36fb90398d", + "comment": "", + "command": "click", + "target": "id=property-selector-item-358", + "targets": [ + ["id=property-selector-item-358", "id"], + ["linkText=OIDC OP - Add all", "linkText"], + ["css=#property-selector-item-358", "css:finder"], + ["xpath=//a[@id='property-selector-item-358']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[64]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[358]", "xpath:href"], + ["xpath=//div[64]/a", "xpath:position"], + ["xpath=//a[contains(.,'OIDC OP - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5e1646f3-7841-4b97-96c9-639c6f7ef3ca", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[39]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f3865e29-6b36-49ab-99a4-44370b5ed974", + "comment": "", + "command": "click", + "target": "id=property-selector-item-371", + "targets": [ + ["id=property-selector-item-371", "id"], + ["linkText=OPAuthorization - Add all", "linkText"], + ["css=#property-selector-item-371", "css:finder"], + ["xpath=//a[@id='property-selector-item-371']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[66]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[371]", "xpath:href"], + ["xpath=//div[66]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPAuthorization - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "821c3a6d-b9a6-45bf-bda3-46c2f1e87303", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[40]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "72620249-22a8-436b-b506-670fad77fefa", + "comment": "", + "command": "click", + "target": "id=property-selector-item-378", + "targets": [ + ["id=property-selector-item-378", "id"], + ["linkText=OPClientAuthentication - Add all", "linkText"], + ["css=#property-selector-item-378", "css:finder"], + ["xpath=//a[@id='property-selector-item-378']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[68]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[378]", "xpath:href"], + ["xpath=//div[68]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPClientAuthentication - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "e8d736c8-be22-4411-87d4-0a1eefcc821e", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "d8ef3cf9-1398-4bcd-b976-92a2a471ce1c", + "comment": "", + "command": "click", + "target": "id=property-selector-item-380", + "targets": [ + ["id=property-selector-item-380", "id"], + ["linkText=OPClientCredentialsGrant - Add all", "linkText"], + ["css=#property-selector-item-380", "css:finder"], + ["xpath=//a[@id='property-selector-item-380']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[70]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[380]", "xpath:href"], + ["xpath=//div[70]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPClientCredentialsGrant - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ed236cf8-e185-4b41-a47f-2a9219eab773", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "d4965727-9cc9-465a-9d4d-9e3a16c9507a", + "comment": "", + "command": "click", + "target": "id=property-selector-item-383", + "targets": [ + ["id=property-selector-item-383", "id"], + ["linkText=OPClientResolution - Add all", "linkText"], + ["css=#property-selector-item-383", "css:finder"], + ["xpath=//a[@id='property-selector-item-383']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[72]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[383]", "xpath:href"], + ["xpath=//div[72]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPClientResolution - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "899a5897-0786-4f40-8d1f-2c3cc64f4666", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[43]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a08f536a-166d-45e0-a477-b7aece98a6bc", + "comment": "", + "command": "click", + "target": "id=property-selector-item-387", + "targets": [ + ["id=property-selector-item-387", "id"], + ["linkText=OPCustomFilterRegistration - Add all", "linkText"], + ["css=#property-selector-item-387", "css:finder"], + ["xpath=//a[@id='property-selector-item-387']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[74]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[387]", "xpath:href"], + ["xpath=//div[74]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPCustomFilterRegistration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "90ec186d-d13c-49a1-9912-744f62873feb", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[44]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "185cd9b2-0f1b-4f64-a4a5-b62f5a881d45", + "comment": "", + "command": "click", + "target": "css=.p-3", + "targets": [ + ["css=.p-3", "css:finder"], + ["xpath=//div[@id='root']/div/main/div", "xpath:idRelative"], + ["xpath=//main/div", "xpath:position"] + ], + "value": "" + }, { + "id": "2a295dc3-422a-436e-8450-03dbcc88a1b0", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[44]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "6fdf6ef4-52e8-44a9-8dc5-8126e2ba11b0", + "comment": "", + "command": "click", + "target": "id=property-selector-item-389", + "targets": [ + ["id=property-selector-item-389", "id"], + ["linkText=OPDiscovery - Add all", "linkText"], + ["css=#property-selector-item-389", "css:finder"], + ["xpath=//a[@id='property-selector-item-389']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[76]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[389]", "xpath:href"], + ["xpath=//div[76]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPDiscovery - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "614f715d-8fcc-4e84-8d0d-dd947fc7c99f", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "a3bbcc78-ce50-4b17-9419-f228664dc9fc", + "comment": "", + "command": "click", + "target": "id=property-selector-item-392", + "targets": [ + ["id=property-selector-item-392", "id"], + ["linkText=OPDynamicClientRegistration - Add all", "linkText"], + ["css=#property-selector-item-392", "css:finder"], + ["xpath=//a[@id='property-selector-item-392']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[78]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[392]", "xpath:href"], + ["xpath=//div[78]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPDynamicClientRegistration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ec8f2a2b-b45d-4345-af4b-dd5965f9dc54", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[46]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ba6779d8-9a40-4981-a41f-c8c22df7027a", + "comment": "", + "command": "click", + "target": "id=property-selector-item-407", + "targets": [ + ["id=property-selector-item-407", "id"], + ["linkText=OPMetadataPolicies - Add all", "linkText"], + ["css=#property-selector-item-407", "css:finder"], + ["xpath=//a[@id='property-selector-item-407']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[80]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[407]", "xpath:href"], + ["xpath=//div[80]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPMetadataPolicies - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b93aed8b-bd95-496a-ad07-b9bfe23f8522", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down > path", + "targets": [ + ["css=.fa-caret-down > path", "css:finder"] + ], + "value": "" + }, { + "id": "57fc676c-34fc-4220-915e-be3c30821030", + "comment": "", + "command": "click", + "target": "id=property-selector-item-409", + "targets": [ + ["id=property-selector-item-409", "id"], + ["linkText=OPRevocation - Add all", "linkText"], + ["css=#property-selector-item-409", "css:finder"], + ["xpath=//a[@id='property-selector-item-409']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[82]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[409]", "xpath:href"], + ["xpath=//div[82]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPRevocation - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "85efb0c2-9a2b-4816-b77d-4c84816f3499", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[48]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "0c424441-f80c-4f42-9a4a-2df0be1ad937", + "comment": "", + "command": "click", + "target": "id=property-selector-item-412", + "targets": [ + ["id=property-selector-item-412", "id"], + ["linkText=OPSecurity - Add all", "linkText"], + ["css=#property-selector-item-412", "css:finder"], + ["xpath=//a[@id='property-selector-item-412']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[84]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[412]", "xpath:href"], + ["xpath=//div[84]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPSecurity - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "686dc5ad-4686-4364-865e-e8c95210f7e3", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[49]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "da318a35-6cdf-4346-b357-3aadeaf46640", + "comment": "", + "command": "click", + "target": "id=property-selector-item-420", + "targets": [ + ["id=property-selector-item-420", "id"], + ["linkText=OPSubClaim - Add all", "linkText"], + ["css=#property-selector-item-420", "css:finder"], + ["xpath=//a[@id='property-selector-item-420']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[86]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[420]", "xpath:href"], + ["xpath=//div[86]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPSubClaim - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5f8f249d-2052-4b6f-be83-9cdde0f5a06d", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[50]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f36fb2c2-bf28-4fb0-8a6e-083b8a7d854e", + "comment": "", + "command": "click", + "target": "id=property-selector-item-424", + "targets": [ + ["id=property-selector-item-424", "id"], + ["linkText=OPToken - Add all", "linkText"], + ["css=#property-selector-item-424", "css:finder"], + ["xpath=//a[@id='property-selector-item-424']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[88]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[424]", "xpath:href"], + ["xpath=//div[88]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPToken - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5e7fc6cc-c7e3-4d4b-b682-ec939c8a5db1", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[51]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "24fa8f94-9a62-4e11-9125-a6c576695e77", + "comment": "", + "command": "click", + "target": "id=property-selector-item-436", + "targets": [ + ["id=property-selector-item-436", "id"], + ["linkText=PersistentNameIDGenerationConfiguration - Add all", "linkText"], + ["css=#property-selector-item-436", "css:finder"], + ["xpath=//a[@id='property-selector-item-436']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[90]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[436]", "xpath:href"], + ["xpath=//div[90]/a", "xpath:position"], + ["xpath=//a[contains(.,'PersistentNameIDGenerationConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f7c7f42d-b4cb-4f92-997f-d9677a00758f", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "7bfdfde0-3399-4161-9cbc-e67f10ae44b5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-460", + "targets": [ + ["id=property-selector-item-460", "id"], + ["linkText=ReloadableServices - Add all", "linkText"], + ["css=#property-selector-item-460", "css:finder"], + ["xpath=//a[@id='property-selector-item-460']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[92]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[460]", "xpath:href"], + ["xpath=//div[92]/a", "xpath:position"], + ["xpath=//a[contains(.,'ReloadableServices - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5a3ad5c4-37e2-4060-88bd-ed96b94d037e", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "db192d5c-0857-4059-869d-d1ff40fd8844", + "comment": "", + "command": "click", + "target": "id=property-selector-item-501", + "targets": [ + ["id=property-selector-item-501", "id"], + ["linkText=RelyingPartyConfiguration - Add all", "linkText"], + ["css=#property-selector-item-501", "css:finder"], + ["xpath=//a[@id='property-selector-item-501']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[94]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[501]", "xpath:href"], + ["xpath=//div[94]/a", "xpath:position"], + ["xpath=//a[contains(.,'RelyingPartyConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "46e1fd14-ca91-4f92-a919-695dcff58622", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[54]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "bf5ba1a6-ba55-4397-91fa-7f1c1cd28e0d", + "comment": "", + "command": "click", + "target": "id=property-selector-item-507", + "targets": [ + ["id=property-selector-item-507", "id"], + ["linkText=RemoteUserAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-507", "css:finder"], + ["xpath=//a[@id='property-selector-item-507']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[96]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[507]", "xpath:href"], + ["xpath=//div[96]/a", "xpath:position"], + ["xpath=//a[contains(.,'RemoteUserAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "fde12162-843c-4425-bc3e-f404f52cd232", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "e1313d05-d1ff-4196-8ae7-eb04c1088afd", + "comment": "", + "command": "click", + "target": "id=property-selector-item-524", + "targets": [ + ["id=property-selector-item-524", "id"], + ["linkText=RemoteUserInternalAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-524", "css:finder"], + ["xpath=//a[@id='property-selector-item-524']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[98]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[524]", "xpath:href"], + ["xpath=//div[98]/a", "xpath:position"], + ["xpath=//a[contains(.,'RemoteUserInternalAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "1b2b7432-6d03-4b84-922c-59b9cee6ccc5", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[56]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "31fff123-cc89-4473-9943-a7b5d1206de7", + "comment": "", + "command": "click", + "target": "id=property-selector-item-549", + "targets": [ + ["id=property-selector-item-549", "id"], + ["linkText=SAML2ProxyTransformPostLoginC14NConfiguration - Add all", "linkText"], + ["css=#property-selector-item-549", "css:finder"], + ["xpath=//a[@id='property-selector-item-549']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[100]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[549]", "xpath:href"], + ["xpath=//div[100]/a", "xpath:position"], + ["xpath=//a[contains(.,'SAML2ProxyTransformPostLoginC14NConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "10926b24-5952-4685-be81-802f5fc7ca4a", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "746398e5-d85c-412c-8a64-45c6d2a669ee", + "comment": "", + "command": "click", + "target": "id=property-selector-item-552", + "targets": [ + ["id=property-selector-item-552", "id"], + ["linkText=SAMLAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-552", "css:finder"], + ["xpath=//a[@id='property-selector-item-552']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[102]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[552]", "xpath:href"], + ["xpath=//div[102]/a", "xpath:position"], + ["xpath=//a[contains(.,'SAMLAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5558c433-213a-49de-b68d-e6d9ac396b86", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "a85d9957-d3f3-4304-bd85-dd25ae70592b", + "comment": "", + "command": "click", + "target": "id=property-selector-item-572", + "targets": [ + ["id=property-selector-item-572", "id"], + ["linkText=SPNEGOAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-572", "css:finder"], + ["xpath=//a[@id='property-selector-item-572']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[104]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[572]", "xpath:href"], + ["xpath=//div[104]/a", "xpath:position"], + ["xpath=//a[contains(.,'SPNEGOAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "62dcb81a-9265-4f8f-ac8e-6ae7027a3601", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[59]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "18da3cfc-943f-43e5-ab16-6a9070336d5c", + "comment": "", + "command": "click", + "target": "id=property-selector-item-592", + "targets": [ + ["id=property-selector-item-592", "id"], + ["linkText=SecurityConfiguration - Add all", "linkText"], + ["css=#property-selector-item-592", "css:finder"], + ["xpath=//a[@id='property-selector-item-592']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[106]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[592]", "xpath:href"], + ["xpath=//div[106]/a", "xpath:position"], + ["xpath=//a[contains(.,'SecurityConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "894853a1-2202-4ff4-bc06-f0f7faf32505", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[60]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "12440bab-1419-4d7d-948c-71811b067df2", + "comment": "", + "command": "click", + "target": "id=property-selector-item-626", + "targets": [ + ["id=property-selector-item-626", "id"], + ["linkText=SessionConfiguration - Add all", "linkText"], + ["css=#property-selector-item-626", "css:finder"], + ["xpath=//a[@id='property-selector-item-626']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[108]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[626]", "xpath:href"], + ["xpath=//div[108]/a", "xpath:position"], + ["xpath=//a[contains(.,'SessionConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5bf0b70b-e413-49eb-bfcb-f97a4265c70b", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down > path", + "targets": [ + ["css=.fa-caret-down > path", "css:finder"] + ], + "value": "" + }, { + "id": "eb83e85f-6924-44ac-9922-9c5a1fcbcbc5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-639", + "targets": [ + ["id=property-selector-item-639", "id"], + ["linkText=SimplePostLoginC14NConfiguration - Add all", "linkText"], + ["css=#property-selector-item-639", "css:finder"], + ["xpath=//a[@id='property-selector-item-639']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[110]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[639]", "xpath:href"], + ["xpath=//div[110]/a", "xpath:position"], + ["xpath=//a[contains(.,'SimplePostLoginC14NConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d941d154-a6a3-4684-ad04-ca9d45acf2aa", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[62]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cd98777e-1800-417f-af35-9f6d531decfa", + "comment": "", + "command": "click", + "target": "css=form", + "targets": [ + ["css=form", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form", "xpath:idRelative"], + ["xpath=//form", "xpath:position"] + ], + "value": "" + }, { + "id": "2ac41455-f406-4e71-88c0-8c30b7c23eab", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "a729126e-0c39-4db6-882c-b506db087119", + "comment": "", + "command": "click", + "target": "id=property-selector-item-643", + "targets": [ + ["id=property-selector-item-643", "id"], + ["linkText=Status - Add all", "linkText"], + ["css=#property-selector-item-643", "css:finder"], + ["xpath=//a[@id='property-selector-item-643']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[112]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[643]", "xpath:href"], + ["xpath=//div[112]/a", "xpath:position"], + ["xpath=//a[contains(.,'Status - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "602156fa-9fed-4a42-9182-4aa66338dd24", + "comment": "", + "command": "click", + "target": "css=td", + "targets": [ + ["css=td", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr/td", "xpath:idRelative"], + ["xpath=//td", "xpath:position"], + ["xpath=//td[contains(.,'At least one property is required.')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "878447bd-6424-440f-8dcf-461f994a6478", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[63]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3b964802-50ee-4a2a-8db6-d24a51a61483", + "comment": "", + "command": "click", + "target": "id=property-selector-item-651", + "targets": [ + ["id=property-selector-item-651", "id"], + ["linkText=StorageConfiguration - Add all", "linkText"], + ["css=#property-selector-item-651", "css:finder"], + ["xpath=//a[@id='property-selector-item-651']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[114]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[651]", "xpath:href"], + ["xpath=//div[114]/a", "xpath:position"], + ["xpath=//a[contains(.,'StorageConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "eca7bf2d-db81-4cad-873b-eba9440bd0e5", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "40ca1af5-e808-4b69-a5dd-3b545c1b233d", + "comment": "", + "command": "click", + "target": "id=property-selector-item-659", + "targets": [ + ["id=property-selector-item-659", "id"], + ["linkText=TOTP - Add all", "linkText"], + ["css=#property-selector-item-659", "css:finder"], + ["xpath=//a[@id='property-selector-item-659']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[116]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[659]", "xpath:href"], + ["xpath=//div[116]/a", "xpath:position"], + ["xpath=//a[contains(.,'TOTP - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d6e986cb-865d-4472-b791-ea9ba459a849", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[65]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "26be9d61-f3c2-482e-8d0d-759a00c9b28f", + "comment": "", + "command": "click", + "target": "id=property-selector-item-677", + "targets": [ + ["id=property-selector-item-677", "id"], + ["linkText=X500PostLoginC14NConfiguration - Add all", "linkText"], + ["css=#property-selector-item-677", "css:finder"], + ["xpath=//a[@id='property-selector-item-677']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[118]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[677]", "xpath:href"], + ["xpath=//div[118]/a", "xpath:position"], + ["xpath=//a[contains(.,'X500PostLoginC14NConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "966c35be-39a4-4fa9-aded-8ba6fa1394a2", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[66]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5124a661-4c33-4468-9c08-505268f78ff0", + "comment": "", + "command": "click", + "target": "id=property-selector-item-683", + "targets": [ + ["id=property-selector-item-683", "id"], + ["linkText=X509AuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-683", "css:finder"], + ["xpath=//a[@id='property-selector-item-683']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[120]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[683]", "xpath:href"], + ["xpath=//div[120]/a", "xpath:position"], + ["xpath=//a[contains(.,'X509AuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a11e93fd-5a1b-4456-a875-f0b8a8582058", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down > path", + "targets": [ + ["css=.fa-caret-down > path", "css:finder"] + ], + "value": "" + }, { + "id": "299da229-ce40-43ac-87c6-2bb6c1122d93", + "comment": "", + "command": "click", + "target": "id=property-selector-item-699", + "targets": [ + ["id=property-selector-item-699", "id"], + ["linkText=X509InternalAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-699", "css:finder"], + ["xpath=//a[@id='property-selector-item-699']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[122]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[699]", "xpath:href"], + ["xpath=//div[122]/a", "xpath:position"], + ["xpath=//a[contains(.,'X509InternalAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "2a8c3086-a40d-4e9c-857a-7fda2bd2e8f5", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[68]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "93a9c033-0fcc-4af9-85b5-7e18d882bf68", + "comment": "", + "command": "click", + "target": "css=.col-12 > .d-flex", + "targets": [ + ["css=.col-12 > .d-flex", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div", "xpath:position"] + ], + "value": "" + }, { + "id": "d06a3e9a-849f-4b8d-83a1-797f8abf6794", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[69]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "1e726b4f-8ae7-40eb-ba52-747c88ae2e89", + "comment": "", + "command": "assertText", + "target": "css=tr:nth-child(653) > td:nth-child(1)", + "targets": [ + ["css=tr:nth-child(653) > td:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[653]/td", "xpath:idRelative"], + ["xpath=//tr[653]/td", "xpath:position"], + ["xpath=//td[contains(.,'idp.authn.X509Internal.discoveryRequired')]", "xpath:innerText"] + ], + "value": "idp.authn.X509Internal.discoveryRequired" + }, { + "id": "9af817b8-7f25-4f90-8b9a-f24582b7c19b", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "0e2f3bef-0c6c-457f-83c0-d1b464508daa", + "comment": "", + "command": "click", + "target": "linkText=Edit", + "targets": [ + ["linkText=Edit", "linkText"], + ["css=.btn-primary", "css:finder"], + ["xpath=//a[contains(text(),'Edit')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '/configurations/831/edit')])[2]", "xpath:href"], + ["xpath=//td[3]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Edit')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "caeb6c0b-c99d-4e4f-87b1-874ac54f30a8", + "comment": "", + "command": "click", + "target": "id=valueInput-idp.resolvertest.accessPolicy", + "targets": [ + ["id=valueInput-idp.resolvertest.accessPolicy", "id"], + ["name=properties.0.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.accessPolicy", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.accessPolicy']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr/td[4]/div/input", "xpath:idRelative"], + ["xpath=//td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "812d8a90-f462-470a-9a4d-efd2cca679c2", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.resolvertest.accessPolicy", + "targets": [ + ["id=valueInput-idp.resolvertest.accessPolicy", "id"], + ["name=properties.0.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.accessPolicy", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.accessPolicy']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr/td[4]/div/input", "xpath:idRelative"], + ["xpath=//td[4]/div/input", "xpath:position"] + ], + "value": "foo" + }, { + "id": "8c98218b-9d71-42ac-8682-36d2aeb0f39e", + "comment": "", + "command": "click", + "target": "id=valueInput-idp.resolvertest.logging", + "targets": [ + ["id=valueInput-idp.resolvertest.logging", "id"], + ["name=properties.1.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.logging", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.logging']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[2]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[2]/td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "948ac5c1-aa09-44af-a024-c0dc898616d1", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.resolvertest.logging", + "targets": [ + ["id=valueInput-idp.resolvertest.logging", "id"], + ["name=properties.1.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.logging", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.logging']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[2]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[2]/td[4]/div/input", "xpath:position"] + ], + "value": "bar" + }, { + "id": "46d0e1ac-4706-47cf-9336-683b7b6519f2", + "comment": "", + "command": "click", + "target": "name=properties.2.propertyValue", + "targets": [ + ["name=properties.2.propertyValue", "name"], + ["css=tr:nth-child(3) .form-check-input", "css:finder"], + ["xpath=//input[@name='properties.2.propertyValue']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[3]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[3]/td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "d3898399-e0c0-4ac1-9f66-ab1ef682cc4e", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "47617f08-9b12-47f0-b8bc-bf97636014fb", + "comment": "", + "command": "click", + "target": "css=.fa-pen-to-square > path", + "targets": [ + ["css=.fa-pen-to-square > path", "css:finder"] + ], + "value": "" + }, { + "id": "aaab6ac3-6c55-4b8f-8e97-4913e4d658d6", + "comment": "", + "command": "click", + "target": "name=properties.2.propertyValue", + "targets": [ + ["name=properties.2.propertyValue", "name"], + ["css=tr:nth-child(3) .form-check-input", "css:finder"], + ["xpath=//input[@name='properties.2.propertyValue']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[3]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[3]/td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "dea3ef04-ea08-40ea-8dce-eafc87ab2051", + "comment": "", + "command": "click", + "target": "name=properties.3.propertyValue", + "targets": [ + ["name=properties.3.propertyValue", "name"], + ["css=tr:nth-child(4) .form-check-input", "css:finder"], + ["xpath=//input[@name='properties.3.propertyValue']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[4]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[4]/td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "fea5a053-a52e-4b5c-8477-51325b5baf40", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cd64daba-9c2c-4523-a17d-8168f91b4f93", + "comment": "", + "command": "click", + "target": "css=.btn-danger", + "targets": [ + ["css=.btn-danger", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/button", "xpath:idRelative"], + ["xpath=//td[3]/div/button", "xpath:position"], + ["xpath=//button[contains(.,'  Delete')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "debe5850-a226-47d1-b38b-17015449edf9", + "comment": "", + "command": "click", + "target": "css=.btn-danger:nth-child(1)", + "targets": [ + ["css=.btn-danger:nth-child(1)", "css:finder"], + ["xpath=(//button[@type='button'])[8]", "xpath:attributes"], + ["xpath=//div[4]/div/div/div[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "efc6da0e-490c-4c8b-b4d2-07b71059d0ef", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "80cfb61f-79a5-429b-9b7e-b5991b8e279f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] + }], + "suites": [{ + "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", + "name": "Default Suite", + "persistSession": false, + "parallel": false, + "timeout": 300, + "tests": ["841ade0e-83bd-4a4b-94f2-de6bd5c536b2"] + }], + "urls": ["http://localhost:10101/"], + "plugins": [] +} \ No newline at end of file diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index bb86a1915..f207512ae 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -26,7 +26,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMet import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.Refilterable -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects @@ -498,10 +498,10 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { } } - public edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException { + public edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver findByResourceId(String resourceId) throws PersistentEntityNotFound { edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver result = metadataResolverRepository.findByResourceId(resourceId) if (result == null ) { - throw new EntityNotFoundException("No Provider with resourceId[" + resourceId + "] was found") + throw new PersistentEntityNotFound("No Provider with resourceId[" + resourceId + "] was found") } return result } diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy new file mode 100644 index 000000000..d39485ca7 --- /dev/null +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy @@ -0,0 +1,70 @@ +package edu.internet2.tier.shibboleth.admin.ui.service + +import com.opencsv.CSVReader +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty +import groovy.util.logging.Slf4j +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.context.event.ApplicationStartedEvent +import org.springframework.context.event.EventListener +import org.springframework.core.io.ClassPathResource +import org.springframework.core.io.Resource +import org.springframework.stereotype.Component + +import javax.transaction.Transactional + +@Component +@Slf4j +class ShibPropertiesBootstrap { + @Autowired + private ShibConfigurationService service + + ShibPropertiesBootstrap(ShibConfigurationService service) { + this.service = service + } + + @Transactional + @EventListener + void bootstrapUsersAndRoles(ApplicationStartedEvent e) { + log.info("Ensuring base Shibboleth properties configuration has loaded") + + Resource resource = new ClassPathResource('shib_configuration_prop.csv') + final HashMap propertiesMap = new HashMap<>() + + // Read in the defaults in the configuration file + new CSVReader(new InputStreamReader(resource.inputStream)).each { fields -> + def (resource_id,category,config_file,description,idp_version,module,module_version,note,default_value,property_name,property_type,selection_items,property_value) = fields + ShibConfigurationProperty prop = new ShibConfigurationProperty().with { + it.resourceId = resource_id + it.category = category + it.configFile = config_file + it.description = description + it.idpVersion = idp_version + it.module = module + it.moduleVersion = module_version + it.note = note + it.defaultValue = default_value + it.description = description + it.propertyName = property_name + def pt = property_type + it.setPropertyType(pt) + it.selectionItems = selection_items + // we shouldn't have property values coming in from the config... + it + } + propertiesMap.put(prop.getPropertyName(), prop) + } + + // If we already have the property in the db, ignore the configuration setup for that property + service.getExistingPropertyNames().each { + propertiesMap.remove(it) + } + + // Save anything that's left + if (propertiesMap.size() > 0) { + log.info("Saving/loading [" + propertiesMap.size() + "] properties to the database") + service.addAllConfigurationProperties(propertiesMap.values()) + } + + log.info("COMPLETED: ensuring base Shibboleth properties configuration has loaded") + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index af8aef206..ee18f0e65 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -2,21 +2,21 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.IRelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; - import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.ApplicationListener; import org.springframework.context.annotation.Configuration; +import javax.annotation.PostConstruct; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.annotation.PostConstruct; - @Configuration @ConfigurationProperties(prefix = "custom") public class CustomPropertiesConfiguration implements ApplicationListener { @@ -28,6 +28,10 @@ public class CustomPropertiesConfiguration implements ApplicationListener overridesFromConfigFile = new ArrayList<>(); + private List shibprops = new ArrayList<>(); + + private ShibConfigurationService shibConfigurationService; + private void buildRelyingPartyOverrides() { // Start over with a clean map and get the CustomEntityAttributesDefinitions from the DB HashMap reloaded = new HashMap<>(); @@ -68,6 +72,7 @@ public void onApplicationEvent(CustomEntityAttributeDefinitionChangeEvent arg0) public void postConstruct() { // Make sure we have the right data buildRelyingPartyOverrides(); + updateShibPropsDatabase(); } public void setAttributes(List> attributes) { @@ -79,10 +84,36 @@ public void setCeadService(CustomEntityAttributesDefinitionService ceadService) this.ceadService = ceadService; } + @Autowired + public void setShibConfigurationService(ShibConfigurationService service) { + this.shibConfigurationService = service; + } + /** - * This setter will get used by Spring's property system to create objects from a config file (should the properties exist) + * This setter will get used by Spring's property system to create objects from application.yml (should the properties exist) */ public void setOverrides(List overridesFromConfigFile) { this.overridesFromConfigFile = overridesFromConfigFile; } -} + + /** + * This setter will get used by Spring's property system to create objects from application.yml (should the properties exist) + */ + public void setShibprops(List props) { + this.shibprops = props; + } + + /** + * Add any custom properties from the application.yml - any incoming property with the same name as an existing property will be + * ignored (ie this will not update/replace information for existing properties). This shouldn't be considered standard, but + * offers users the ability to add properties to their system from an addon module, new feature etc. + */ + private void updateShibPropsDatabase() { + List existingPropNames = shibConfigurationService.getExistingPropertyNames(); + shibprops.forEach(prop -> { + if (!existingPropNames.contains(prop.getPropertyName())) { + shibConfigurationService.save(prop); + } + }); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/MigrationTasksContextLoadedListener.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/MigrationTasksContextLoadedListener.java index 4dbe3656d..d9dc38c1e 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/MigrationTasksContextLoadedListener.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/MigrationTasksContextLoadedListener.java @@ -1,7 +1,5 @@ package edu.internet2.tier.shibboleth.admin.ui.configuration.auto; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; -import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationListener; import org.springframework.context.event.ContextRefreshedEvent; @@ -16,8 +14,6 @@ import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService; import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService; -import java.util.List; - /** * After the context loads, do any needed migration tasks */ diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java index c9e0f20f5..487bd56c2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java @@ -5,12 +5,10 @@ import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PatchMapping; import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -18,7 +16,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException; import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService; @@ -41,7 +39,8 @@ public class ActivateController { @PatchMapping(path = "/entityDescriptor/{resourceId}/{mode}") @Transactional - public ResponseEntity enableEntityDescriptor(@PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException { + public ResponseEntity enableEntityDescriptor(@PathVariable String resourceId, @PathVariable String mode) throws + PersistentEntityNotFound, ForbiddenException { boolean status = "enable".equalsIgnoreCase(mode); EntityDescriptorRepresentation edr = entityDescriptorService.updateEntityDescriptorEnabledStatus(resourceId, status); return ResponseEntity.ok(edr); @@ -49,7 +48,8 @@ public ResponseEntity enableEntityDescriptor(@PathVariable String resourceId, @PatchMapping(path = "/MetadataResolvers/{metadataResolverId}/Filter/{resourceId}/{mode}") @Transactional - public ResponseEntity enableFilter(@PathVariable String metadataResolverId, @PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException, ScriptException { + public ResponseEntity enableFilter(@PathVariable String metadataResolverId, @PathVariable String resourceId, @PathVariable String mode) throws + PersistentEntityNotFound, ForbiddenException, ScriptException { boolean status = "enable".equalsIgnoreCase(mode); MetadataFilter persistedFilter = filterService.updateFilterEnabledStatus(metadataResolverId, resourceId, status); return ResponseEntity.ok(persistedFilter); @@ -57,7 +57,8 @@ public ResponseEntity enableFilter(@PathVariable String metadataResolverId, @ @PatchMapping("/MetadataResolvers/{resourceId}/{mode}") @Transactional - public ResponseEntity enableProvider(@PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException, MetadataFileNotFoundException, InitializationException { + public ResponseEntity enableProvider(@PathVariable String resourceId, @PathVariable String mode) throws + PersistentEntityNotFound, ForbiddenException, MetadataFileNotFoundException, InitializationException { boolean status = "enable".equalsIgnoreCase(mode); MetadataResolver existingResolver = metadataResolverService.findByResourceId(resourceId); existingResolver.setEnabled(status); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java index 0c766c53c..fe6f7c0f2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java @@ -12,15 +12,15 @@ import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException; @ControllerAdvice(assignableTypes = {ActivateController.class}) public class ActivateExceptionHandler extends ResponseEntityExceptionHandler { - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } @@ -45,4 +45,4 @@ public ResponseEntity handleScriptException(ScriptException e, WebRequest req } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleController.java index 92c498781..53335d340 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleController.java @@ -1,11 +1,8 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; import edu.internet2.tier.shibboleth.admin.ui.domain.AttributeBundle; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; -import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; -import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; -import edu.internet2.tier.shibboleth.admin.ui.security.model.Group; import edu.internet2.tier.shibboleth.admin.ui.service.AttributeBundleService; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; @@ -42,7 +39,7 @@ public ResponseEntity create(@RequestBody AttributeBundle bundle) throws Obje @Secured("ROLE_ADMIN") @DeleteMapping("/{resourceId}") @Transactional - public ResponseEntity delete(@PathVariable String resourceId) throws EntityNotFoundException { + public ResponseEntity delete(@PathVariable String resourceId) throws PersistentEntityNotFound { attributeBundleService.deleteDefinition(resourceId); return ResponseEntity.noContent().build(); } @@ -55,14 +52,14 @@ public ResponseEntity getAll() { @GetMapping("/{resourceId}") @Transactional(readOnly = true) - public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNotFoundException { + public ResponseEntity getOne(@PathVariable String resourceId) throws PersistentEntityNotFound { return ResponseEntity.ok(attributeBundleService.findByResourceId(resourceId)); } @Secured("ROLE_ADMIN") @PutMapping @Transactional - public ResponseEntity update(@RequestBody AttributeBundle bundle) throws EntityNotFoundException { + public ResponseEntity update(@RequestBody AttributeBundle bundle) throws PersistentEntityNotFound { AttributeBundle result = attributeBundleService.updateBundle(bundle); return ResponseEntity.ok(result); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleExceptionHandler.java index 9f5266c3c..44f32f6ea 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleExceptionHandler.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; @@ -12,8 +12,8 @@ @ControllerAdvice(assignableTypes = {AttributeBundleController.class}) public class AttributeBundleExceptionHandler extends ResponseEntityExceptionHandler { - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java index 2ab357a03..7af217eb2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java @@ -7,6 +7,8 @@ import edu.internet2.tier.shibboleth.admin.ui.repository.FilterRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; @@ -59,6 +61,12 @@ public class DangerController { @Autowired private OwnershipRepository ownershipRepository; + @Autowired + private ShibPropertySetRepository shibPropertySetRepository; + + @Autowired + private ShibPropertySettingRepository shibPropertySettingRepository; + @Autowired UserRepository userRepository; @@ -84,9 +92,18 @@ public ResponseEntity wipeOut() { clearUsersAndGroups(); + clearShibSettings(); + return ResponseEntity.ok("yes, you did it"); } + private void clearShibSettings() { + shibPropertySetRepository.findAll().forEach(shibPropSet -> { + shibPropertySettingRepository.deleteAll(shibPropSet.getProperties()); + shibPropertySetRepository.delete(shibPropSet); + }); + } + private void clearUsersAndGroups() { groupRepository.deleteAll(); ownershipRepository.clearAllOwnedByGroup(); @@ -99,4 +116,4 @@ private void clearUsersAndGroups() { groupService.ensureAdminGroupExists(); devConfig.createDevUsersAndGroups(); } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java index 81d62a1ad..f7cfb019a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java @@ -2,14 +2,13 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects; import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService; import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorVersionService; -import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import lombok.extern.slf4j.Slf4j; @@ -34,7 +33,6 @@ import javax.annotation.PostConstruct; import java.net.URI; import java.util.ConcurrentModificationException; -import java.util.Optional; @RestController @RequestMapping("/api") @@ -77,7 +75,7 @@ public ResponseEntity create(@RequestBody EntityDescriptorRepresentation edRe @Secured("ROLE_ADMIN") @DeleteMapping(value = "/EntityDescriptor/{resourceId}") @Transactional - public ResponseEntity deleteOne(@PathVariable String resourceId) throws ForbiddenException, EntityNotFoundException { + public ResponseEntity deleteOne(@PathVariable String resourceId) throws ForbiddenException, PersistentEntityNotFound { entityDescriptorService.delete(resourceId); return ResponseEntity.noContent().build(); } @@ -90,7 +88,7 @@ public ResponseEntity getAll() throws ForbiddenException { @GetMapping("/EntityDescriptor/{resourceId}/Versions") @Transactional - public ResponseEntity getAllVersions(@PathVariable String resourceId) throws EntityNotFoundException, ForbiddenException { + public ResponseEntity getAllVersions(@PathVariable String resourceId) throws PersistentEntityNotFound, ForbiddenException { // this "get by resource id" verifies that both the ED exists and the user has proper access, so needs to remain EntityDescriptor ed = entityDescriptorService.getEntityDescriptorByResourceId(resourceId); return ResponseEntity.ok(versionService.findVersionsForEntityDescriptor(ed.getResourceId())); @@ -105,21 +103,22 @@ public Iterable getDisabledAndNotOwnedByAdmin() @GetMapping("/EntityDescriptor/{resourceId}") @Transactional - public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNotFoundException, ForbiddenException { + public ResponseEntity getOne(@PathVariable String resourceId) throws PersistentEntityNotFound, ForbiddenException { return ResponseEntity.ok(entityDescriptorService .createRepresentationFromDescriptor(entityDescriptorService.getEntityDescriptorByResourceId(resourceId))); } @GetMapping(value = "/EntityDescriptor/{resourceId}", produces = "application/xml") @Transactional - public ResponseEntity getOneXml(@PathVariable String resourceId) throws MarshallingException, EntityNotFoundException, ForbiddenException { + public ResponseEntity getOneXml(@PathVariable String resourceId) throws MarshallingException, PersistentEntityNotFound, ForbiddenException { EntityDescriptor ed = entityDescriptorService.getEntityDescriptorByResourceId(resourceId); final String xml = this.openSamlObjects.marshalToXmlString(ed); return ResponseEntity.ok(xml); } @GetMapping("/EntityDescriptor/{resourceId}/Versions/{versionId}") - public ResponseEntity getSpecificVersion(@PathVariable String resourceId, @PathVariable String versionId) throws EntityNotFoundException, ForbiddenException { + public ResponseEntity getSpecificVersion(@PathVariable String resourceId, @PathVariable String versionId) throws + PersistentEntityNotFound, ForbiddenException { // this "get by resource id" verifies that both the ED exists and the user has proper access, so needs to remain EntityDescriptor ed = entityDescriptorService.getEntityDescriptorByResourceId(resourceId); EntityDescriptorRepresentation result = versionService.findSpecificVersionOfEntityDescriptor(ed.getResourceId(), versionId); @@ -146,7 +145,7 @@ public void initRestTemplate() { @PutMapping("/EntityDescriptor/{resourceId}") @Transactional public ResponseEntity update(@RequestBody EntityDescriptorRepresentation edRepresentation, @PathVariable String resourceId) - throws ForbiddenException, ConcurrentModificationException, EntityNotFoundException, + throws ForbiddenException, ConcurrentModificationException, PersistentEntityNotFound, InvalidPatternMatchException { edRepresentation.setId(resourceId); // This should be the same already, but just to be safe... EntityDescriptorRepresentation result = entityDescriptorService.update(edRepresentation); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerExceptionHandler.java index 32d3cd4be..e1afe9413 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerExceptionHandler.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; @@ -22,8 +22,8 @@ public ResponseEntity handleConcurrentModificationException(ConcurrentModific return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); } - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java new file mode 100644 index 000000000..b9936633a --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -0,0 +1,169 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; +import io.swagger.v3.oas.annotations.Operation; +import io.swagger.v3.oas.annotations.tags.Tag; +import io.swagger.v3.oas.annotations.tags.Tags; +import org.apache.tomcat.util.http.fileupload.IOUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.security.access.annotation.Secured; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.web.bind.annotation.DeleteMapping; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.zip.ZipEntry; +import java.util.zip.ZipOutputStream; + +@RestController +@RequestMapping(value = "/api/shib") +@Tags(value = {@Tag(name = "Shibboleth Properties")}) +public class ShibPropertiesController { + @Autowired + private ShibConfigurationService service; + + @GetMapping("/properties") + @Transactional(readOnly = true) + @Operation(description = "Return all the configuration properties - used to populate the UI with the known configuration properties", + summary = "Return all the configuration properties - used to populate the UI with the known configuration properties", method = "GET") + public ResponseEntity getAllConfigurationProperties() { + return ResponseEntity.ok(service.getAllConfigurationProperties()); + } + + /** + * @return a List of the set names and their ids + */ + @GetMapping("/property/set") + @Transactional(readOnly = true) + @Operation(description = "Return a list of all the set names and their resourceId", + summary = "Return a list of all the set names and their resourceId", method = "GET") + public ResponseEntity getAllPropertySets() { + return ResponseEntity.ok(service.getAllPropertySets()); + } + + @GetMapping(value="/property/set/{resourceId}", produces="application/json") + @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId", + summary = "Return the property set with the given resourceId", method = "GET") + public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws PersistentEntityNotFound { + return ResponseEntity.ok(service.getSet(resourceId)); + } + + @GetMapping(value="/property/set/{resourceId}", produces="application/zip") + @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId as a zip file of the properties files", + summary = "Return the property set with the given resourceId as a zip file of the properties files", method = "GET") + public ResponseEntity getPropertySetAsZip(@PathVariable Integer resourceId) throws PersistentEntityNotFound, IOException { + ShibPropertySet set = service.getSet(resourceId); + StringBuilder sb = new StringBuilder("attachment; filename=\"").append(set.getName()).append(".zip\""); + return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZip(convertPropertiesToMaps(set.getProperties()))); + } + + @GetMapping(value="/property/set/{resourceId}/onefile", produces="application/zip") + @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId as a zip file of a single properties files", + summary = "Return the property set with the given resourceId as a zip file of a single properties files", method = "GET") + public ResponseEntity getPropertySetOneFileAsZip(@PathVariable Integer resourceId) throws PersistentEntityNotFound, IOException { + ShibPropertySet set = service.getSet(resourceId); + StringBuilder sb = new StringBuilder("attachment; filename=\"").append(set.getName()).append(".zip\""); + return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZipWithSingleFile(convertPropertiesToMaps(set.getProperties()))); + } + + private Map> convertPropertiesToMaps(List properties) { + HashMap> result = new HashMap<>(); + for (ShibPropertySetting setting:properties){ + String confFile = setting.getConfigFile(); + if (!result.containsKey(confFile)) { + Map props = new HashMap<>(); + result.put(confFile,props); + } + Map props = result.get(confFile); + props.put(setting.getPropertyName(), setting.getPropertyValue()); + } + return result; + } + + private byte[] prepDownloadAsZipWithSingleFile(Map> propertiesFiles) throws IOException { + ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); + ZipOutputStream zipOutputStream = new ZipOutputStream(byteOutputStream); + zipOutputStream.putNextEntry(new ZipEntry("shibboleth.properties")); + + for (String filename : propertiesFiles.keySet()) { + Map properties = propertiesFiles.get(filename); + StringBuilder props = new StringBuilder(); + for (String key : properties.keySet()) { + props.append(key).append("=").append(properties.get(key)).append("\n"); + } + ByteArrayInputStream inputStream = new ByteArrayInputStream(props.toString().getBytes()); + IOUtils.copy(inputStream, zipOutputStream); + } + zipOutputStream.closeEntry(); + zipOutputStream.close(); + return byteOutputStream.toByteArray(); + } + + private byte[] prepDownloadAsZip(Map> propertiesFiles) throws IOException { + ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); + ZipOutputStream zipOutputStream = new ZipOutputStream(byteOutputStream); + + for (String filename : propertiesFiles.keySet()) { + zipOutputStream.putNextEntry(new ZipEntry(filename)); + Map properties = propertiesFiles.get(filename); + StringBuilder props = new StringBuilder(); + for (String key : properties.keySet()) { + props.append(key).append("=").append(properties.get(key)).append("\n"); + } + ByteArrayInputStream inputStream = new ByteArrayInputStream(props.toString().getBytes()); + IOUtils.copy(inputStream, zipOutputStream); + zipOutputStream.closeEntry(); + } + zipOutputStream.close(); + return byteOutputStream.toByteArray(); + } + + @DeleteMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) throws PersistentEntityNotFound { + service.delete(resourceId); + return ResponseEntity.noContent().build(); + } + + @PostMapping("/property/set") + @Secured("ROLE_ADMIN") + @Transactional + @Operation(description = "Create a property set with all new information - must not be an existing set", + summary = "Create a property set with all new information - must not be an existing set", method = "POST") + public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { + ShibPropertySet result = service.create(newSet); + return ResponseEntity.status(HttpStatus.CREATED).body(result); + } + + @PutMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + @Operation(description = "Update a property set with with the matching resourceId - must exist", + summary = "Update an existing property set with the matching resourceId - must exist", method = "PUT") + public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws + PersistentEntityNotFound { + ShibPropertySet result = service.update(setToUpdate); + return ResponseEntity.status(HttpStatus.OK).body(result); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java new file mode 100644 index 000000000..c75005a39 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -0,0 +1,35 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller; + +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.context.request.WebRequest; +import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; + +import java.io.IOException; + +@ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) +public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { + return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); + } + + @ExceptionHandler({ IOException.class }) + public ResponseEntity handleIOException(IOException e, WebRequest request) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Error creating file"); + } + + @ExceptionHandler({ ObjectIdExistsException.class }) + public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { + HttpHeaders headers = new HttpHeaders(); + headers.setLocation(EntityDescriptorController.getResourceUriFor(e.getMessage())); + return ResponseEntity.status(HttpStatus.CONFLICT).headers(headers).body(new ErrorResponse( + String.valueOf(HttpStatus.CONFLICT.value()), + String.format("The property set with id [%s] already exists.", e.getMessage()))); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java new file mode 100644 index 000000000..69e860302 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java @@ -0,0 +1,83 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import com.fasterxml.jackson.annotation.JsonIgnore; +import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; +import lombok.Data; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Convert; +import javax.persistence.Entity; +import javax.persistence.Id; +import java.util.UUID; + +@Entity(name = "shib_configuration_prop") +@Audited +@Data +public class ShibConfigurationProperty { + @Id + @Column(name = "resource_id", nullable = false) + String resourceId = UUID.randomUUID().toString(); + + @Column(name = "category", nullable = false) + String category; + + @Column(name = "config_file", nullable = false) + String configFile; + + @Column(name = "default_value") + @Convert(converter = EmptyStringToNullConverter.class) + String defaultValue; + + @Column(name = "description") + @Convert(converter = EmptyStringToNullConverter.class) + String description; + + @Column(name = "idp_version", nullable = false) + String idpVersion; + + @Column(name = "module") + @Convert(converter = EmptyStringToNullConverter.class) + String module; + + @Column(name = "module_version") + @Convert(converter = EmptyStringToNullConverter.class) + String moduleVersion; + + @Column(name = "note") + @Convert(converter = EmptyStringToNullConverter.class) + String note; + + @Column(name = "property_name", nullable = false) + String propertyName; + + @Column(name = "property_type", nullable = false) + @JsonIgnore // display type is sent to the ui instead + PropertyType propertyType; + + @Column(name = "selection_items") + @Convert(converter = EmptyStringToNullConverter.class) + String selectionItems; + + public String getDisplayType() { + switch (propertyType) { + case BOOLEAN: + return propertyType.name().toLowerCase(); + case INTEGER: + return "number"; + case SELECTION_LIST: + return "list"; + default: // DURATION, SPRING_BEAN_ID, STRING + return "string"; + } + } + + public void setPropertyType(String val) { + this.propertyType = PropertyType.valueOf(val); + } + +} + +enum PropertyType { + BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java new file mode 100644 index 000000000..309f7e1b6 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java @@ -0,0 +1,53 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; +import lombok.Getter; +import lombok.RequiredArgsConstructor; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Convert; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.OneToMany; +import java.util.ArrayList; +import java.util.List; + +@Entity(name = "shib_property_set") +@Audited +@Getter +@Setter +@ToString +@RequiredArgsConstructor +public class ShibPropertySet { + @Id + @GeneratedValue + private int resourceId; + + @Column(unique = true, nullable = false) + @Convert(converter = EmptyStringToNullConverter.class) + private String name; + + @OneToMany + private List properties = new ArrayList<>(); + + @Override + public boolean equals(Object o) { + if (o instanceof ShibPropertySet) { + ShibPropertySet that = (ShibPropertySet) o; + boolean result = this.name.equals(that.name) && this.resourceId == that.resourceId && this.properties.size() == that.properties.size(); + if (result == true) { + for (ShibPropertySetting thisSetting : this.properties) { + if ( !that.properties.contains(thisSetting) ) { + return false; + } + } + } + return result; + } + return false; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java new file mode 100644 index 000000000..aeb1bd579 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java @@ -0,0 +1,37 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import com.fasterxml.jackson.databind.annotation.JsonSerialize; +import lombok.Data; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.ManyToOne; + +@Entity(name = "shib_property_setting") +@Audited +@Data +@JsonSerialize(using = ShibPropertySettingJacksonSerializer.class) +public class ShibPropertySetting { + @Id + @GeneratedValue + private int resourceId; + + @Column + private String configFile; + + @Column + private String propertyName; + + @Column + private String propertyValue; + + @Column + private String category; + + @Column + private String displayType; + +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java new file mode 100644 index 000000000..c625c9acb --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java @@ -0,0 +1,47 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; + +import java.io.IOException; + +public class ShibPropertySettingJacksonSerializer extends StdSerializer { + public ShibPropertySettingJacksonSerializer() { + this(null); + } + + public ShibPropertySettingJacksonSerializer(Class t) { + super(t); + } + + @Override + public void serialize(ShibPropertySetting sps, JsonGenerator generator, SerializerProvider provider) throws IOException { + generator.writeStartObject(); + generator.writeNumberField("resourceId", sps.getResourceId()); + generator.writeStringField("configFile", sps.getConfigFile()); + generator.writeStringField("propertyName", sps.getPropertyName()); + if (sps.getCategory() != null) { + generator.writeStringField("category", sps.getCategory()); + } + generator.writeStringField("displayType", sps.getDisplayType()); + + switch (sps.getDisplayType()) { + case "boolean": + generator.writeBooleanField("propertyValue", Boolean.valueOf(sps.getPropertyValue())); + break; + case "number": + try { + generator.writeNumberField("propertyValue", Long.parseLong(sps.getPropertyValue())); + } catch (NumberFormatException notANumber) { + generator.writeStringField("propertyValue", sps.getPropertyValue()); + } + break; + default: + generator.writeStringField("propertyValue", sps.getPropertyValue()); + } + + generator.writeEndObject(); + } + +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java deleted file mode 100644 index 4d0009523..000000000 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java +++ /dev/null @@ -1,7 +0,0 @@ -package edu.internet2.tier.shibboleth.admin.ui.exception; - -public class EntityNotFoundException extends Exception { - public EntityNotFoundException(String message) { - super(message); - } -} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/PersistentEntityNotFound.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/PersistentEntityNotFound.java new file mode 100644 index 000000000..b7dc72f33 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/PersistentEntityNotFound.java @@ -0,0 +1,10 @@ +package edu.internet2.tier.shibboleth.admin.ui.exception; + +/** + * Generically meaning - hibernate entity, not SAML entity + */ +public class PersistentEntityNotFound extends Exception { + public PersistentEntityNotFound(String message) { + super(message); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java new file mode 100644 index 000000000..6731aea86 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java @@ -0,0 +1,6 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +public interface ProjectionIdAndName{ + String getResourceId(); + String getName(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java new file mode 100644 index 000000000..86ed4f90a --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java @@ -0,0 +1,15 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; + +import java.util.List; + +/** + * Repository to manage {@link ShibConfigurationProperty} instances. + */ +public interface ShibConfigurationRepository extends JpaRepository { + @Query(value = "select property_name from shib_configuration_prop", nativeQuery = true) + List getPropertyNames(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java new file mode 100644 index 000000000..983758f32 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java @@ -0,0 +1,17 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import org.springframework.data.jpa.repository.JpaRepository; + +import java.util.List; + +/** + * Repository to manage {@link ShibPropertySet} instances. + */ +public interface ShibPropertySetRepository extends JpaRepository { + ShibPropertySet findByName(String name); + + ShibPropertySet findByResourceId(Integer id); + + List findAllBy(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java new file mode 100644 index 000000000..6dda2047b --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java @@ -0,0 +1,10 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import org.springframework.data.jpa.repository.JpaRepository; + +/** + * Repository to manage {@link ShibPropertySetting} instances. + */ +public interface ShibPropertySettingRepository extends JpaRepository { +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java index c287a14a7..8293c9b04 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.security.controller; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; @@ -40,7 +40,7 @@ public ResponseEntity create(@RequestBody Group group) throws GroupExistsConf @Secured("ROLE_ADMIN") @DeleteMapping("/{resourceId}") @Transactional - public ResponseEntity delete(@PathVariable String resourceId) throws EntityNotFoundException, GroupDeleteException { + public ResponseEntity delete(@PathVariable String resourceId) throws PersistentEntityNotFound, GroupDeleteException { groupService.deleteDefinition(resourceId); return ResponseEntity.noContent().build(); } @@ -53,10 +53,10 @@ public ResponseEntity getAll() { @GetMapping("/{resourceId}") @Transactional(readOnly = true) - public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNotFoundException { + public ResponseEntity getOne(@PathVariable String resourceId) throws PersistentEntityNotFound { Group g = groupService.find(resourceId); if (g == null) { - throw new EntityNotFoundException(String.format("Unable to find group with resource id: [%s]", resourceId)); + throw new PersistentEntityNotFound(String.format("Unable to find group with resource id: [%s]", resourceId)); } return ResponseEntity.ok(g); } @@ -64,7 +64,7 @@ public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNo @Secured("ROLE_ADMIN") @PutMapping @Transactional - public ResponseEntity update(@RequestBody Group group) throws EntityNotFoundException, InvalidGroupRegexException { + public ResponseEntity update(@RequestBody Group group) throws PersistentEntityNotFound, InvalidGroupRegexException { Group result = groupService.updateGroup(group); return ResponseEntity.ok(result); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupControllerExceptionHandler.java index 39778e21a..b382f50ca 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupControllerExceptionHandler.java @@ -11,15 +11,15 @@ import org.springframework.web.servlet.support.ServletUriComponentsBuilder; import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; @ControllerAdvice(assignableTypes = {GroupController.class}) public class GroupControllerExceptionHandler extends ResponseEntityExceptionHandler { - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { HttpHeaders headers = new HttpHeaders(); headers.setLocation(ServletUriComponentsBuilder.fromCurrentServletMapping().path("/api/admin/groups").build().toUri()); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java index 539dc3195..9b549efb3 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java @@ -18,7 +18,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.model.Role; @@ -42,7 +42,7 @@ public ResponseEntity create(@RequestBody Role role) throws RoleExistsConflic @Secured("ROLE_ADMIN") @DeleteMapping("/{resourceId}") @Transactional - public ResponseEntity delete(@PathVariable String resourceId) throws EntityNotFoundException, RoleDeleteException { + public ResponseEntity delete(@PathVariable String resourceId) throws PersistentEntityNotFound, RoleDeleteException { rolesService.deleteDefinition(resourceId); return ResponseEntity.noContent().build(); } @@ -55,7 +55,7 @@ public ResponseEntity getAll() { @GetMapping("/{resourceId}") @Transactional(readOnly = true) - public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNotFoundException { + public ResponseEntity getOne(@PathVariable String resourceId) throws PersistentEntityNotFound { Role role = rolesService.findByResourceId(resourceId); return ResponseEntity.ok(role); } @@ -63,7 +63,8 @@ public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNo @Secured("ROLE_ADMIN") @PutMapping(path = {"/", "/{resourceId}" }) @Transactional - public ResponseEntity update(@RequestBody Role incomingRoleDetail, @PathVariable Optional resourceId) throws EntityNotFoundException { + public ResponseEntity update(@RequestBody Role incomingRoleDetail, @PathVariable Optional resourceId) throws + PersistentEntityNotFound { Role updateRole; if (resourceId.isPresent()) { updateRole = rolesService.findByResourceId(resourceId.get()); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java index e4b840f1a..494b1a6b1 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java @@ -10,15 +10,15 @@ import org.springframework.web.servlet.support.ServletUriComponentsBuilder; import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException; @ControllerAdvice(assignableTypes = {RolesController.class}) public class RolesExceptionHandler extends ResponseEntityExceptionHandler { - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } @@ -35,4 +35,4 @@ public ResponseEntity handleForbiddenAccess(RoleDeleteException e, WebRequest public ResponseEntity handleRoleExistsConflictException(RoleExistsConflictException e, WebRequest request) { return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java index a281adc10..ed39250b4 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java @@ -26,7 +26,7 @@ import org.springframework.web.client.HttpClientErrorException; import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.OwnershipConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.model.User; import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; @@ -56,7 +56,7 @@ public ResponseEntity deleteOne(@PathVariable String username) { try { userService.delete(username); } - catch (EntityNotFoundException e) { + catch (PersistentEntityNotFound e) { throw new HttpClientErrorException(NOT_FOUND, String.format("User with username [%s] not found", username)); } catch (OwnershipConflictException e) { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java index 65ee10764..f329a5be2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.security.service; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; @@ -52,7 +52,7 @@ public Group createGroup(Group group) throws GroupExistsConflictException, Inval @Override @Transactional - public void deleteDefinition(String resourceId) throws EntityNotFoundException, GroupDeleteException { + public void deleteDefinition(String resourceId) throws PersistentEntityNotFound, GroupDeleteException { Group group = find(resourceId); if (!ownershipRepository.findAllByOwner(group).isEmpty()) { throw new GroupDeleteException(String.format( @@ -116,10 +116,10 @@ public List findAll() { } @Override - public Group updateGroup(Group group) throws EntityNotFoundException, InvalidGroupRegexException { + public Group updateGroup(Group group) throws PersistentEntityNotFound, InvalidGroupRegexException { Group g = find(group.getResourceId()); if (g == null) { - throw new EntityNotFoundException(String.format("Unable to find group with resource id: [%s] and name: [%s]", + throw new PersistentEntityNotFound(String.format("Unable to find group with resource id: [%s] and name: [%s]", group.getResourceId(), group.getName())); } validateGroupRegex(group); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IGroupService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IGroupService.java index d6e44e5ec..66fd089a9 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IGroupService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IGroupService.java @@ -2,8 +2,7 @@ import java.util.List; -import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; @@ -13,7 +12,7 @@ public interface IGroupService { Group createGroup(Group group) throws GroupExistsConflictException, InvalidGroupRegexException; - void deleteDefinition(String resourceId) throws EntityNotFoundException, GroupDeleteException; + void deleteDefinition(String resourceId) throws PersistentEntityNotFound, GroupDeleteException; void ensureAdminGroupExists(); @@ -21,7 +20,7 @@ public interface IGroupService { List findAll(); - Group updateGroup(Group g) throws EntityNotFoundException, InvalidGroupRegexException; + Group updateGroup(Group g) throws PersistentEntityNotFound, InvalidGroupRegexException; boolean doesStringMatchGroupPattern(String groupId, String uri); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java index ac30d986a..46d3f81f5 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java @@ -4,7 +4,7 @@ import java.util.Optional; import java.util.Set; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.model.Role; @@ -17,13 +17,13 @@ public interface IRolesService { Optional findByName(String roleNone); - Role findByResourceId(String resourceId) throws EntityNotFoundException; + Role findByResourceId(String resourceId) throws PersistentEntityNotFound; Set getAndCreateAllRoles(Set roles); - void deleteDefinition(String resourceId) throws EntityNotFoundException, RoleDeleteException; + void deleteDefinition(String resourceId) throws PersistentEntityNotFound, RoleDeleteException; - Role updateRole(Role role) throws EntityNotFoundException; + Role updateRole(Role role) throws PersistentEntityNotFound; void save(Role newUserRole); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java index 939be59d8..18385084b 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java @@ -8,7 +8,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.model.Role; @@ -31,7 +31,7 @@ public Role createRole(Role role) throws RoleExistsConflictException { } @Override - public void deleteDefinition(String resourceId) throws EntityNotFoundException, RoleDeleteException { + public void deleteDefinition(String resourceId) throws PersistentEntityNotFound, RoleDeleteException { Optional found = roleRepository.findByResourceId(resourceId); if (found.isPresent() && !found.get().getUsers().isEmpty()) { throw new RoleDeleteException(String.format("Unable to delete role with resource id: [%s] - remove role from all users first", resourceId)); @@ -50,10 +50,10 @@ public Optional findByName(String roleName) { } @Override - public Role findByResourceId(String resourceId) throws EntityNotFoundException { + public Role findByResourceId(String resourceId) throws PersistentEntityNotFound { Optional found = roleRepository.findByResourceId(resourceId); if (found.isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find role with resource id: [%s]", resourceId)); + throw new PersistentEntityNotFound(String.format("Unable to find role with resource id: [%s]", resourceId)); } return found.get(); } @@ -83,10 +83,10 @@ private Role getRoleNone() { } @Override - public Role updateRole(Role role) throws EntityNotFoundException { + public Role updateRole(Role role) throws PersistentEntityNotFound { Optional found = roleRepository.findByName(role.getName()); if (found.isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find role with name: [%s]", role.getName())); + throw new PersistentEntityNotFound(String.format("Unable to find role with name: [%s]", role.getName())); } return roleRepository.save(role); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java index df200f482..dfe21708a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java @@ -2,7 +2,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.OwnershipConflictException; @@ -82,9 +82,9 @@ public boolean currentUserIsAdmin() { } @Transactional - public void delete(String username) throws EntityNotFoundException, OwnershipConflictException { + public void delete(String username) throws PersistentEntityNotFound, OwnershipConflictException { Optional userToRemove = userRepository.findByUsername(username); - if (userToRemove.isEmpty()) throw new EntityNotFoundException("User does not exist"); + if (userToRemove.isEmpty()) throw new PersistentEntityNotFound("User does not exist"); if (!ownershipRepository.findOwnedByUser(username).isEmpty()) throw new OwnershipConflictException("User ["+username+"] has ownership of entities in the system. Please remove all items before attempting to delete the user."); // ok, user exists and doesn't own anything in the system, so delete them diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/AttributeBundleService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/AttributeBundleService.java index 916ea99b2..52b869693 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/AttributeBundleService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/AttributeBundleService.java @@ -1,7 +1,7 @@ package edu.internet2.tier.shibboleth.admin.ui.service; import edu.internet2.tier.shibboleth.admin.ui.domain.AttributeBundle; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.AttributeBundleRepository; import org.springframework.beans.factory.annotation.Autowired; @@ -26,17 +26,17 @@ public List findAll() { return attributeBundleRepository.findAll(); } - public void deleteDefinition(String resourceId) throws EntityNotFoundException { + public void deleteDefinition(String resourceId) throws PersistentEntityNotFound { if (attributeBundleRepository.findByResourceId(resourceId).isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find attribute bundle with resource id: [%s] for deletion", resourceId)); + throw new PersistentEntityNotFound(String.format("Unable to find attribute bundle with resource id: [%s] for deletion", resourceId)); } attributeBundleRepository.deleteById(resourceId); } - public AttributeBundle updateBundle(AttributeBundle bundle) throws EntityNotFoundException { + public AttributeBundle updateBundle(AttributeBundle bundle) throws PersistentEntityNotFound { Optional dbBundle = attributeBundleRepository.findByResourceId(bundle.getResourceId()); if (dbBundle.isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find attribute bundle with resource id: [%s] for update", bundle.getResourceId())); + throw new PersistentEntityNotFound(String.format("Unable to find attribute bundle with resource id: [%s] for update", bundle.getResourceId())); } AttributeBundle bundleToUpdate = dbBundle.get(); bundleToUpdate.setName(bundle.getName()); @@ -44,10 +44,10 @@ public AttributeBundle updateBundle(AttributeBundle bundle) throws EntityNotFoun return attributeBundleRepository.save(bundleToUpdate); } - public AttributeBundle findByResourceId(String resourceId) throws EntityNotFoundException { + public AttributeBundle findByResourceId(String resourceId) throws PersistentEntityNotFound { Optional result = attributeBundleRepository.findByResourceId(resourceId); if (result.isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find attribute bundle with resource id: [%s] for deletion", resourceId)); + throw new PersistentEntityNotFound(String.format("Unable to find attribute bundle with resource id: [%s] for deletion", resourceId)); } return result.get(); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java index 6fe0a8c25..98454c058 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java @@ -17,10 +17,7 @@ public class CustomEntityAttributesDefinitionServiceImpl implements CustomEntityAttributesDefinitionService { @Autowired private ApplicationEventPublisher applicationEventPublisher; - - @Autowired - EntityManager entityManager; - + @Autowired private CustomEntityAttributeDefinitionRepository repository; @@ -53,4 +50,4 @@ public List getAllDefinitions() { private void notifyListeners() { applicationEventPublisher.publishEvent(new CustomEntityAttributeDefinitionChangeEvent(this)); } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java index 6ecf9073e..6d66732b0 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java @@ -3,7 +3,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.Attribute; import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; @@ -55,9 +55,9 @@ EntityDescriptorRepresentation createNew(EntityDescriptorRepresentation edRepres /** * @param resourceId - id of the JPA EntityDescriptor * @throws ForbiddenException If user is unauthorized to perform this operation - * @throws EntityNotFoundException If the db entity is not found + * @throws PersistentEntityNotFound If the db entity is not found */ - void delete(String resourceId) throws ForbiddenException, EntityNotFoundException; + void delete(String resourceId) throws ForbiddenException, PersistentEntityNotFound; /** * @return - Iterable set of EntityDescriptorRepresentations of those items which are NOT enabled and not owned by @@ -83,9 +83,9 @@ EntityDescriptorRepresentation createNew(EntityDescriptorRepresentation edRepres * @param resourceId - id of the JPA EntityDescriptor * @return JPA EntityDescriptor * @throws ForbiddenException If user is unauthorized to perform this operation - * @throws EntityNotFoundException If the db entity is not found + * @throws PersistentEntityNotFound If the db entity is not found */ - EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throws EntityNotFoundException, ForbiddenException; + EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throws PersistentEntityNotFound, ForbiddenException; /** * Given a list of attributes, generate a map of relying party overrides @@ -97,12 +97,12 @@ EntityDescriptorRepresentation createNew(EntityDescriptorRepresentation edRepres /** * @throws ForbiddenException If the user is not permitted to perform the action - * @throws EntityNotFoundException If the entity doesn't already exist in the database + * @throws PersistentEntityNotFound If the entity doesn't already exist in the database * @throws ConcurrentModificationException IF the entity is being modified in another session * @throws InvalidPatternMatchException If the entity id or the ACS location urls don't match the supplied regex */ EntityDescriptorRepresentation update(EntityDescriptorRepresentation edRepresentation) - throws ForbiddenException, EntityNotFoundException, ConcurrentModificationException, + throws ForbiddenException, PersistentEntityNotFound, ConcurrentModificationException, InvalidPatternMatchException; /** @@ -113,7 +113,8 @@ EntityDescriptorRepresentation update(EntityDescriptorRepresentation edRepresent */ void updateDescriptorFromRepresentation(final org.opensaml.saml.saml2.metadata.EntityDescriptor entityDescriptor, final EntityDescriptorRepresentation representation); - EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws EntityNotFoundException, ForbiddenException; + EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws + PersistentEntityNotFound, ForbiddenException; EntityDescriptorRepresentation createNewEntityDescriptorFromXMLOrigin(EntityDescriptor ed); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java index c8c67fbc8..365fccb80 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java @@ -3,7 +3,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.versioning.Version; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import java.util.List; @@ -12,7 +12,8 @@ */ public interface EntityDescriptorVersionService { - List findVersionsForEntityDescriptor(String resourceId) throws EntityNotFoundException; + List findVersionsForEntityDescriptor(String resourceId) throws PersistentEntityNotFound; - EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionId) throws EntityNotFoundException; -} + EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionId) throws + PersistentEntityNotFound; +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EnversEntityDescriptorVersionService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EnversEntityDescriptorVersionService.java index 99906882b..5857ac283 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EnversEntityDescriptorVersionService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EnversEntityDescriptorVersionService.java @@ -4,7 +4,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.versioning.Version; import edu.internet2.tier.shibboleth.admin.ui.envers.EnversVersionServiceSupport; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import java.util.List; @@ -23,20 +23,21 @@ public EnversEntityDescriptorVersionService(EnversVersionServiceSupport enversVe } @Override - public List findVersionsForEntityDescriptor(String resourceId) throws EntityNotFoundException { + public List findVersionsForEntityDescriptor(String resourceId) throws PersistentEntityNotFound { List results = enversVersionServiceSupport.findVersionsForPersistentEntity(resourceId, EntityDescriptor.class); if (results.isEmpty()) { - throw new EntityNotFoundException(String.format("No versions found for entity descriptor with resource id [%s].", resourceId)); + throw new PersistentEntityNotFound(String.format("No versions found for entity descriptor with resource id [%s].", resourceId)); } return results; } @Override - public EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionId) throws EntityNotFoundException { + public EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionId) throws + PersistentEntityNotFound { Object edObject = enversVersionServiceSupport.findSpecificVersionOfPersistentEntity(resourceId, versionId, EntityDescriptor.class); if (edObject == null) { - throw new EntityNotFoundException("Unable to find specific version requested - version: " + versionId); + throw new PersistentEntityNotFound("Unable to find specific version requested - version: " + versionId); } return entityDescriptorService.createRepresentationFromDescriptor((EntityDescriptor) edObject); } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java index 6d752928b..d5823ef9f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java @@ -5,7 +5,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterRepresentation; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; /** @@ -31,5 +31,6 @@ public interface FilterService { */ FilterRepresentation createRepresentationFromFilter(final EntityAttributesFilter entityAttributesFilter); - MetadataFilter updateFilterEnabledStatus(String metadataResolverId, String resourceId, boolean status) throws EntityNotFoundException, ForbiddenException, ScriptException; -} + MetadataFilter updateFilterEnabledStatus(String metadataResolverId, String resourceId, boolean status) throws + PersistentEntityNotFound, ForbiddenException, ScriptException; +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java index ec5c28048..6269020e8 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java @@ -16,7 +16,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.OrganizationRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.SecurityInfoRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.ServiceProviderSsoDescriptorRepresentation; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; @@ -354,7 +354,7 @@ public EntityDescriptorRepresentation createRepresentationFromDescriptor(org.ope } @Override - public void delete(String resourceId) throws ForbiddenException, EntityNotFoundException { + public void delete(String resourceId) throws ForbiddenException, PersistentEntityNotFound { EntityDescriptor ed = getEntityDescriptorByResourceId(resourceId); if (ed.isServiceEnabled()) { throw new ForbiddenException("Deleting an enabled Metadata Source is not allowed. Disable the source and try again."); @@ -398,10 +398,10 @@ public List getAttributeReleaseListFromAttributeList(List att } @Override - public EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throws EntityNotFoundException, ForbiddenException { + public EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throws PersistentEntityNotFound, ForbiddenException { EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId); if (ed == null) { - throw new EntityNotFoundException(String.format("The entity descriptor with entity id [%s] was not found.", resourceId)); + throw new PersistentEntityNotFound(String.format("The entity descriptor with entity id [%s] was not found.", resourceId)); } if (!userService.isAuthorizedFor(ed)) { throw new ForbiddenException(); @@ -416,10 +416,10 @@ public Map getRelyingPartyOverridesRepresentationFromAttributeLi @Override public EntityDescriptorRepresentation update(EntityDescriptorRepresentation edRep) - throws ForbiddenException, EntityNotFoundException, InvalidPatternMatchException { + throws ForbiddenException, PersistentEntityNotFound, InvalidPatternMatchException { EntityDescriptor existingEd = entityDescriptorRepository.findByResourceId(edRep.getId()); if (existingEd == null) { - throw new EntityNotFoundException(String.format("The entity descriptor with entity id [%s] was not found for update.", edRep.getId())); + throw new PersistentEntityNotFound(String.format("The entity descriptor with entity id [%s] was not found for update.", edRep.getId())); } if (edRep.isServiceEnabled() && !userService.currentUserCanEnable(existingEd)) { throw new ForbiddenException("You do not have the permissions necessary to enable this service."); @@ -456,10 +456,11 @@ public void updateDescriptorFromRepresentation(org.opensaml.saml.saml2.metadata. } @Override - public EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws EntityNotFoundException, ForbiddenException { + public EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws + PersistentEntityNotFound, ForbiddenException { EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId); if (ed == null) { - throw new EntityNotFoundException("Entity with resourceid[" + resourceId + "] was not found for update"); + throw new PersistentEntityNotFound("Entity with resourceid[" + resourceId + "] was not found for update"); } if (!userService.currentUserCanEnable(ed)) { throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this entity descriptor."); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java index c42bd7cad..aeab05669 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java @@ -1,11 +1,10 @@ package edu.internet2.tier.shibboleth.admin.ui.service; -import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable; import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.repository.FilterRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository; @@ -16,7 +15,6 @@ import org.springframework.transaction.interceptor.TransactionAspectSupport; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; import java.util.Optional; @@ -108,7 +106,7 @@ private void reloadFiltersAndHandleScriptException(String resolverResourceId) th */ @Override public MetadataFilter updateFilterEnabledStatus(String metadataResolverId, String resourceId, boolean status) - throws EntityNotFoundException, ForbiddenException, ScriptException { + throws PersistentEntityNotFound, ForbiddenException, ScriptException { MetadataResolver metadataResolver = metadataResolverRepository.findByResourceId(metadataResolverId); // Now we operate directly on the filter attached to MetadataResolver, @@ -116,7 +114,7 @@ public MetadataFilter updateFilterEnabledStatus(String metadataResolverId, Strin Optional filterTobeUpdatedOptional = metadataResolver.getMetadataFilters().stream() .filter(it -> it.getResourceId().equals(resourceId)).findFirst(); if (filterTobeUpdatedOptional.isEmpty()) { - throw new EntityNotFoundException("Filter with resource id[" + resourceId + "] not found"); + throw new PersistentEntityNotFound("Filter with resource id[" + resourceId + "] not found"); } MetadataFilter filterTobeUpdated = filterTobeUpdatedOptional.get(); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java index 6c921509e..b32e0d9f9 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java @@ -4,13 +4,12 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException; -import org.w3c.dom.Node; public interface MetadataResolverService { - public MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException; + public MetadataResolver findByResourceId(String resourceId) throws PersistentEntityNotFound; public Document generateConfiguration(); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java new file mode 100644 index 000000000..8c1533a6d --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -0,0 +1,30 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; + +import java.util.Collection; +import java.util.List; + +public interface ShibConfigurationService { + void addAllConfigurationProperties(Collection newProperties); + + ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException; + + void delete(int resourceId) throws PersistentEntityNotFound; + + List getAllConfigurationProperties(); + + List getAllPropertySets(); + + List getExistingPropertyNames(); + + ShibPropertySet getSet(int resourceId) throws PersistentEntityNotFound; + + ShibConfigurationProperty save(ShibConfigurationProperty prop); + + ShibPropertySet update(ShibPropertySet setToUpdate) throws PersistentEntityNotFound; +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java new file mode 100644 index 000000000..21a5605e9 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -0,0 +1,134 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.util.ArrayList; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; + +@Service +public class ShibConfigurationServiceImpl implements ShibConfigurationService { + @Autowired + private ShibConfigurationRepository shibConfigurationRepository; + + @Autowired + private ShibPropertySetRepository shibPropertySetRepository; + + @Autowired + private ShibPropertySettingRepository shibPropertySettingRepository; + + @Override + public void addAllConfigurationProperties(Collection newProperties) { + shibConfigurationRepository.saveAll(newProperties); + } + + @Override + public ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException { + try { + getSet(set.getResourceId()); + throw new ObjectIdExistsException(Integer.toString(set.getResourceId())); + } + catch (PersistentEntityNotFound e) { + // we don't want to find the object + } + return save(set); + } + + @Override + public void delete(int resourceId) throws PersistentEntityNotFound { + ShibPropertySet set = shibPropertySetRepository.findByResourceId(resourceId); + if (set == null) { + throw new PersistentEntityNotFound(String.format("The property set with id [%s] was not found for update.", resourceId)); + } + shibPropertySettingRepository.deleteAll(set.getProperties()); + shibPropertySetRepository.delete(set); + } + + @Override + public List getAllConfigurationProperties() { + return shibConfigurationRepository.findAll(); + } + + @Override + public List getAllPropertySets() { + return shibPropertySetRepository.findAllBy(); + } + + @Override + public List getExistingPropertyNames() { + return shibConfigurationRepository.getPropertyNames(); + } + + @Override + public ShibPropertySet getSet(int resourceId) throws PersistentEntityNotFound { + ShibPropertySet result = shibPropertySetRepository.findByResourceId(resourceId); + if (result == null) { + throw new PersistentEntityNotFound((String.format("The property set with id [%s] was not found.", resourceId))); + } + return result; + } + + @Override + public ShibConfigurationProperty save(ShibConfigurationProperty prop) { + return shibConfigurationRepository.save(prop); + } + + @Override + public ShibPropertySet update(ShibPropertySet setToUpdate) throws PersistentEntityNotFound { + getSet(setToUpdate.getResourceId()); // check that it exists, if not it'll throw an exception + return save(setToUpdate); + } + + private ShibPropertySet save(ShibPropertySet incomingPropSet) { + ShibPropertySet result = new ShibPropertySet(); + List propertiesToUpdate = new ArrayList<>(); + + if (incomingPropSet.getResourceId() == 0) { + // The incoming set is new, so treat the properties as all new as well + propertiesToUpdate.addAll(shibPropertySettingRepository.saveAll(incomingPropSet.getProperties())); + result.setName(incomingPropSet.getName()); + } else { + // if the prop set exists, get the existing entity and update it + result = shibPropertySetRepository.findByResourceId(incomingPropSet.getResourceId()); + result.setName(incomingPropSet.getName()); + + HashMap existingPropMap = new HashMap<>(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + // find props that are no longer in the set and remove them + incomingPropSet.getProperties().forEach(prop -> existingPropMap.remove(prop.getPropertyName())); + shibPropertySettingRepository.deleteAll(existingPropMap.values()); + // reset our map of existing so we can find new entries + existingPropMap.clear(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + incomingPropSet.getProperties().forEach(prop -> { + if ( !existingPropMap.containsKey(prop.getPropertyName()) ) { + ShibPropertySetting updatedEntity = shibPropertySettingRepository.save(prop); + propertiesToUpdate.add(updatedEntity); + } else { + // get the entity from the map, update it, save to update list + ShibPropertySetting updatedEntity = existingPropMap.get(prop.getPropertyName()); + // the value is really the only thing that should change... + updatedEntity.setConfigFile(prop.getConfigFile()); + updatedEntity.setPropertyValue(prop.getPropertyValue()); + updatedEntity.setCategory(prop.getCategory()); + updatedEntity.setDisplayType(prop.getDisplayType()); + propertiesToUpdate.add(shibPropertySettingRepository.save(updatedEntity)); + } + }); + } + result.setProperties(propertiesToUpdate); + return shibPropertySetRepository.save(result); + } + +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java new file mode 100644 index 000000000..0e3073bfc --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java @@ -0,0 +1,21 @@ +package edu.internet2.tier.shibboleth.admin.util; + +import org.apache.commons.lang3.StringUtils; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +@Converter +public class EmptyStringToNullConverter implements AttributeConverter { + @Override + public String convertToDatabaseColumn(String string) { + // if whitespace is set on a value, send null to the db + return StringUtils.defaultIfBlank(string, null); + } + + @Override + public String convertToEntityAttribute(String dbData) { + // keep nulls from the db as nulls + return dbData; + } +} \ No newline at end of file diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 8c547c0c6..dcd97aee4 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -70,6 +70,7 @@ action.source-group=Group action.enable=Enable action.disable=Disable action.get-latest=Get latest changes +action.download=Download action.add-new-role=Add new role action.roles=Roles @@ -78,6 +79,9 @@ action.select-bundle=Select Bundle action.get-latest=Get latest +action.configurations=Shibboleth configurations +action.create-new-configuration=Create Shibboleth configuration set + value.enabled=Enabled value.disabled=Disabled value.current=Current @@ -531,6 +535,11 @@ label.role-name=Role Name label.role-description=Role Description label.role=Role +label.configuration-management=Manage Shibboleth configurations +label.configuration-name=Shibboleth configuration sets +label.new-configuration=Create new configuration set +label.edit-configuration=Edit configuration set + message.delete-role-title=Delete Role? message.delete-role-body=You are requesting to delete a role. If you complete this process the role will be removed. This cannot be undone. Do you wish to continue? @@ -749,7 +758,26 @@ tooltip.role-description=A description of the purpose of the role. tooltip.contact-information=Add a contact to organization information. Contacts provide information about how to contact the organization responsible for standing up the entity. +tooltip.download-single-config=Putting all the properties in one file can make it easier for deploying or moving among environments. +tooltip.download-multi-config=Putting the properties into individual files will follow the distribution layout and more closely align with the Shibboleth wiki page sections describing each property. +action.download-single-config=Single file +action.download-multi-config=Separated files +label.download-config=Downloads +message.configurations-none=No configurations defined. +label.configuration-name=Name +label.configuration-name-placeholder=Enter name +label.configuration-property=Property +label.configuration-category=Category +label.configuration-type=Type +label.configuration-value=Value +label.configuration-action=Action +message.delete-property-title=Delete Configuration? +message.delete-property-body=You are requesting to delete a configuration set. If you complete this process the set will be removed. This cannot be undone. Do you wish to continue? +message.name-required=Name is required. +message.properties-none=At least one property is required. + label.external-description=Description + tooltip.external-description=A brief description of the purpose of this filter. label.algorithm=Algorithm @@ -763,4 +791,6 @@ value.algorithm-cbc-256=CBC (256) - http://www.w3.org/2001/04/xmlenc#aes256-cbc value.algorithm-cbc-192=CBC (192) - http://www.w3.org/2001/04/xmlenc#aes192-cbc value.algorithm-cbc-128=CBC (128) - http://www.w3.org/2001/04/xmlenc#aes128-cbc value.algorithm-cbc-tripledes=CBC (TRIPLEDES) - http://www.w3.org/2001/04/xmlenc#tripledes-cbc -message.algorithms-unique=Each algorithm may only be used once. \ No newline at end of file + +message.algorithms-unique=Each algorithm may only be used once. + diff --git a/backend/src/main/resources/shib_configuration_prop.csv b/backend/src/main/resources/shib_configuration_prop.csv new file mode 100644 index 000000000..fd6b84a33 --- /dev/null +++ b/backend/src/main/resources/shib_configuration_prop.csv @@ -0,0 +1,656 @@ +474,?,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.storage.authenticated,BOOLEAN,, +472,?,admin/admin.properties,Audit log identifier for flow,4.1,,,,Storage,idp.storage.logging,STRING,, +476,?,admin/admin.properties,?,4.1,,,,,idp.storage.defaultAuthenticationMethods,STRING,, +473,?,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.storage.accessPolicy,STRING,, +475,?,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.storage.nonBrowserSupported,BOOLEAN,, +442,AACLI,admin/admin.properties,?,4.1,,,,,idp.resolvertest.defaultAuthenticationMethods,STRING,, +443,AACLI,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.resolvertest.resolveAttributes,BOOLEAN,, +439,AACLI,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.resolvertest.accessPolicy,STRING,, +438,AACLI,admin/admin.properties,Audit log identifier for flow,4.1,,,,ResolverTest,idp.resolvertest.logging,STRING,, +441,AACLI,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.resolvertest.nonBrowserSupported,BOOLEAN,, +444,AACLI,admin/admin.properties,?,4.1,,,,,idp.resolvertest.postAuthenticationFlows,STRING,, +440,AACLI,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.resolvertest.authenticated,BOOLEAN,, +466,AccountLockoutManagement,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.lockout.accessPolicy,STRING,, +467,AccountLockoutManagement,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.lockout.authenticated,BOOLEAN,, +470,AccountLockoutManagement,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.lockout.resolveAttributes,BOOLEAN,, +468,AccountLockoutManagement,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.lockout.nonBrowserSupported,BOOLEAN,, +469,AccountLockoutManagement,admin/admin.properties,?,4.1,,,,,idp.lockout.defaultAuthenticationMethods,STRING,, +471,AccountLockoutManagement,admin/admin.properties,?,4.1,,,,,idp.lockout.postAuthenticationFlows,STRING,, +465,AccountLockoutManagement,admin/admin.properties,Audit log identifier for flow,4.1,,,,Lockout,idp.lockout.logging,STRING,, +479,AttendedRestartConfiguration,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.unlock-keys.accessPolicy,STRING,, +480,AttendedRestartConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,true,idp.unlock-keys.authenticated,BOOLEAN,, +478,AttendedRestartConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,UnlockKeys,idp.unlock-keys.logging,STRING,, +477,AttendedRestartConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.storage.resolveAttributes,BOOLEAN,, +483,AttendedRestartConfiguration,admin/admin.properties,?,4.1,,,,,idp.unlock-keys.postAuthenticationFlows,STRING,, +481,AttendedRestartConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.unlock-keys.nonBrowserSupported,BOOLEAN,, +482,AttendedRestartConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.unlock-keys.resolveAttributes,BOOLEAN,, +491,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue,4.1,,,,,idp.c14n.attribute.attributeSourceIds,STRING,, +492,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service,4.1,,,,false,idp.c14n.attribute.resolveFromSubject,BOOLEAN,, +487,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.attribute.lowercase,BOOLEAN,, +493,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone,4.1,,,,shibboleth.Conditions.TRUE,idp.c14n.attribute.resolutionCondition,SPRING_BEAN_ID,, +488,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.attribute.uppercase,BOOLEAN,, +489,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.attribute.trim,BOOLEAN,, +490,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can),4.1,,,,,idp.c14n.attribute.attributesToResolve,STRING,, +512,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Status,idp.service.logging.status,STRING,, +511,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.cas,STRING,, +514,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Reload,idp.service.logging.serviceReload,STRING,, +515,AuditLoggingConfiguration,services.properties,Hash algorithm to apply to various hashed fields,4.1,,,,SHA-256,idp.audit.hashAlgorithm,STRING,, +510,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Logout,idp.service.logging.logout,STRING,, +516,AuditLoggingConfiguration,services.properties,Salt to apply to hashed fields must be set to use those fields,4.1,,,,,idp.audit.salt,STRING,, +509,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Logout,idp.service.logging.saml2slo,STRING,, +504,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,AttributeQuery,idp.service.logging.saml1attrquery,STRING,, +508,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ArtifactResolution,idp.service.logging.saml2artifact,STRING,, +507,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,AttributeQuery,idp.service.logging.saml2attrquery,STRING,, +506,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.saml2sso,STRING,, +118,AuditLoggingConfiguration,services.properties,"Set false if you want SAML bindings ""spelled out"" in audit log",all,,,,true,idp.audit.shortenBindings,BOOLEAN,, +503,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.saml1sso,STRING,, +513,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ResolverTest,idp.service.logging.resolvertest,STRING,, +505,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ArtifactResolution,idp.service.logging.saml1artifact,STRING,, +78,AuthenticationConfiguration,authn/authn.properties,Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication,4.1,,,,true,idp.authn.proxyRestrictionsEnforced,BOOLEAN,, +79,AuthenticationConfiguration,authn/authn.properties,Whether to prioritize prior authentication results when an SP requests more than one possible matching method,all,,,,false,idp.authn.favorSSO,BOOLEAN,, +82,AuthenticationConfiguration,authn/authn.properties,Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose,4.1,,,,,idp.authn.discoveryURL,STRING,, +80,AuthenticationConfiguration,authn/authn.properties,Whether to populate information about the relying party into the tree for user interfaces during login and interceptors,all,,,,true,idp.authn.rpui,BOOLEAN,, +81,AuthenticationConfiguration,authn/authn.properties,Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session.,all,,,,false,idp.authn.identitySwitchIsError,BOOLEAN,, +76,AuthenticationConfiguration,authn/authn.properties,Default amount of time to allow reuse prior authentication flows,all,,,measured since first usage,PT60M,idp.authn.defaultLifetime,DURATION,, +77,AuthenticationConfiguration,authn/authn.properties,Default inactivity timeout to prevent reuse of prior authentication flows,all,,,measured since last usage,PT30M,idp.authn.defaultTimeout,DURATION,, +75,AuthenticationConfiguration,authn/authn.properties,Required expression that identifies the login flows to globally enable,all,,,"ex. Password, MA, DUO",,idp.authn.flows,STRING,, +83,AuthenticationConfiguration,authn/authn.properties,Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set,4,,,,false,idp.authn.overrideRequestedAuthnContext,BOOLEAN,, +110,CasProtocolConfiguration,idp.properties,CAS service registry implementation class,all,,,,net.shibboleth.idp.cas.service.PatternServiceRegistry,idp.cas.serviceRegistryClass,STRING,, +109,CasProtocolConfiguration,idp.properties,"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed ""simple"" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)",all,,,,shibboleth.StorageService,idp.cas.StorageService,SPRING_BEAN_ID,, +111,CasProtocolConfiguration,idp.properties,If true CAS services provisioned with SAML metadata are identified via entityID,all,,,,false,idp.cas.relyingPartyIdFromMetadata,BOOLEAN,, +89,ConsentConfiguration,idp.properties,Name of function used to return the String storage key representing a user defaults to the principal name,all,,,,shibboleth.consent.PrincipalConsentStorageKey,idp.consent.terms-of-use.userStorageKey,SPRING_BEAN_ID,, +96,ConsentConfiguration,idp.properties,Whether per-attribute consent is allowed,all,,,,false,idp.consent.allowPerAttribute,BOOLEAN,, +97,ConsentConfiguration,idp.properties,Whether attribute values and terms of use text are stored and compared for equality,all,,,,false,idp.consent.compareValues,BOOLEAN,, +94,ConsentConfiguration,idp.properties,Whether not remembering/storing consent is allowed,all,,,,true,idp.consent.allowDoNotRemember,BOOLEAN,, +95,ConsentConfiguration,idp.properties,Whether consent to any attribute and to any relying party is allowed,all,,,,true,idp.consent.allowGlobal,BOOLEAN,, +86,ConsentConfiguration,idp.properties,Attribute whose value is the storage key representing a user,all,,,,uid,idp.consent.attribute-release.userStorageKeyAttribute,STRING,, +98,ConsentConfiguration,idp.properties,"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit",all,,,,10,idp.consent.maxStoredRecords,INTEGER,, +100,ConsentConfiguration,idp.properties,Time in milliseconds to expire consent storage records,4.x,,,"(v4.0=P1Y,v4.1=infinite)",,idp.consent.storageRecordLifetime,DURATION,, +90,ConsentConfiguration,idp.properties,Attribute whose value is the storage key representing a user,all,,,,uid,idp.consent.terms-of-use.userStorageKeyAttribute,STRING,, +91,ConsentConfiguration,idp.properties,Suffix of message property used as value of consent storage records when idp.consent.compareValues is true,all,,,,.text,idp.consent.terms-of-use.consentValueMessageCodeSuffix,STRING,, +84,ConsentConfiguration,idp.properties,Name of storage service used to store users' consent choices,all,,,,shibboleth.ClientPersistentStorageService,idp.consent.StorageService,SPRING_BEAN_ID,, +85,ConsentConfiguration,idp.properties,Name of function used to return the String storage key representing a user defaults to the principal name,all,,,,shibboleth.consent.PrincipalConsentStorageKey,idp.consent.attribute-release.userStorageKey,SPRING_BEAN_ID,, +99,ConsentConfiguration,idp.properties,"Maximum number of records stored when using larger/server-side storage, 0 = no limit",all,,,,0,idp.consent.expandedMaxStoredRecords,INTEGER,, +88,ConsentConfiguration,idp.properties,Default consent auditing formats,all,,,Logback logging pattern,%T|%SP|%e|%u|%CCI|%CCV|%CCA,idp.consent.attribute-release.auditFormat,STRING,, +93,ConsentConfiguration,idp.properties,Default consent auditing formats,all,,,Logback logging pattern,%T|%SP|%e|%u|%CCI|%CCV|%CCA,idp.consent.terms-of-use.auditFormat,STRING,, +92,ConsentConfiguration,idp.properties,Optional condition to apply to control activation of terms-of-use flow,4.1,,,,shibboleth.Conditions.TRUE,idp.consent.terms-of-use.activationCondition,SPRING_BEAN_ID,, +87,ConsentConfiguration,idp.properties,Optional condition to apply to control activation of attribute-release flow along with system default behavior,4.1,,,,shibboleth.Conditions.TRUE,idp.consent.attribute-release.activationCondition,SPRING_BEAN_ID,, +11,Core,idp.properties,applies a (fixed) scope typically a domain-valued suffix to an input attribute's values,all,,,,,idp.scope,STRING,, +2,Core,idp.properties,Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.,all,,,"Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties",,idp.additionalProperties,STRING,, +4,Core,idp.properties,Identifies the file to serve for requests to the IdP's well-known metadata location,all,,,,%{idp.home}/metadata/idp-metadata.xml,idp.entityID.metadataFile,STRING,, +47,Core,idp.properties,Auto-configures an HSTS response header,all,,,,max-age=0,idp.hsts,STRING,, +51,Core,idp.properties,"Location from which to load user-modifiable Velocity view templates. This can be set to include ""classpath*:/META-INF/net/shibboleth/idp/views"" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor",all,,,Comma seperated list of values,%{idp.home}/views,idp.views,STRING,, +107,Core,idp.properties,Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP),all,,,Bean ID of HttpClient to use for SOAP-based logout,SOAPClient.HttpClient,idp.soap.httpClient,SPRING_BEAN_ID,, +119,Core,idp.properties,Set to true to fail on velocity syntax errors,all,,,,false,idp.velocity.runtime.strictmode,BOOLEAN,, +122,Core,idp.properties,Policies to use with Impersonate interceptor flow,all,,,Policy ID,SpecificImpersonationPolicy,idp.impersonate.specificPolicy,STRING,, +50,Core,idp.properties,Location from which to load user-supplied webflows from,all,,,resource path,%{idp.home}/flows,idp.webflows,STRING,, +121,Core,idp.properties,Policies to use with Impersonate interceptor flow,all,,,Policy ID,GeneralImpersonationPolicy,idp.impersonate.generalPolicy,STRING,, +1,Core,idp.properties,Auto-load all files matching conf/**/*.properties,4,,,,true,idp.searchForProperties,BOOLEAN,, +10,Core,idp.properties,Identifies the file to serve for requests to the IdP's well-known metadata location,all,,,file pathname,%{idp.home}/metadata/idp-metadata.xml,idp.entityID.metadataFile,STRING,, +120,Core,idp.properties,Path to use with External interceptor flow,all,,,,contextRelative:intercept.jsp,idp.intercept.External.externalPath,STRING,, +108,Core,idp.properties,languages to use if no match can be found with the browser-supported languages,all,,,"Comma seperated list of values ex. en, fr, de",,idp.ui.fallbackLanguages,STRING,, +48,Core,idp.properties,Auto-configures an X-Frame-Options response header,all,,,,DENY,idp.frameoptions,SELECTION_LIST,"DENY,SAMEORIGIN", +49,Core,idp.properties,Auto-configures a Content Security Policy response header,all,,,,frame-ancestors 'none',idp.csp,STRING,, +45,CSRF,idp.properties,Enables CSRF protection,4,,,,true,idp.csrf.enabled,BOOLEAN,, +46,CSRF,idp.properties,Name of the HTTP parameter that stores the CSRF token,4,,,,csrf_token,idp.csrf.token.parameter,STRING,, +317,DuoAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.Duo,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.Duo.lifetime,DURATION,, +305,DuoAuthnConfiguration,authn/duo.properties,Name of HTTP request header for Duo AuthAPI factor,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,X-Shibboleth-Duo-Factor,idp.duo.nonbrowser.header.factor,STRING,, +311,DuoAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.Duo,,,false,idp.authn.Duo.nonBrowserSupported,BOOLEAN,, +314,DuoAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.Duo,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.Duo.proxyRestrictionsEnforced,BOOLEAN,, +320,DuoAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.Duo,,,shibboleth.Conditions.TRUE,idp.authn.Duo.activationCondition,SPRING_BEAN_ID,, +319,DuoAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.Duo,,,shibboleth.Conditions.TRUE,idp.authn.Duo.reuseCondition,SPRING_BEAN_ID,, +310,DuoAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.Duo,,,1000,idp.authn.Duo.order,INTEGER,, +302,DuoAuthnConfiguration,authn/duo.properties,Duo AuthAPI hostname assigned to the integration,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,${idp.duo.apiHost},idp.duo.nonbrowser.apiHost,STRING,, +298,DuoAuthnConfiguration,authn/duo.properties,DuoWeb API hostname assigned to the integration,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,,idp.duo.apiHost,STRING,, +318,DuoAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.Duo,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.Duo.inactivityTimeout,DURATION,, +313,DuoAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.Duo,,,false,idp.authn.Duo.forcedAuthenticationSupported,BOOLEAN,, +321,DuoAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer:/idp/profile/Authn/Duo/2FA/duo-callback,,idp.duo.oidc.redirectURL,STRING,, +608,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI integration key supplied by Duo,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.nonbrowser.integrationKey,STRING,, +598,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.secretKey,STRING,, +617,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum period inactivity between two consecutive data packets,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.socketTimeout,DURATION,, +616,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum length of time to wait for a connection to be returned from the connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.connectionRequestTimeout,DURATION,, +612,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI passcode,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Passcode,idp.duo.oidc.nonbrowser.header.passcode,STRING,, +615,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum length of time to wait for the connection to be established,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.connectionTimeout,DURATION,, +581,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.nonBrowserSupported,BOOLEAN,, +602,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Leeway allowed in token expiry calculations,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.clockSkew,DURATION,, +618,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Max total simultaneous connections allowed by the pooling connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,100,idp.duo.oidc.maxConnectionsTotal,INTEGER,, +590,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Bean ID ofPredicate determining whether flow is usable for request,4.1,idp.authn.DuoOIDC,1,,shibboleth.Conditions.TRUE,idp.authn.DuoOIDC.activationCondition,SPRING_BEAN_ID,, +589,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Bean ID ofPredicate controlling result reuse for SSO,4.1,idp.authn.DuoOIDC,1,,shibboleth.Conditions.TRUE,idp.authn.DuoOIDC.reuseCondition,SPRING_BEAN_ID,, +591,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Bean ID ofBiConsumer for subject customization",4.1,idp.authn.DuoOIDC,1,,,idp.authn.DuoOIDC.subjectDecorator,SPRING_BEAN_ID,, +619,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Max simultaneous connections per route allowed by the pooling connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,100,idp.duo.oidc.maxConnectionsPerRoute,INTEGER,, +588,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.defaultTimeout:PT30M},idp.authn.DuoOIDC.inactivityTimeout,DURATION,, +587,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Lifetime of results produced by this flow,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.defaultLifetime:PT1H},idp.authn.DuoOIDC.lifetime,DURATION,, +580,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.DuoOIDC,1,,1000,idp.authn.DuoOIDC.order,INTEGER,, +610,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI factor,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Factor,idp.duo.oidc.nonbrowser.header.factor,STRING,, +584,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow enforces upstream IdP-imposed restrictions on proxying,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.DuoOIDC.proxyRestrictionsEnforced,BOOLEAN,, +593,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.addDefaultPrincipals,BOOLEAN,, +594,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,DuoOIDC API hostname assigned to the integration,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.apiHost,STRING,, +582,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow allows for passive authentication,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.passiveAuthenticationSupported,BOOLEAN,, +585,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow considers itself to be proxying,4.1,idp.authn.DuoOIDC,1,and therefore enforces SP-signaled restrictions on proxying,false,idp.authn.DuoOIDC.proxyScopingEnforced,BOOLEAN,, +595,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The OAuth 2.0 Client Identifier valid at the Authorization Server,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.clientId,STRING,, +614,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Pass client address to Duo in API calls to support logging,4.1,idp.authn.DuoOIDC,1,push display,true,idp.duo.oidc.nonbrowser.clientAddressTrusted,BOOLEAN,, +592,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Comma-delimited list of protocol-specific Principalstrings associated with flow,4.1,idp.authn.DuoOIDC,1,,"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa",idp.authn.DuoOIDC.supportedPrincipals,STRING,, +597,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.redirecturl.allowedOrigins,STRING,, +599,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 health check endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/health_check,idp.duo.oidc.endpoint.health,STRING,, +600,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 token endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/token,idp.duo.oidc.endpoint.token,STRING,, +601,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 authorization endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/authorize,idp.duo.oidc.endpoint.authorize,STRING,, +604,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/token,idp.duo.oidc.jwt.verifier.issuerPath,STRING,, +605,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.,4.1,idp.authn.DuoOIDC,1,,preferred_username,idp.duo.oidc.jwt.verifier.preferredUsername,STRING,, +583,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow supports forced authentication,4.1,idp.authn.DuoOIDC,1,,true,idp.authn.DuoOIDC.forcedAuthenticationSupported,BOOLEAN,, +613,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Allow the factor to be defaulted in as ""auto"" if no headers are received",4.1,idp.authn.DuoOIDC,1,,true,idp.duo.oidc.nonbrowser.auto,BOOLEAN,, +607,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI hostname assigned to the integration,4.1,idp.authn.DuoOIDC,1,,%{idp.duo.oidc.apiHost},idp.duo.oidc.nonbrowser.apiHost,STRING,, +609,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI secret key supplied by Duo,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.nonbrowser.secretKey,STRING,, +611,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI device ID or name,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Device,idp.duo.oidc.nonbrowser.header.device,STRING,, +606,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,How long the authentication is valid. Only applies to forced authentication requests.,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.authLifetime,DURATION,, +620,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,To enable certificate revocation checking,4.1,idp.authn.DuoOIDC,1 (nimbus),,false,idp.duo.oidc.nimbus.checkRevocation,BOOLEAN,, +603,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum amount (in either direction from now) of duration for which a token is valid after it is issued,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.iatWindow,DURATION,, +586,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether to invoke IdP-discovery prior to running flow,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.discoveryRequired,BOOLEAN,, +55,ErrorHandlingConfiguration,idp.properties,"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class).",all,,,Bean ID of Properties (java.util.Properties),,idp.errors.excludedExceptions,SPRING_BEAN_ID,, +52,ErrorHandlingConfiguration,idp.properties,Whether to expose detailed error causes in status information provided to outside parties,all,,,,false,idp.errors.detailed,BOOLEAN,, +54,ErrorHandlingConfiguration,idp.properties,The default view name to render for exceptions and events,all,,,,error,idp.errors.defaultView,STRING,, +56,ErrorHandlingConfiguration,idp.properties,"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)",all,,,Bean ID of Collection (java.util),,idp.errors.exceptionMappings,SPRING_BEAN_ID,, +53,ErrorHandlingConfiguration,idp.properties,"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)",all,,,,true,idp.errors.signed,BOOLEAN,, +168,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.External,,,false,idp.authn.External.passiveAuthenticationSupported,BOOLEAN,, +170,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.External,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.External.proxyRestrictionsEnforced,BOOLEAN,, +176,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.External,,,shibboleth.Conditions.TRUE,idp.authn.External.activationCondition,SPRING_BEAN_ID,, +169,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.External,,,false,idp.authn.External.forcedAuthenticationSupported,BOOLEAN,, +173,ExternalAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.External,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.External.lifetime,DURATION,, +166,ExternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.External,,,1000,idp.authn.External.order,INTEGER,, +175,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.External,,,shibboleth.Conditions.TRUE,idp.authn.External.reuseCondition,SPRING_BEAN_ID,, +167,ExternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.External,,,false,idp.authn.External.nonBrowserSupported,BOOLEAN,, +178,ExternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.External,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.External.supportedPrincipals,STRING,, +164,ExternalAuthnConfiguration,authn/authn.properties,Spring Web Flow redirection expression for the protected resource,4.1,idp.authn.External,,,contextRelative:external.jsp,idp.authn.External.externalAuthnPath,STRING,, +179,ExternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.External,,,true,idp.authn.External.addDefaultPrincipals,BOOLEAN,, +165,ExternalAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.External,,regex expected,,idp.authn.External.matchExpression,STRING,, +172,ExternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.External,,,false,idp.authn.External.discoveryRequired,BOOLEAN,, +174,ExternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.External,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.External.inactivityTimeout,DURATION,, +171,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.External,,,false,idp.authn.External.proxyScopingEnforced,BOOLEAN,, +177,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer to use to decide whether to run,4.1,,,,,idp.fticks.condition,SPRING_BEAN_ID,, +114,FTICKSLoggingConfiguration,idp.properties,Digest algorithm used to obscure usernames,all,,,,SHA-2,idp.fticks.algorithm,STRING,, +115,FTICKSLoggingConfiguration,idp.properties,"A salt to apply when digesting usernames (if not specified, the username will not be included)",all,,,,,idp.fticks.salt,STRING,, +297,FunctionAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.Function,,,true,idp.authn.Function.addDefaultPrincipals,BOOLEAN,, +289,FunctionAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.Function,,,false,idp.authn.Function.proxyScopingEnforced,BOOLEAN,, +294,FunctionAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.Function,,,shibboleth.Conditions.TRUE,idp.authn.Function.activationCondition,SPRING_BEAN_ID,, +286,FunctionAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.Function,,,false,idp.authn.Function.passiveAuthenticationSupported,BOOLEAN,, +285,FunctionAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.Function,,,false,idp.authn.Function.nonBrowserSupported,BOOLEAN,, +295,FunctionAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.Function,,,shibboleth.Conditions.TRUE,idp.authn.Function.reuseCondition,SPRING_BEAN_ID,, +459,HelloWorldConfiguration,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByAdminUser,idp.hello.accessPolicy,STRING,, +461,HelloWorldConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.hello.nonBrowserSupported,BOOLEAN,, +458,HelloWorldConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,Hello,idp.hello.logging,STRING,, +462,HelloWorldConfiguration,admin/admin.properties,?,4.1,,,,,idp.hello.defaultAuthenticationMethods,STRING,, +463,HelloWorldConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,true,idp.hello.resolveAttributes,BOOLEAN,, +460,HelloWorldConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,true,idp.hello.authenticated,BOOLEAN,, +464,HelloWorldConfiguration,admin/admin.properties,?,4.1,,,,,idp.hello.postAuthenticationFlows,STRING,, +280,IPAddressAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.IPAddress,,,shibboleth.Conditions.TRUE,idp.authn.IPAddress.activationCondition,SPRING_BEAN_ID,, +278,IPAddressAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.IPAddress,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.IPAddress.inactivityTimeout,DURATION,, +283,IPAddressAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.IPAddress,,,true,idp.authn.IPAddress.addDefaultPrincipals,BOOLEAN,, +273,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.forcedAuthenticationSupported,BOOLEAN,, +275,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.proxyScopingEnforced,BOOLEAN,, +276,IPAddressAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.discoveryRequired,BOOLEAN,, +272,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.passiveAuthenticationSupported,BOOLEAN,, +270,IPAddressAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.IPAddress,,,1000,idp.authn.IPAddress.order,INTEGER,, +281,IPAddressAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.IPAddress,,,shibboleth.Conditions.TRUE,idp.authn.IPAddress.reuseCondition,SPRING_BEAN_ID,, +277,IPAddressAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.IPAddress,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.IPAddress.lifetime,DURATION,, +274,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.IPAddress,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.IPAddress.proxyRestrictionsEnforced,BOOLEAN,, +271,IPAddressAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.nonBrowserSupported,BOOLEAN,, +158,JAASAuthnConfiguration,authn/authn.properties,Comma-delimited set of JAAS application configuration names to use,4.1,,,,ShibUserPassAuth,idp.authn.JAAS.loginConfigNames,STRING,, +159,JAASAuthnConfiguration,authn/authn.properties,Location of JAAS configuration file,4.1,,,resource path,%{idp.home}/conf/authn/jaas.config,idp.authn.JAAS.loginConfig,STRING,, +161,KerberosAuthnConfiguration,authn/authn.properties,Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set,4.1,,,,false,idp.authn.Krb5.preserveTicket,BOOLEAN,, +163,KerberosAuthnConfiguration,authn/authn.properties,Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal,4.1,,,,,idp.authn.Krb5.keytab,STRING,, +160,KerberosAuthnConfiguration,authn/authn.properties,Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt,4.1,,,,false,idp.authn.Krb5.refreshConfig,BOOLEAN,, +162,KerberosAuthnConfiguration,authn/authn.properties,Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it,4.1,,,,,idp.authn.Krb5.servicePrincipal,STRING,, +144,LDAPAuthnConfiguration,authn/authn.properties,If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.freeIPADirectory,BOOLEAN,, +134,LDAPAuthnConfiguration,authn/authn.properties,Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.subtreeSearch,BOOLEAN,, +135,LDAPAuthnConfiguration,authn/authn.properties,LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.userFilter,STRING,, +132,LDAPAuthnConfiguration,authn/authn.properties,List of attributes to request during authentication,all,,,"Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.returnAttributes,STRING,, +133,LDAPAuthnConfiguration,authn/authn.properties,Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.baseDN,STRING,, +139,LDAPAuthnConfiguration,authn/authn.properties,Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.resolveEntryOnFailure,BOOLEAN,, +136,LDAPAuthnConfiguration,authn/authn.properties,DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindDN,STRING,, +123,LDAPAuthnConfiguration,authn/authn.properties,"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",anonSearchAuthenticator,idp.authn.LDAP.authenticator,STRING,, +127,LDAPAuthnConfiguration,authn/authn.properties,Time to wait for an LDAP response message,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.authn.LDAP.responseTimeout,DURATION,, +128,LDAPAuthnConfiguration,authn/authn.properties,"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",ACTIVE_PASSIVE,idp.authn.LDAP.connectionStrategy,STRING,, +157,LDAPAuthnConfiguration,authn/authn.properties,Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindPoolPassivator,STRING,, +126,LDAPAuthnConfiguration,authn/authn.properties,Time to wait for the TCP connection to occur.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.authn.LDAP.connectTimeout,DURATION,, +145,LDAPAuthnConfiguration,authn/authn.properties,If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.eDirectory,BOOLEAN,, +146,LDAPAuthnConfiguration,authn/authn.properties,Whether connection pools should be used for LDAP authentication and DN resolution,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.disablePooling,BOOLEAN,, +143,LDAPAuthnConfiguration,authn/authn.properties,If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.activeDirectory,BOOLEAN,, +149,LDAPAuthnConfiguration,authn/authn.properties,Whether to validate connections when checking them out of the pool,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.pool.LDAP.validateOnCheckout,BOOLEAN,, +125,LDAPAuthnConfiguration,authn/authn.properties,Whether StartTLS should be used after connecting with LDAP alone.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",true,idp.authn.LDAP.useStartTLS,BOOLEAN,, +129,LDAPAuthnConfiguration,authn/authn.properties,"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",certificateTrust,idp.authn.LDAP.sslConfig,STRING,, +140,LDAPAuthnConfiguration,authn/authn.properties,Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.resolveEntryWithBindDN,BOOLEAN,, +142,LDAPAuthnConfiguration,authn/authn.properties,Whether to use the Password Expired Control.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.usePasswordExpiration,BOOLEAN,, +150,LDAPAuthnConfiguration,authn/authn.properties,Whether to validate connections in the background,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",true,idp.pool.LDAP.validatePeriodically,BOOLEAN,, +130,LDAPAuthnConfiguration,authn/authn.properties,A resource to load trust anchors from when using sslConfig = certificateTrust,all,,,"resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.trustCertificates,STRING,, +131,LDAPAuthnConfiguration,authn/authn.properties,A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust,all,,,"resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.trustStore,STRING,, +152,LDAPAuthnConfiguration,authn/authn.properties,DN to search with the validateFilter: defaults to the rootDSE,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.pool.LDAP.validateDN,STRING,, +124,LDAPAuthnConfiguration,authn/authn.properties,Connection URI for LDAP directory,all,,,"LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.ldapURL,STRING,, +137,LDAPAuthnConfiguration,authn/authn.properties,Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindDNCredential,STRING,, +138,LDAPAuthnConfiguration,authn/authn.properties,A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator,all,,,"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.dnFormat,STRING,, +154,LDAPAuthnConfiguration,authn/authn.properties,Duration between looking for idle connections to reduce the pool back to its minimum size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT5M,idp.pool.LDAP.prunePeriod,DURATION,, +151,LDAPAuthnConfiguration,authn/authn.properties,Duration between validation if idp.pool.LDAP.validatePeriodically is true,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT5M,idp.pool.LDAP.validatePeriod,DURATION,, +141,LDAPAuthnConfiguration,authn/authn.properties,Whether to use the Password Policy Control.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.usePasswordPolicy,BOOLEAN,, +155,LDAPAuthnConfiguration,authn/authn.properties,Duration connections must be idle to be eligible for pruning,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT10M,idp.pool.LDAP.idleTime,DURATION,, +148,LDAPAuthnConfiguration,authn/authn.properties,Maximum LDAP connection pool size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",10,idp.pool.LDAP.maxSize,INTEGER,, +147,LDAPAuthnConfiguration,authn/authn.properties,Minimum LDAP connection pool size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",3,idp.pool.LDAP.minSize,INTEGER,, +156,LDAPAuthnConfiguration,authn/authn.properties,Duration to wait for a free connection in the pool,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.pool.LDAP.blockWaitTime,DURATION,, +153,LDAPAuthnConfiguration,authn/authn.properties,Search filter to execute in order to validate a pooled connection,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",(objectClass=*),idp.pool.LDAP.validateFilter,STRING,, +104,LogoutConfiguration,idp.properties,Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic,4.1,,,,false,idp.logout.preserveQuery,BOOLEAN,, +101,LogoutConfiguration,idp.properties,Whether to search metadata for user interface information associated with every service involved in logout propagation,all,,,,false,idp.logout.elaboration,BOOLEAN,, +105,LogoutConfiguration,idp.properties,When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints,4.2,,,,false,idp.logout.assumeAsync,BOOLEAN,, +106,LogoutConfiguration,idp.properties,"Applies the ""display:none"" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user",4.2,,,,false,idp.logout.propagationHidden,BOOLEAN,, +102,LogoutConfiguration,idp.properties,Whether to require signed logout messages in accordance with the SAML 2.0 standard,all,,,,true,idp.logout.authenticated,BOOLEAN,, +103,LogoutConfiguration,idp.properties,If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session,all,,,Bean ID of Predicate,false,idp.logout.promptUser,SPRING_BEAN_ID,, +642,Metadatagen,mdgen.properties,The width of the logo in pixels,4.1,idp.metadatagen,1,,80,idp.metadata.idpsso.mdui.logo.width,INTEGER,, +638,Metadatagen,mdgen.properties,Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier,4.1,idp.metadatagen,1,,,idp.metadata.dnsname,STRING,, +639,Metadatagen,mdgen.properties,Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.,4.1,idp.metadatagen,1,,,idp.metadata.backchannel.cert,STRING,, +640,Metadatagen,mdgen.properties,Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is use,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.logo.path,STRING,, +643,Metadatagen,mdgen.properties,A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.displayname.,STRING,, +641,Metadatagen,mdgen.properties,The height of the logo in pixels.,4.1,idp.metadatagen,1,,80,idp.metadata.idpsso.mdui.logo.height,INTEGER,, +645,Metadatagen,mdgen.properties,Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.description.,STRING,, +450,MetadataQuery,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.mdquery.resolveAttributes,BOOLEAN,, +451,MetadataQuery,admin/admin.properties,?,4.1,,,,,idp.mdquery.postAuthenticationFlows,STRING,, +445,MetadataQuery,admin/admin.properties,Audit log identifier for flow,4.1,,,,MetadataQuery,idp.mdquery.logging,STRING,, +446,MetadataQuery,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.mdquery.accessPolicy,STRING,, +449,MetadataQuery,admin/admin.properties,?,4.1,,,,,idp.mdquery.defaultAuthenticationMethods,STRING,, +448,MetadataQuery,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.mdquery.nonBrowserSupported,BOOLEAN,, +447,MetadataQuery,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.mdquery.authenticated,BOOLEAN,, +437,MetadataReload,admin/admin.properties,?,4.1,,,,,idp.reload.postAuthenticationFlows,STRING,, +436,MetadataReload,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.reload.resolveAttributes,BOOLEAN,, +432,MetadataReload,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.reload.accessPolicy,STRING,, +433,MetadataReload,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.reload.authenticated,BOOLEAN,, +434,MetadataReload,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.reload.nonBrowserSupported,BOOLEAN,, +431,MetadataReload,admin/admin.properties,Audit log identifier for flow,4.1,,,,Reload,idp.reload.logging,STRING,, +435,MetadataReload,admin/admin.properties,?,4.1,,,,,idp.reload.defaultAuthenticationMethods,STRING,, +454,MetricsConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.metrics.nonBrowserSupported,BOOLEAN,, +456,MetricsConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.metrics.resolveAttributes,BOOLEAN,, +455,MetricsConfiguration,admin/admin.properties,?,4.1,,,,,idp.metrics.defaultAuthenticationMethods,STRING,, +452,MetricsConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,Metrics,idp.metrics.logging,STRING,, +457,MetricsConfiguration,admin/admin.properties,?,4.1,,,,,idp.metrics.postAuthenticationFlows,STRING,, +453,MetricsConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.metrics.authenticated,BOOLEAN,, +344,MultiFactorAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.MFA,,,1000,idp.authn.MFA.order,INTEGER,, +343,MultiFactorAuthnConfiguration,authn/authn.properties,Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions,4.1,,,,true,idp.authn.MFA.validateLoginTransitions,BOOLEAN,, +355,MultiFactorAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.MFA,,,shibboleth.Conditions.TRUE,idp.authn.MFA.activationCondition,SPRING_BEAN_ID,, +345,MultiFactorAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.MFA,,,false,idp.authn.MFA.nonBrowserSupported,BOOLEAN,, +351,MultiFactorAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.MFA,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.MFA.lifetime,DURATION,, +353,MultiFactorAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.MFA,,,shibboleth.Conditions.TRUE,idp.authn.MFA.reuseCondition,SPRING_BEAN_ID,, +352,MultiFactorAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.MFA,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.MFA.inactivityTimeout,DURATION,, +347,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.MFA,,,false,idp.authn.MFA.forcedAuthenticationSupported,BOOLEAN,, +357,MultiFactorAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.MFA,,,true,idp.authn.MFA.addDefaultPrincipals,BOOLEAN,, +346,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.MFA,,,false,idp.authn.MFA.passiveAuthenticationSupported,BOOLEAN,, +356,MultiFactorAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.MFA,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.MFA.supportedPrincipals,STRING,, +350,MultiFactorAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.MFA,,,false,idp.authn.MFA.discoveryRequired,BOOLEAN,, +349,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.MFA,,,false,idp.authn.MFA.proxyScopingEnforced,BOOLEAN,, +501,NameIDConsumptionConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.saml.lowercase,BOOLEAN,, +502,NameIDConsumptionConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.saml.uppercase,BOOLEAN,, +358,NameIDGenerationConfiguration,saml-nameid.properties,Identifies the strategy plugin for generating transient IDs,all,,,Bean ID of a TransientIdGenerationStrategy,shibboleth.CryptoTransientIdGenerator,idp.transientId.generator,SPRING_BEAN_ID,, +359,NameIDGenerationConfiguration,saml-nameid.properties,Default Format to generate if nothing else is indicated,all,,,,urn:oasis:names:tc:SAML:2.0:nameid-format:transient,idp.nameid.saml2.default,STRING,, +360,NameIDGenerationConfiguration,saml-nameid.properties,Default Format to generate if nothing else is indicated,all,,,,urn:mace:shibboleth:1.0:nameIdentifier,idp.nameid.saml1.default,STRING,, +553,OAuth2ClientAuthnConfiguration,oidc.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.oidc.OP,3,,1000,idp.authn.OAuth2Client.order,INTEGER,, +557,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.oidc.OP,3,,true,idp.authn.OAuth2Client.addDefaultPrincipals,BOOLEAN,, +551,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed),4.1,idp.oidc.OP,3,,true,idp.authn.OAuth2Client.removeAfterValidation,BOOLEAN,, +552,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution,4.1,idp.oidc.OP,3,use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.,false,idp.authn.OAuth2Client.retainAsPrivateCredential,BOOLEAN,, +550,OAuth2ClientAuthnConfiguration,oidc.properties,Whether all validators must succeed or just one,4.1,idp.oidc.OP,3,,false,idp.authn.OAuth2Client.requireAll,BOOLEAN,, +554,OAuth2ClientAuthnConfiguration,oidc.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.oidc.OP,3,,shibboleth.Conditions.TRUE,idp.authn.OAuth2Client.activationCondition,SPRING_BEAN_ID,, +556,OAuth2ClientAuthnConfiguration,oidc.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.oidc.OP,3,,,idp.authn.OAuth2Client.supportedPrincipals,STRING,, +555,OAuth2ClientAuthnConfiguration,oidc.properties,Bean ID of BiConsumer> called shibboleth.oidc.AllowedAudienceStrategy",4.1,idp.oidc.OP,3,,,idp.oauth2.defaultAllowedAudience,SPRING_BEAN_ID,, +574,OPClientCredentialsGrant,oidc.properties,"bean of type Function called shibboleth.oidc.AllowedScopeStrategy",4.1,idp.oidc.OP,3,,,idp.oauth2.defaultAllowedScope,SPRING_BEAN_ID,, +572,OPClientResolution,oidc.properties,When non-zero enables monitoring of resources for service reload,4.1,idp.oidc.OP,3,,PT0S,idp.service.clientinfo.checkInterval,DURATION,, +571,OPClientResolution,oidc.properties,If true any failures during initialization of any resolvers result in IdP startup failure,4.1,idp.oidc.OP,3,,false,idp.service.clientinfo.failFast,BOOLEAN,, +573,OPClientResolution,oidc.properties,Name of bean used to define the resources to use in configuring this service,4.1,idp.oidc.OP,3,,shibboleth.ClientInformationResolverResources,idp.service.clientinfo.resources,SPRING_BEAN_ID,, +558,OPCustomFilterRegistration,oidc.properties,"By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints",4.1,idp.oidc.OP,3,,shibboleth.ResponseHeaderFilter,idp.oidc.ResponseHeaderFilter,SPRING_BEAN_ID,, +559,OPDiscovery,oidc.properties,Location of discovery template to use,4.1,idp.oidc.OP,3,,%{idp.home}/static/openid-configuration.json,idp.oidc.discovery.template,STRING,, +560,OPDiscovery,oidc.properties,Implementation bean for discovery shouldn't require alteration,4.1,idp.oidc.OP,3,,shibboleth.oidc.DefaultOpenIdConfigurationResolver,idp.oidc.discovery.resolver,SPRING_BEAN_ID,, +564,OPDynamicClientRegistration,oidc.properties,Whether to resolve attributes if authentication is enabled,4.1,idp.oidc.OP,3,,false,idp.oidc.admin.registration.resolveAttributes,BOOLEAN,, +566,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to all requests,4.1,idp.oidc.OP,3,,AccessByIPAddress,idp.oidc.admin.registration.accessPolicy,STRING,, +570,OPDynamicClientRegistration,oidc.properties,"Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.",4.1,idp.oidc.OP,3,,shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy,idp.oidc.admin.registration.lookup.policy,SPRING_BEAN_ID,, +562,OPDynamicClientRegistration,oidc.properties,Enables support for non-browser-based authentication,4.1,idp.oidc.OP,3,,true,idp.oidc.admin.registration.nonBrowserSupported,BOOLEAN,, +537,OPDynamicClientRegistration,oidc.properties,Registration lifetime,4.1,idp.oidc.OP,3,,PT24H,idp.oidc.dynreg.defaultRegistrationValidity,DURATION,, +569,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a clientId,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.clientIdPolicy,STRING,, +568,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a policyId,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.policyIdPolicy,STRING,, +567,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a policyLocation,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.policyLocationPolicy,STRING,, +563,OPDynamicClientRegistration,oidc.properties,Whether to enable user authentication for requests,4.1,idp.oidc.OP,3,,false,idp.oidc.admin.registration.authenticated,BOOLEAN,, +541,OPDynamicClientRegistration,oidc.properties,The acceptable client authentication methods when using dynamic registration,4.1,idp.oidc.OP,3,Comma seperated list of values,"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt",idp.oidc.dynreg.tokenEndpointAuthMethods,STRING,, +539,OPDynamicClientRegistration,oidc.properties,The default subject type if not set by client in request. Maybe set to pairwise or public.,4.1,idp.oidc.OP,3,,public,idp.oidc.dynreg.defaultSubjectType,STRING,, +565,OPDynamicClientRegistration,oidc.properties,Default access token lifetime if not specified,4.1,idp.oidc.OP,3,,P1D,idp.oidc.admin.registration.defaultTokenLifetime,DURATION,, +538,OPDynamicClientRegistration,oidc.properties,The default scopes accepted in dynamic registration,4.1,idp.oidc.OP,3,,openid profile email address phone offline_access,idp.oidc.dynreg.defaultScope,STRING,, +561,OPDynamicClientRegistration,oidc.properties,Audit logging label for this profile,4.1,idp.oidc.OP,3,,IssueRegistrationAccessToken,idp.oidc.admin.registration.logging,STRING,, +540,OPMetadataPolicies,oidc.properties,Full path to the file containing default metadata policy used for dynamic client registration,4.1,idp.oidc.OP,3,,,idp.oidc.dynreg.defaultMetadataPolicyFile,STRING,, +536,OPRevocation,oidc.properties,The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token,4.1,idp.oidc.OP,3,,CHAIN,idp.oauth2.revocationMethod,STRING,, +528,OPRevocation,oidc.properties,Lifetime of entries in revocation cache for authorize code,4.1,idp.oidc.OP,3,,PT6H,idp.oidc.revocationCache.authorizeCode.lifetime,DURATION,, +543,OPSecurity,oidc.properties,JWK EC signing keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-signing-es.jwk,idp.signing.oidc.es.key,STRING,, +547,OPSecurity,oidc.properties,Allows override of default request decryption configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.requestObjectDecryptionConfiguration,idp.oidc.rodecrypt.config,SPRING_BEAN_ID,, +544,OPSecurity,oidc.properties,JWK RSA decryption keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-encryption-rsa.jwk,idp.signing.oidc.rsa.enc.key,STRING,, +546,OPSecurity,oidc.properties,Allows override of default encryption configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.EncryptionConfiguration,idp.oidc.encryption.config,SPRING_BEAN_ID,, +545,OPSecurity,oidc.properties,Allows override of default signing configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.SigningConfiguration,idp.oidc.signing.config,SPRING_BEAN_ID,, +542,OPSecurity,oidc.properties,JWK RSA signing keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-signing-rs.jwk,idp.signing.oidc.rs.key,STRING,, +548,OPSecurity,oidc.properties,Allows override of default request signature validation configuration,4.1,idp.oidc.OP,3,one of these has the wrong name,shibboleth.oidc.requestObjectSignatureValidationConfiguration,idp.oidc.rovalid.config,SPRING_BEAN_ID,, +549,OPSecurity,oidc.properties,Allows override of default JWT token validation configuration,4.1,idp.oidc.OP,3,one of these has the wrong name,shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration,idp.oidc.rovalid.config,SPRING_BEAN_ID,, +577,OPSubClaim,oidc.properties,The source attribute used in generating the sub claim,4.1,idp.oidc.OP,3,,,idp.oidc.subject.sourceAttribute,STRING,, +578,OPSubClaim,oidc.properties,The digest algorithm used in generating the sub claim,4.1,idp.oidc.OP,3,,SHA,idp.oidc.subject.algorithm,STRING,, +579,OPSubClaim,oidc.properties,Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository,4.1,idp.oidc.OP,3,,,idp.oidc.subject.salt,STRING,, +535,OPToken,oidc.properties,Lifetime of access token issued to client for resource server,4.1,idp.oidc.OP,3,,PT10M,idp.oauth2.accessToken.defaultLifetime,DURATION,, +521,OPToken,oidc.properties,Lifetime of refresh token,4.1,idp.oidc.OP,3,,PT2H,idp.oidc.refreshToken.defaultLifetime,DURATION,, +530,OPToken,oidc.properties,The acceptable client authentication methods,4.1,idp.oidc.OP,3,Comma seperated list of values,"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt",idp.oidc.tokenEndpointAuthMethods,STRING,, +531,OPToken,oidc.properties,OAuth grant types to allow,4.1,idp.oidc.OP,3,Comma seperated list of values,"authorization_code,refresh_token",idp.oauth2.grantTypes,STRING,, +519,OPToken,oidc.properties,Lifetime of access token,4.1,idp.oidc.OP,3,,PT10M,idp.oidc.accessToken.defaultLifetime,DURATION,, +523,OPToken,oidc.properties,Whether client is allowed to use PKCE code challenge method plain,4.1,idp.oidc.OP,3,,false,idp.oidc.allowPKCEPlain,BOOLEAN,, +522,OPToken,oidc.properties,Whether client is required to use PKCE,4.1,idp.oidc.OP,3,,false,idp.oidc.forcePKCE,BOOLEAN,, +518,OPToken,oidc.properties,Lifetime of ID token,4.1,idp.oidc.OP,3,,PT1H,idp.oidc.idToken.defaultLifetime,DURATION,, +533,OPToken,oidc.properties,Format of access token. Supported values are JWT or nothing.,4.1,idp.oidc.OP,3.2,,,idp.oauth2.accessToken.type,STRING,, +534,OPToken,oidc.properties,Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token,4.1,idp.oidc.OP,3,,false,idp.oauth2.encryptionOptional,BOOLEAN,, +532,OPToken,oidc.properties,Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.,4.1,idp.oidc.OP,3.2,,false,idp.oauth2.enforceRefreshTokenRotation,BOOLEAN,, +371,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Query timeout for database access,4.1,,,,PT5S,idp.persistentId.queryTimeout,DURATION,, +373,PersistentNameIDGenerationConfiguration,saml-nameid.properties,List of error strings to identify as retryable failures,4.1,,,,"23000,23505",idp.persistentId.retryableErrors,STRING,, +369,PersistentNameIDGenerationConfiguration,saml-nameid.properties,The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64,all,,,,BASE64,idp.persistentId.encoding,STRING,, +370,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services,all,,,,shibboleth.ComputedIdExceptionMap,idp.persistentId.exceptionMap,SPRING_BEAN_ID,, +367,PersistentNameIDGenerationConfiguration,saml-nameid.properties,An encoded form of the persistentId.salt,all,,,,,idp.persistentId.encodedSalt,STRING,, +362,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies a data source for storage-based management of persistent IDs,all,,,Bean ID of a JDBC DataSource,,idp.persistentId.dataSource,SPRING_BEAN_ID,, +361,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies the strategy plugin for sourcing persistent IDs,all,,,Bean ID of a PairwiseIdStore,shibboleth.ComputedPersistentIdGenerator,idp.persistentId.generator,SPRING_BEAN_ID,, +368,PersistentNameIDGenerationConfiguration,saml-nameid.properties,The hash algorithm used when using computed persistent IDs,all,,,,SHA,idp.persistentId.algorithm,STRING,, +366,PersistentNameIDGenerationConfiguration,saml-nameid.properties,A secret salt for the hash when using computed persistent IDs,all,,,,,idp.persistentId.salt,STRING,, +383,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,deactivationDate,idp.persistentId.deactivationTimeColumn,STRING,, +382,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,creationDate,idp.persistentId.createTimeColumn,STRING,, +374,PersistentNameIDGenerationConfiguration,saml-nameid.properties,When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.,4.1,,,,true,idp.persistentId.verifyDatabase,BOOLEAN,, +365,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Whether or not the previous property has access to unreleased attributes,all,,,,true,idp.persistentId.useUnfilteredAttributes,BOOLEAN,, +381,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,peerProvidedId,idp.persistentId.peerProvidedIdColumn,STRING,, +380,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,persistentId,idp.persistentId.persistentIdColumn,STRING,, +379,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,localId,idp.persistentId.sourceIdColumn,STRING,, +378,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,principalName,idp.persistentId.principalNameColumn,STRING,, +377,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,peerEntity,idp.persistentId.peerEntityColumn,STRING,, +376,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,localEntity,idp.persistentId.localEntityColumn,STRING,, +375,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides the name of the table in the database,4.1,,,,shibpid,idp.persistentId.tableName,STRING,, +364,PersistentNameIDGenerationConfiguration,saml-nameid.properties,List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable,all,,,,,idp.persistentId.sourceAttribute,STRING,, +363,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies a strategy plugin to use to generate the first persistent identifier for each subject,all,,,used to migrate from the computed to stored strategies: can be null,shibboleth.ComputedPersistentIdGenerator,idp.persistentId.computed,SPRING_BEAN_ID,, +372,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Number of retries in the event database locking bugs cause retryable failures,4.1,,,,3,idp.persistentId.transactionRetries,INTEGER,, +412,ReloadableServices,services.properties,Time to notice changes to NameIDGenerationConfiguration and reload service,all,,,,0,idp.service.nameidGeneration.checkInterval,DURATION,, +422,ReloadableServices,services.properties,Name of Spring bean identifying Spring message property resources,all,,,,shibboleth.MessageSourceResources,idp.message.resources,SPRING_BEAN_ID,, +419,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for ManagedBeanConfiguration,all,,,,shibboleth.ManagedBeanResources,idp.service.managedBean.resources,SPRING_BEAN_ID,, +417,ReloadableServices,services.properties,Fail at startup if CASServiceRegistry configuration is invalid,all,,,,false,idp.service.cas.registry.failFast,BOOLEAN,, +411,ReloadableServices,services.properties,Fail at startup if NameIDGenerationConfiguration is invalid,all,,,,false,idp.service.nameidGeneration.failFast,BOOLEAN,, +407,ReloadableServices,services.properties,Fail at startup if AttributeFilterConfiguration is invalid,all,,,,false,idp.service.attribute.filter.failFast,BOOLEAN,, +404,ReloadableServices,services.properties,"Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis",all,,,,false,idp.service.attribute.resolver.stripNulls,BOOLEAN,, +401,ReloadableServices,services.properties,Fail at startup if AttributeResolverConfiguration is invalid,all,,,,false,idp.service.attribute.resolver.failFast,BOOLEAN,, +397,ReloadableServices,services.properties,Fail at startup if AttributeRegistryConfiguration is invalid,all,,,,false,idp.service.attribute.registry.failFast,BOOLEAN,, +421,ReloadableServices,services.properties,Time to notice ManagedBeanConfiguration changes and reload service,all,,,,0,idp.service.managedBean.checkInterval,DURATION,, +418,ReloadableServices,services.properties,Time to notice CASServiceRegistry configuration changes and reload service,all,,,,0,idp.service.cas.registry.checkInterval,DURATION,, +415,ReloadableServices,services.properties,Time to notice changes to AccessControlConfiguration and reload service,all,,,,0,idp.service.access.checkInterval,DURATION,, +408,ReloadableServices,services.properties,Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads,all,,,,0,idp.service.attribute.filter.checkInterval,DURATION,, +416,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for CASServiceRegistry configuration,all,,,,shibboleth.CASServiceRegistryResources,idp.service.cas.registry.resources,SPRING_BEAN_ID,, +413,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AccessControlConfiguration,all,,,,shibboleth.AccessControlResource,idp.service.access.resources,SPRING_BEAN_ID,, +410,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for NameIDGenerationConfiguration,all,,,,shibboleth.NameIdentifierGenerationResources,idp.service.nameidGeneration.resources,SPRING_BEAN_ID,, +402,ReloadableServices,services.properties,Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads,all,,,,0,idp.service.attribute.resolver.checkInterval,DURATION,, +406,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeFilterConfiguration,all,,,,shibboleth.AttributeFilterResources,idp.service.attribute.filter.resources,SPRING_BEAN_ID,, +398,ReloadableServices,services.properties,Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads,all,,,,0,idp.service.attribute.registry.checkInterval,DURATION,, +400,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeResolverConfiguration,all,,,,shibboleth.AttributeResolverResources,idp.service.attribute.resolver.resources,SPRING_BEAN_ID,, +396,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeRegistryConfiguration,all,,,,shibboleth.AttributeRegistryResources,idp.service.attribute.registry.resources,SPRING_BEAN_ID,, +392,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for MetadataConfiguration,all,,,,shibboleth.MetadataResolverResources,idp.service.metadata.resources,SPRING_BEAN_ID,, +423,ReloadableServices,services.properties,Seconds between reloads of message property resources,all,,,,300,idp.message.cacheSeconds,INTEGER,, +393,ReloadableServices,services.properties,Fail at startup if MetadataConfiguration is invalid,all,,,,false,idp.service.metadata.failFast,BOOLEAN,, +391,ReloadableServices,services.properties,See MetadataDrivenConfiguration SAML Attribute Name Format Usage,all,,,,false,idp.service.relyingparty.ignoreUnmappedEntityAttributes,BOOLEAN,, +389,ReloadableServices,services.properties,Fail at startup if RelyingPartyConfiguration is invalid,all,,,,false,idp.service.relyingparty.failFast,BOOLEAN,, +388,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for RelyingPartyConfiguration,all,,,,shibboleth.RelyingPartyResolverResources,idp.service.relyingparty.resources,SPRING_BEAN_ID,, +385,ReloadableServices,services.properties,Logging configuration resource to use (the reloadable service ID is shibboleth.LoggingService),all,,,resource path,%{idp.home}/conf/logback.xml,idp.service.logging.resource,STRING,, +390,ReloadableServices,services.properties,Time to notice changes to RelyingPartyConfiguration and reload service. A value of 0 indicates that the relying party configuration never reloads,all,,,,0,idp.service.relyingparty.checkInterval,DURATION,, +387,ReloadableServices,services.properties,Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads,all,,,,0,idp.service.logging.checkInterval,DURATION,, +394,ReloadableServices,services.properties,Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads,all,,,,0,idp.service.metadata.checkInterval,DURATION,, +384,ReloadableServices,services.properties,Set default fail-fast behavior of all services unless overridden by service,all,,,,false,idp.service.failFast,BOOLEAN,, +414,ReloadableServices,services.properties,Fail at startup if AccessControlConfiguration is invalid,all,,,,true,idp.service.access.failFast,BOOLEAN,, +409,ReloadableServices,services.properties,Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event,all,,,,true,idp.service.attribute.filter.maskFailures,BOOLEAN,, +395,ReloadableServices,services.properties,Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost,all,,,,true,idp.service.metadata.enableByReferenceFilters,BOOLEAN,, +386,ReloadableServices,services.properties,Fail at startup if logging configuration is invalid,all,,,,true,idp.service.logging.failFast,BOOLEAN,, +420,ReloadableServices,services.properties,Fail at startup if ManagedBeanConfiguration is invalid,all,,,,false,idp.service.managedBean.failFast,BOOLEAN,, +405,ReloadableServices,services.properties,Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther,4.2,,,,true,idp.service.attribute.resolver.suppressDisplayInfo,BOOLEAN,, +403,ReloadableServices,services.properties,Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event,all,,,,true,idp.service.attribute.resolver.maskFailures,BOOLEAN,, +399,ReloadableServices,services.properties,Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry,all,,,,true,idp.service.attribute.registry.encodeType,BOOLEAN,, +6,RelyingPartyConfiguration,idp.properties,Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped),all,,,,true,idp.artifact.secureChannel,BOOLEAN,, +9,RelyingPartyConfiguration,idp.properties,"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also",4.1,,,,true,idp.bindings.inMetadataOrder,BOOLEAN,, +3,RelyingPartyConfiguration,idp.properties,The unique name of the IdP used as the iisuer in all SAML profiles,all,,,ex. https://unicon.net/idp/shibboleth,,idp.entityID,STRING,, +7,RelyingPartyConfiguration,idp.properties,Identifies the endpoint in SAML metadata associated with artifacts issued by a server node,all,,,,2,idp.artifact.endpointIndex,INTEGER,, +5,RelyingPartyConfiguration,idp.properties,Whether to allow use of the SAML artifact bindings when sending messages,all,,,,true,idp.artifact.enabled,BOOLEAN,, +186,RemoteUserAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.RemoteUser,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.RemoteUser.proxyRestrictionsEnforced,BOOLEAN,, +191,RemoteUserAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.RemoteUser,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUser.reuseCondition,SPRING_BEAN_ID,, +188,RemoteUserAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.discoveryRequired,BOOLEAN,, +183,RemoteUserAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.nonBrowserSupported,BOOLEAN,, +184,RemoteUserAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.passiveAuthenticationSupported,BOOLEAN,, +193,RemoteUserAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.RemoteUser,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUser.activationCondition,SPRING_BEAN_ID,, +195,RemoteUserAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.RemoteUser,,,true,idp.authn.RemoteUser.addDefaultPrincipals,BOOLEAN,, +189,RemoteUserAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.RemoteUser,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.RemoteUser.lifetime,DURATION,, +208,RemoteUserInternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.nonBrowserSupported,BOOLEAN,, +219,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.RemoteUserInternal,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.RemoteUserInternal.supportedPrincipals,STRING,, +210,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.forcedAuthenticationSupported,BOOLEAN,, +204,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of usernames to deny while accepting all others,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.deniedUsernames,STRING,, +209,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.passiveAuthenticationSupported,BOOLEAN,, +203,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of usernames to accept while blocking all others,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.allowedUsernames,STRING,, +202,RemoteUserInternalAuthnConfiguration,authn/authn.properties,A regular expression that must match the username,4.1,idp.authn.RemoteUserInternal,,regex expected,,idp.authn.RemoteUserInternal.matchExpression,STRING,, +198,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of request headers to check for a username,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.checkHeaders,STRING,, +207,RemoteUserInternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.RemoteUserInternal,,,1000,idp.authn.RemoteUserInternal.order,INTEGER,, +211,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.RemoteUserInternal.proxyRestrictionsEnforced,BOOLEAN,, +220,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.addDefaultPrincipals,BOOLEAN,, +199,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to trim leading and trailing whitespace from the username before validating it,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.trim,BOOLEAN,, +201,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to uppercase the username before validating it,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.uppercase,BOOLEAN,, +196,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to check REMOTE_USER for a username,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.checkRemoteUser,BOOLEAN,, +206,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.RemoteUserInternal,,regex expected,,idp.authn.RemoteUserInternal.matchExpression,STRING,, +214,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.RemoteUserInternal.lifetime,DURATION,, +216,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.RemoteUserInternal,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUserInternal.reuseCondition,SPRING_BEAN_ID,, +217,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.RemoteUserInternal,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUserInternal.activationCondition,SPRING_BEAN_ID,, +215,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.RemoteUserInternal.inactivityTimeout,DURATION,, +205,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Spring Web Flow redirection expression for the protected resource,4.1,idp.authn.RemoteUserInternal,,,contextRelative:external.jsp,idp.authn.RemoteUserInternal.externalAuthnPath,STRING,, +213,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.discoveryRequired,BOOLEAN,, +197,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited lists of request attributes to check for a username,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.checkAttributes,STRING,, +212,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.proxyScopingEnforced,BOOLEAN,, +218,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.SAML.activationCondition,SPRING_BEAN_ID,, +338,SAMLAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.SAML.reuseCondition,SPRING_BEAN_ID,, +328,SAMLAuthnConfiguration,authn/authn.properties,Optional bean ID of AssertionValidator to run,4.1,,,,,idp.authn.SAML.assertionValidator,SPRING_BEAN_ID,, +327,SAMLAuthnConfiguration,authn/authn.properties,"Optional bean ID of Function to run at the late stages of Response decoding/processing",4.1,,,,,idp.authn.SAML.inboundMessageHandlerFunction,SPRING_BEAN_ID,, +329,SAMLAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,,,,1000,idp.authn.SAML.order,INTEGER,, +333,SAMLAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.SAML.proxyRestrictionsEnforced,BOOLEAN,, +336,SAMLAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.SAML.lifetime,DURATION,, +340,SAMLAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step",4.1,,,,,idp.authn.SAML.outboundMessageHandlerFunction,SPRING_BEAN_ID,, +325,SAMLAuthnConfiguration,authn/authn.properties,Statically-defined entityID of IdP to use for authentication,4.1,,,,,idp.authn.SAML.proxyEntityID,STRING,, +334,SAMLAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,,,,false,idp.authn.SAML.proxyScopingEnforced,BOOLEAN,, +17,SecurityConfiguration,idp.properties,Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified,all,,,,,idp.cookie.sameSite,SELECTION_LIST,"None,Lax,Strict", +16,SecurityConfiguration,idp.properties,Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days),all,,,,31536000,idp.cookie.maxAge,INTEGER,, +21,SecurityConfiguration,idp.properties,Time between checks for a new AES key version,all,,,,PT15M,idp.sealer.updateInterval,DURATION,, +23,SecurityConfiguration,idp.properties,Keystore resource containing AES encryption key usually a file path,all,,,resource path,,idp.sealer.storeResource,STRING,, +12,SecurityConfiguration,idp.properties,If true all cookies issued by the IdP (not including the container) will be limited to TLS,all,,,,false,idp.cookie.secure,BOOLEAN,, +14,SecurityConfiguration,idp.properties,Overrides the domain of any cookies issued by the IdP (not including the container),all,,,,,idp.cookie.domain,STRING,, +33,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default SecurityConfiguration,all,,,Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration),shibboleth.DefaultSecurityConfiguration,idp.security.config,SPRING_BEAN_ID,, +34,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default SignatureSigningConfiguration,all,,,Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec),shibboleth.SigningConfiguration.SHA256,idp.signing.config,SPRING_BEAN_ID,, +18,SecurityConfiguration,idp.properties,Predicate condition bean controlling whether SameSite filter runs,all,,,Bean ID of Predicate,shibboleth.Conditions.FALSE,idp.cookie.sameSiteCondition,SPRING_BEAN_ID,, +15,SecurityConfiguration,idp.properties,Overrides the path of any cookies issued by the IdP (not including the container),all,,,,,idp.cookie.path,STRING,, +20,SecurityConfiguration,idp.properties,Type of Java keystore used for IdP's internal AES encryption key,all,,,,JCEKS,idp.sealer.storeType,STRING,, +40,SecurityConfiguration,idp.properties,Default freshness window for accepting timestamped messages,all,,,,PT3M,idp.policy.messageLifetime,DURATION,, +41,SecurityConfiguration,idp.properties,Default freshness window for accepting timestamped assertions,all,,,,PT3M,idp.policy.assertionLifetime,DURATION,, +42,SecurityConfiguration,idp.properties,Default allowance for clock differences between systems,all,,,,PT3M,idp.policy.clockSkew,DURATION,, +24,SecurityConfiguration,idp.properties,Resource that tracks the active AES encryption key version usually a file path,all,,,,,idp.sealer.versionResource,STRING,, +27,SecurityConfiguration,idp.properties,Resource containing private key for signing typically a file in the credentials directory,all,,,,,idp.signing.key,STRING,, +22,SecurityConfiguration,idp.properties,Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number),all,,,,secret,idp.sealer.aliasBase,STRING,, +37,SecurityConfiguration,idp.properties,Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration,all,,,,Default,idp.encryption.keyagreement.metadata.defaultUseKeyWrap,STRING,, +38,SecurityConfiguration,idp.properties,Name of Spring bean for the trust engine used to verify signatures,all,,,Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support),shibboleth.ChainingSignatureTrustEngine,idp.trust.signatures,SPRING_BEAN_ID,, +36,SecurityConfiguration,idp.properties,If true failure to locate an encryption key to use won't result in request failure,all,,,,false,idp.encryption.optional,BOOLEAN,, +25,SecurityConfiguration,idp.properties,Keystore password unlocking AES encryption keystore typically set during installation,all,,,,,idp.sealer.storePassword,STRING,, +28,SecurityConfiguration,idp.properties,Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory,all,,,,,idp.signing.cert,STRING,, +31,SecurityConfiguration,idp.properties,Resource containing an alternate private key for decryption generally unused except while changing decryption keys,all,,,,,idp.encryption.key.2,STRING,, +32,SecurityConfiguration,idp.properties,Resource containing an alternate public key certificate generally unused except while changing decryption keys,all,,,,,idp.encryption.cert.2,STRING,, +30,SecurityConfiguration,idp.properties,Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory,all,,,resource path,,idp.encryption.cert,STRING,, +29,SecurityConfiguration,idp.properties,Resource containing a private key for decryption typically a file in the credentials directory,all,,,resource path,,idp.encryption.key,STRING,, +26,SecurityConfiguration,idp.properties,Key password unlocking AES encryption key typically set to the same as the previous property and set during installation,all,,,,,idp.sealer.keyPassword,STRING,, +19,SecurityConfiguration,idp.properties,Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.,all,,,Bean ID of DataSealerKeyStrategy,shibboleth.DataSealerKeyStrategy,idp.sealer.keyStrategy,SPRING_BEAN_ID,, +44,SecurityConfiguration,idp.properties,Overrides the X509KeyInfoGeneratorFactory used by default,4.1,,,Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager),shibboleth.X509KeyInfoGeneratorFactory,idp.security.x509KeyInfoFactory,SPRING_BEAN_ID,, +35,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default EncryptionConfiguration,all,,,Bean ID of EncryptionConfiguration (org.opensaml.xmlsec),shibboleth.EncryptionConfiguration.CBC,idp.encryption.config,SPRING_BEAN_ID,, +43,SecurityConfiguration,idp.properties,Overrides the BasicKeyInfoGeneratorFactory used by default,4.1,,,Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager),shibboleth.BasicKeyInfoGeneratorFactory,idp.security.basicKeyInfoFactory,SPRING_BEAN_ID,, +39,SecurityConfiguration,idp.properties,Name of Spring bean for the trust engine used to verify TLS certificates,all,,,Bean ID of TrustEngine (org.opensaml.security.trust),shibboleth.ChainingX509TrustEngine,idp.trust.certificates,SPRING_BEAN_ID,, +13,SecurityConfiguration,idp.properties,If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property,all,,,,true,idp.cookie.httpOnly,BOOLEAN,, +65,SessionConfiguration,idp.properties,Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions),4.2,,,,shib_idp_session,idp.session.cookieName,STRING,, +67,SessionConfiguration,idp.properties,Whether to bind IdP sessions to IP addresses,all,,,,true,idp.session.consistentAddress,BOOLEAN,, +63,SessionConfiguration,idp.properties,Whether to enable the IdP's session tracking feature,all,,,,true,idp.session.enabled,BOOLEAN,, +74,SessionConfiguration,idp.properties,"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting",all,,,,PT2H,idp.session.defaultSPlifetime,DURATION,, +71,SessionConfiguration,idp.properties,Whether to hide storage failures from users during session cache reads/writes,all,,,,false,idp.session.maskStorageFailure,BOOLEAN,, +66,SessionConfiguration,idp.properties,Number of characters in IdP session identifiers,all,,,,32,idp.session.idSize,INTEGER,, +69,SessionConfiguration,idp.properties,Inactivity timeout policy for IdP sessions (must be non-zero),all,,,,PT60M,idp.session.timeout,DURATION,, +70,SessionConfiguration,idp.properties,Extra time after expiration before removing SP sessions in case a logout is invoked,all,,,,0,idp.session.slop,DURATION,, +64,SessionConfiguration,idp.properties,Bean name of a storage implementation/configuration to use for IdP sessions,all,,,Bean ID of StorageService (org.opensaml.storage),shibboleth.ClientSessionStorageService,idp.session.StorageService,SPRING_BEAN_ID,, +73,SessionConfiguration,idp.properties,"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)",all,,,,false,idp.session.secondaryServiceIndex,BOOLEAN,, +72,SessionConfiguration,idp.properties,Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage),all,,,,false,idp.session.trackSPSessions,BOOLEAN,, +68,SessionConfiguration,idp.properties,A 2-argument predicate that compares a bound session's address to a client address,all,,,"BiPredicate",Direct string comparison,idp.session.consistentAddressCondition,STRING,, +485,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.simple.uppercase,BOOLEAN,, +486,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.simple.trim,BOOLEAN,, +484,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.simple.lowercase,BOOLEAN,, +222,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to always try to run SPNEGO independent of the user's auto-login setting,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.enforceRun,BOOLEAN,, +221,SPNEGOAuthnConfiguration,authn/authn.properties,Servlet-relative path to the SPNEGO external authentication implementation,4.1,idp.authn.SPNEGO,,URL path,/Authn/SPNEGO,idp.authn.SPNEGO.externalAuthnPath,STRING,, +224,SPNEGOAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.SPNEGO,,regex expected,,idp.authn.SPNEGO.matchExpression,STRING,, +238,SPNEGOAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.SPNEGO,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, saml1/urn:ietf:rfc:1510",idp.authn.SPNEGO.supportedPrincipals,STRING,, +230,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.SPNEGO,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.SPNEGO.proxyRestrictionsEnforced,BOOLEAN,, +225,SPNEGOAuthnConfiguration,authn/authn.properties,Name of cookie used to track auto-login state of client,4.2,idp.authn.SPNEGO,,,_idp_spnego_autologin,idp.authn.SPNEGO.cookieName,STRING,, +226,SPNEGOAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.SPNEGO,,,1000,idp.authn.SPNEGO.order,INTEGER,, +237,SPNEGOAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.SPNEGO,,,shibboleth.Conditions.TRUE,idp.authn.SPNEGO.reuseCondition,SPRING_BEAN_ID,, +236,SPNEGOAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.SPNEGO,,,shibboleth.Conditions.TRUE,idp.authn.SPNEGO.activationCondition,SPRING_BEAN_ID,, +234,SPNEGOAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.SPNEGO,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.SPNEGO.inactivityTimeout,DURATION,, +239,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.SPNEGO,,,true,idp.authn.SPNEGO.addDefaultPrincipals,BOOLEAN,, +233,SPNEGOAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.SPNEGO,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.SPNEGO.lifetime,DURATION,, +223,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.refreshKrbConfig,BOOLEAN,, +227,SPNEGOAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.nonBrowserSupported,BOOLEAN,, +228,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.passiveAuthenticationSupported,BOOLEAN,, +229,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.forcedAuthenticationSupported,BOOLEAN,, +231,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.proxyScopingEnforced,BOOLEAN,, +232,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.discoveryRequired,BOOLEAN,, +430,Status,admin/admin.properties,?,4.1,,,,,idp.status.postAuthenticationFlows,STRING,, +428,Status,admin/admin.properties,?,4.1,,,,,idp.status.defaultAuthenticationMethods,STRING,, +426,Status,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.status.authenticated,BOOLEAN,, +425,Status,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.status.accessPolicy,STRING,, +429,Status,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.status.resolveAttributes,BOOLEAN,, +427,Status,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.status.nonBrowserSupported,BOOLEAN,, +424,Status,admin/admin.properties,Audit log identifier for flow,4.1,,,,Status,idp.status.logging,STRING,, +57,StorageConfiguration,idp.properties,Interval of background thread sweeping server-side storage for expired records,all,,,,PT10M,idp.storage.cleanupInterval,DURATION,, +8,StorageConfiguration,idp.properties,Storage back-end to use for short-lived SAML Artifact mappings (must be server-side),all,,,Bean ID of a StorageService (org.opensaml.storage),shibboleth.StorageService,idp.artifact.StorageService,SPRING_BEAN_ID,, +60,StorageConfiguration,idp.properties,Name of cookie or HTML storage key used by the default persistent instance of the client storage service,all,,,,shib_idp_persistent_ss,idp.storage.clientPersistentStorageName,STRING,, +61,StorageConfiguration,idp.properties,Storage back-end to use for message replay checking (must be server-side),all,,,Bean ID of a StorageService (org.opensaml.storage),shibboleth.StorageService,idp.replayCache.StorageService,SPRING_BEAN_ID,, +58,StorageConfiguration,idp.properties,Whether to use HTML Local Storage (if available) instead of cookies,all,,,,false,idp.storage.htmlLocalStorage,BOOLEAN,, +59,StorageConfiguration,idp.properties,Name of cookie or HTML storage key used by the default per-session instance of the client storage service,all,,,,shib_idp_session_ss,idp.storage.clientSessionStorageName,STRING,, +62,StorageConfiguration,idp.properties,Whether storage errors during replay checks should be treated as a replay,all,,,,true,idp.replayCache.strict,BOOLEAN,, +622,TOTP,authn/authn.properties,Name of HTML form field to use for locating browser-submitted token codes,4.1,idp.authn.TOTP,1,,tokencode,idp.authn.TOTP.fieldName,STRING,, +627,TOTP,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.TOTP,1,,true,idp.authn.TOTP.forcedAuthenticationSupported,BOOLEAN,, +636,TOTP,authn/authn.properties,Comma-delimited list of protocol-specific Principalstrings associated with flow,4.1,idp.authn.TOTP,1,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken",idp.authn.TOTP.supportedPrincipals,STRING,, +623,TOTP,authn/authn.properties,Name of IdPAttribute to resolve to obtain token seeds for users,4.1,idp.authn.TOTP,1,,tokenSeeds,idp.authn.TOTP.tokenSeedAttribute,STRING,, +621,TOTP,authn/authn.properties,Name of request header to use for extracting non-browser submitted token codes,4.1,idp.authn.TOTP,1,,X-Shibboleth-TOTP,idp.authn.TOTP.headerName,STRING,, +624,TOTP,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.TOTP,1,,1000,idp.authn.TOTP.order,INTEGER,, +626,TOTP,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.passiveAuthenticationSupported,BOOLEAN,, +625,TOTP,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.nonBrowserSupported,BOOLEAN,, +628,TOTP,authn/authn.properties,Whether the flow enforces upstream IdP-imposed restrictions on proxying,4.1,idp.authn.TOTP,1,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.TOTP.proxyRestrictionsEnforced,BOOLEAN,, +634,TOTP,authn/authn.properties,Bean ID ofPredicate determining whether flow is usable for request,4.1,idp.authn.TOTP,1,,shibboleth.Conditions.TRUE,idp.authn.TOTP.activationCondition,SPRING_BEAN_ID,, +632,TOTP,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.TOTP,1,,%{idp.authn.defaultTimeout:PT30M},idp.authn.TOTP.inactivityTimeout,DURATION,, +631,TOTP,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.TOTP,1,,%{idp.authn.defaultLifetime:PT1H},idp.authn.TOTP.lifetime,DURATION,, +633,TOTP,authn/authn.properties,Bean ID ofPredicate controlling result reuse for SSO,4.1,idp.authn.TOTP,1,,shibboleth.Conditions.TRUE,idp.authn.TOTP.reuseCondition,SPRING_BEAN_ID,, +635,TOTP,authn/authn.properties,"Bean ID ofBiConsumer for subject customization",4.1,idp.authn.TOTP,1,,,idp.authn.TOTP.subjectDecorator,SPRING_BEAN_ID,, +629,TOTP,authn/authn.properties,Whether the flow considers itself to be proxying,4.1,idp.authn.TOTP,1,and therefore enforces SP-signaled restrictions on proxying,false,idp.authn.TOTP.proxyScopingEnforced,BOOLEAN,, +630,TOTP,authn/authn.properties,Whether to invoke IdP-discovery prior to running flow,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.discoveryRequired,BOOLEAN,, +637,TOTP,authn/authn.properties,Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.addDefaultPrincipals,BOOLEAN,, +496,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.x500.trim,BOOLEAN,, +498,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attribute OIDs to search for in the subject DN,4.1,,,Comma seperated list of integer values,"2,5,4,3",idp.c14n.x500.objectIDs,STRING,, +495,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.x500.uppercase,BOOLEAN,, +494,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.x500.lowercase,BOOLEAN,, +497,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of subjectAltName extension types to look for,4.1,,,Comma seperated list of integer values,,idp.c14n.x500.subjectAltNameTypes,STRING,, +241,X509AuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.X509,,,1000,idp.authn.X509.order,INTEGER,, +245,X509AuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.X509,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.X509.proxyRestrictionsEnforced,BOOLEAN,, +252,X509AuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.X509,,,shibboleth.Conditions.TRUE,idp.authn.X509.activationCondition,SPRING_BEAN_ID,, +250,X509AuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.X509,,,shibboleth.Conditions.TRUE,idp.authn.X509.reuseCondition,SPRING_BEAN_ID,, +253,X509AuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.X509,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246",idp.authn.X509.supportedPrincipals,STRING,, +247,X509AuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.X509,,,false,idp.authn.X509.discoveryRequired,BOOLEAN,, +246,X509AuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.X509,,,false,idp.authn.X509.proxyScopingEnforced,BOOLEAN,, +254,X509AuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.X509,,,true,idp.authn.X509.addDefaultPrincipals,BOOLEAN,, +244,X509AuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.X509,,,false,idp.authn.X509.forcedAuthenticationSupported,BOOLEAN,, +243,X509AuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.X509,,,false,idp.authn.X509.passiveAuthenticationSupported,BOOLEAN,, +261,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,,,,false,idp.authn.X509Internal.proxyScopingEnforced,BOOLEAN,, +259,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,,,,false,idp.authn.X509Internal.forcedAuthenticationSupported,BOOLEAN,, +258,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,,,,false,idp.authn.X509Internal.passiveAuthenticationSupported,BOOLEAN,, +257,X509InternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,,,,false,idp.authn.X509Internal.nonBrowserSupported,BOOLEAN,, +255,X509InternalAuthnConfiguration,authn/authn.properties,Whether to save the certificate into the Subject's public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.,4.1,,,,true,idp.authn.X509Internal.saveCertificateToCredentialSet,BOOLEAN,, +269,X509InternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,,,,true,idp.authn.X509Internal.addDefaultPrincipals,BOOLEAN,, +260,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.X509Internal.proxyRestrictionsEnforced,BOOLEAN,, +256,X509InternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,,,,1000,idp.authn.X509Internal.order,INTEGER,, +264,X509InternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.X509Internal.inactivityTimeout,DURATION,, +267,X509InternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.X509Internal.activationCondition,SPRING_BEAN_ID,, +265,X509InternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.X509Internal.reuseCondition,SPRING_BEAN_ID,, +262,X509InternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,,,,false,idp.authn.X509Internal.discoveryRequired,BOOLEAN,, \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/TestConfiguration.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/TestConfiguration.groovy index f46eb33d8..1a044baf2 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/TestConfiguration.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/TestConfiguration.groovy @@ -61,7 +61,6 @@ class TestConfiguration { @Bean CustomEntityAttributesDefinitionServiceImpl customEntityAttributesDefinitionServiceImpl() { new CustomEntityAttributesDefinitionServiceImpl().with { - it.entityManager = entityManager it.repository = repository return it } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleControllerTests.groovy index 00e624b7e..567639f36 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleControllerTests.groovy @@ -1,10 +1,10 @@ package edu.internet2.tier.shibboleth.admin.ui.controller -import com.fasterxml.jackson.databind.MapperFeature + import com.fasterxml.jackson.databind.ObjectMapper import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration import edu.internet2.tier.shibboleth.admin.ui.domain.AttributeBundle -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException import edu.internet2.tier.shibboleth.admin.ui.repository.AttributeBundleRepository import edu.internet2.tier.shibboleth.admin.ui.service.AttributeBundleService @@ -148,7 +148,7 @@ class AttributeBundleControllerTests extends Specification { mockMvc.perform(delete("/api/custom/entity/bundles/randomIDValdoesntexist")) false } catch (NestedServletException expected) { - expected instanceof EntityNotFoundException + expected instanceof PersistentEntityNotFound } when: "Delete what does exist" @@ -180,7 +180,7 @@ class AttributeBundleControllerTests extends Specification { mockMvc.perform(put('/api/custom/entity/bundles').contentType(APPLICATION_JSON).content(objectMapper.writeValueAsString(bundle))) false } catch (NestedServletException expected) { - expected.getCause() instanceof EntityNotFoundException + expected.getCause() instanceof PersistentEntityNotFound } when: "update bundle" diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy index 35bd77ea2..3ffbe12e0 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy @@ -5,7 +5,7 @@ import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.AssertionConsumerServiceRepresentation import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException @@ -376,7 +376,7 @@ class EntityDescriptorControllerTests extends AbstractBaseDataJpaTest { mockMvc.perform(get("/api/EntityDescriptor/uuid-1")) } catch (Exception e) { - e instanceof EntityNotFoundException + e instanceof PersistentEntityNotFound } } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy index 2820533e9..6b54c7a0d 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy @@ -8,7 +8,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotF import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects @@ -107,7 +107,7 @@ class MetadataFiltersControllerTests extends AbstractBaseDataJpaTest { } @Override - MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException { + MetadataResolver findByResourceId(String resourceId) throws PersistentEntityNotFound { // This won't get called return null } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy new file mode 100644 index 000000000..8545362c4 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy @@ -0,0 +1,266 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller + +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService +import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.test.web.servlet.setup.MockMvcBuilders +import org.springframework.web.client.RestTemplate +import spock.lang.Subject + +import javax.persistence.EntityManager +import javax.transaction.Transactional + +import static org.springframework.http.MediaType.APPLICATION_JSON +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status + +class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { + @Subject + def controller + + @Autowired + ObjectMapper mapper + + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository propertySetRepo + + @Autowired + ShibPropertySettingRepository propertySettingRepo + + @Autowired + ShibConfigurationService shibConfigurationService + + def defaultSetResourceId + def mockRestTemplate = Mock(RestTemplate) + def mockMvc + + @Transactional + def setup() { + controller = new ShibPropertiesController() + controller.service = shibConfigurationService + mockMvc = MockMvcBuilders.standaloneSetup(controller).build() + + ShibPropertySetting prop1 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar' + it.displayType = 'string' + + it + } + ShibPropertySetting prop1Saved = propertySettingRepo.save(prop1) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo2' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar2' + it.displayType = 'string' + + it + } + ShibPropertySetting prop2Saved = propertySettingRepo.save(prop2) + entityManager.flush() + entityManager.clear() + + ArrayList values = new ArrayList<>() + values.add(prop1Saved) + values.add(prop2Saved) + def set = new ShibPropertySet() + set.setName("set1") + set.setProperties(values) + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + defaultSetResourceId = savedSet.resourceId + } + + @WithMockAdmin + def "DELETE /api/shib/property/set"() { + given: + def long setCount = propertySetRepo.count() + def long propsCount = propertySettingRepo.count() + + expect: + setCount == 1 + propsCount == 2 + + try { + mockMvc.perform(delete("/api/shib/property/set/010")) + } + catch (Exception e) { + e instanceof PersistentEntityNotFound + } + + when: + def result = mockMvc.perform(delete("/api/shib/property/set/" + defaultSetResourceId)) + + then: + result.andExpect(status().isNoContent()) + propertySetRepo.count() == 0 + propertySettingRepo.count() == 0 + + + } + + @WithMockAdmin + def 'GET /api/shib/property/set/{resourceId} non-existent'() { + expect: + try { + mockMvc.perform(get("/api/shib/property/set/0101")) + } + catch (Exception e) { + e instanceof PersistentEntityNotFound + } + } + + @WithMockAdmin + def "POST /api/shib/property/set - existing set"() { + given: + def jsonBody = mapper.writeValueAsString(propertySetRepo.findByResourceId(defaultSetResourceId)) + + expect: + try { + mockMvc.perform(post('/api/shib/property/set').contentType(APPLICATION_JSON).content(jsonBody)) + } + catch (Exception e) { + e instanceof ObjectIdExistsException + } + } + + @WithMockAdmin + def "POST /api/shib/property/set - new set"() { + when: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + it.displayType = 'boolean' + + it + } + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'food2.for2.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + it.displayType = 'boolean' + + it + } + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.name = 'somerandom' + + it + } + + def jsonBody = mapper.writeValueAsString(set) + def result = mockMvc.perform(post('/api/shib/property/set').contentType(APPLICATION_JSON).content(jsonBody)) + + then: + result.andExpect(status().isCreated()).andExpect(jsonPath("\$.name").value("somerandom")) + def createdSet = propertySetRepo.findByName("somerandom") + createdSet.getProperties().size() == 2 + } + + @WithMockAdmin + def "PUT /api/shib/property/set update set that doesn't exist"() { + when: + ShibPropertySet set = propertySetRepo.findByResourceId(defaultSetResourceId) + set.resourceId = 1234 + def jsonBody = mapper.writeValueAsString(set) + + then: + try { + mockMvc.perform(put('/api/shib/property/set/1234').contentType(APPLICATION_JSON).content(jsonBody)) + } + catch (Exception e) { + e instanceof PersistentEntityNotFound + } + } + + @WithMockAdmin + def "PUT /api/shib/property/set update set"() { + when: + ShibPropertySet set = propertySetRepo.findByResourceId(defaultSetResourceId) + set.name = "newName" + def jsonBody = mapper.writeValueAsString(set) + def url = "/api/shib/property/set/{resourceId}" + def result = mockMvc.perform(put(url, defaultSetResourceId).contentType(APPLICATION_JSON).content(jsonBody)) + + then: + result.andExpect(status().isOk()).andExpect(jsonPath("\$.name").value("newName")) + propertySetRepo.findByResourceId(defaultSetResourceId).name.equals("newName") + } + + @WithMockAdmin + def "Validate that JSON data is correct for UI"() { + given: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'asBoolean' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + it.displayType = 'boolean' + + it + } + propertySettingRepo.save(prop) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'asNumber' + it.configFile = 'defaults.properties' + it.propertyValue = '33' + it.displayType = 'number' + + it + } + propertySettingRepo.save(prop2) + ShibPropertySetting prop3 = new ShibPropertySetting().with { it -> + it.propertyName = 'anythingElse' + it.configFile = 'defaults.properties' + it.propertyValue = '33' + it.displayType = 'string' + + it + } + propertySettingRepo.save(prop3) + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.properties.add(prop3) + it.name = 'somerandom' + + it + } + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + when: + def result = mockMvc.perform(get("/api/shib/property/set/" + savedSet.getResourceId())) + System.println(result.andReturn().getResponse().getContentAsString()) + then: + result.andExpect(status().isOk()) + .andExpect(jsonPath("\$.resourceId").value(savedSet.getResourceId())) + .andExpect(jsonPath("\$.properties[0].propertyName").value("asBoolean")) + .andExpect(jsonPath("\$.properties[0].propertyValue").value(Boolean.TRUE)) + .andExpect(jsonPath("\$.properties[1].propertyName").value("asNumber")) + .andExpect(jsonPath("\$.properties[1].propertyValue").value(33)) + .andExpect(jsonPath("\$.properties[2].propertyName").value("anythingElse")) + .andExpect(jsonPath("\$.properties[2].propertyValue").value("33")) + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy index 1635ed35f..1615a81ee 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy @@ -122,10 +122,9 @@ class EntityDescriptorRepositoryTest extends AbstractBaseDataJpaTest { @Bean CustomEntityAttributesDefinitionServiceImpl customEntityAttributesDefinitionServiceImpl(EntityManager entityManager, CustomEntityAttributeDefinitionRepository customEntityAttributeDefinitionRepository) { new CustomEntityAttributesDefinitionServiceImpl().with { - it.entityManager = entityManager it.repository = customEntityAttributeDefinitionRepository return it } } } -} +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy new file mode 100644 index 000000000..edcf106d9 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy @@ -0,0 +1,64 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository + +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import org.springframework.beans.factory.annotation.Autowired + +import javax.persistence.EntityManager + +/** + * Tests to validate the repo and model for ShibPropertySetRepository + * Because of how JPA works, these are pretty basic and we put "real use" tests/logic + * into the service that manages the sets + * + * @author chasegawa + */ +class ShibPropertySetRepositoryTests extends AbstractBaseDataJpaTest { + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository repo + + def "basic CRUD operations validated"() { + given: + // No properties, just a blank set + def set = new ShibPropertySet(); + set.setName("set1") + + // Confirm empty db state + when: + def allSets = repo.findAll() + + then: + allSets.size() == 0 + + // save check + when: + def savedSet = repo.save(set) + entityManager.flush() + entityManager.clear() + + then: + def allSets2 = repo.findAll() + allSets2.size() == 1 + + // fetch checks + def fetchedSet = repo.findByResourceId(savedSet.resourceId) + savedSet.equals(fetchedSet) + + def fetchedByName = repo.findByName(savedSet.name) + savedSet.equals(fetchedByName) + + // delete check + when: + repo.delete(set) + entityManager.flush() + entityManager.clear() + def noSets = repo.findAll() + + then: + noSets.size() == 0 + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy index c4a76e832..bb4613f6b 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy @@ -1,14 +1,13 @@ package edu.internet2.tier.shibboleth.admin.ui.security.controller import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException import edu.internet2.tier.shibboleth.admin.ui.security.model.Group import edu.internet2.tier.shibboleth.admin.ui.security.model.Role import edu.internet2.tier.shibboleth.admin.ui.security.model.User import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository -import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin import groovy.json.JsonOutput import org.springframework.beans.factory.annotation.Autowired @@ -117,7 +116,7 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest { .accept(MediaType.APPLICATION_JSON)) false } catch (Throwable expected) { - expected instanceof EntityNotFoundException + expected instanceof PersistentEntityNotFound } } @@ -158,7 +157,7 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest { mockMvc.perform(get("$RESOURCE_URI/CCC")) false } catch (Throwable expected) { - expected instanceof EntityNotFoundException + expected instanceof PersistentEntityNotFound } } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy new file mode 100644 index 000000000..4454ef8ca --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy @@ -0,0 +1,165 @@ +package edu.internet2.tier.shibboleth.admin.ui.service + +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository +import org.springframework.beans.factory.annotation.Autowired + +import javax.persistence.EntityManager +import javax.transaction.Transactional + +class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository propertySetRepo + + @Autowired + ShibPropertySettingRepository propertySettingRepo + + @Autowired + ShibConfigurationService service + + def defaultSetResourceId + + /** + * We use the object mapper to transform to json and then back to new objects so that what we send to the service is never + * the actual hibernate entity from the db, but an unattached copy (ie what the service would be getting as input in reality) + */ + ObjectMapper objectMapper = new ObjectMapper() + + @Transactional + def setup() { + ShibPropertySetting prop1 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar' + it.displayType = 'string' + + it + } + ShibPropertySetting prop1Saved = propertySettingRepo.save(prop1) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo2' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar2' + it.displayType = 'string' + + it + } + ShibPropertySetting prop2Saved = propertySettingRepo.save(prop2) + entityManager.flush() + entityManager.clear() + + ArrayList values = new ArrayList<>() + values.add(prop1Saved) + values.add(prop2Saved) + def set = new ShibPropertySet() + set.setName("set1") + set.setProperties(values) + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + defaultSetResourceId = savedSet.resourceId + } + + def "check delete"() { + given: + long setCount = propertySetRepo.count() + long propsCount = propertySettingRepo.count() + + expect: + setCount == 1 + propsCount == 2 + + when: + service.delete(defaultSetResourceId) + + then: + propertySetRepo.count() == 0 + propertySettingRepo.count() == 0 + } + + def "create new using the service"() { + when: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'food2.for2.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.name = 'somerandom' + + it + } + service.create(set) + ShibPropertySet dbSet = propertySetRepo.findByName("somerandom") + + then: + dbSet.properties.size() == 2 + } + + def "update using the service (add and delete properties)"() { + when: + def defaultSet = propertySetRepo.findByResourceId(defaultSetResourceId) + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + it.displayType = 'boolean' + + it + } + + defaultSet.properties.add(prop) + // create a copy of the set so they can't possibly be real db entities + def copySet = objectMapper.readValue(objectMapper.writeValueAsString(defaultSet), ShibPropertySet.class) + service.update(copySet) + def updatedSet = propertySetRepo.findByResourceId(defaultSetResourceId) + + then: + updatedSet.properties.size() == 3 + + when: + updatedSet.properties.remove(0) + service.update(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) + def updatedSet2 = propertySetRepo.findByResourceId(defaultSetResourceId) + + then: + updatedSet2.properties.size() == 2 + } + + def "fetch with the service"() { + when: + def sets = service.getAllPropertySets() + + then: + sets.size() == 1 + def set = sets.get(0) + set.getName().equals("set1") + + when: + def theSet = service.getSet(Integer.parseInt(set.getResourceId())) + + then: + theSet.getName().equals("set1") + theSet.getProperties().size() == 2 + } + +} \ No newline at end of file diff --git a/ui/package-lock.json b/ui/package-lock.json index 0cc5f3665..2083b22a0 100644 --- a/ui/package-lock.json +++ b/ui/package-lock.json @@ -25,7 +25,7 @@ "react-bootstrap": "^2.3.0", "react-bootstrap-typeahead": "^5.1.4", "react-dom": "^18.0.0", - "react-hook-form": "^7.30.0", + "react-hook-form": "^7.34.0", "react-infinite-scroll-component": "^6.1.0", "react-router": "^5.1.0", "react-router-dom": "^5.1.0", @@ -13536,9 +13536,9 @@ "dev": true }, "node_modules/react-hook-form": { - "version": "7.30.0", - "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.30.0.tgz", - "integrity": "sha512-DzjiM6o2vtDGNMB9I4yCqW8J21P314SboNG1O0obROkbg7KVS0I7bMtwSdKyapnCPjHgnxc3L7E5PEdISeEUcQ==", + "version": "7.34.2", + "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.34.2.tgz", + "integrity": "sha512-1lYWbEqr0GW7HHUjMScXMidGvV0BE2RJV3ap2BL7G0EJirkqpccTaawbsvBO8GZaB3JjCeFBEbnEWI1P8ZoLRQ==", "engines": { "node": ">=12.22.0" }, @@ -26712,9 +26712,9 @@ "dev": true }, "react-hook-form": { - "version": "7.30.0", - "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.30.0.tgz", - "integrity": "sha512-DzjiM6o2vtDGNMB9I4yCqW8J21P314SboNG1O0obROkbg7KVS0I7bMtwSdKyapnCPjHgnxc3L7E5PEdISeEUcQ==", + "version": "7.34.2", + "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.34.2.tgz", + "integrity": "sha512-1lYWbEqr0GW7HHUjMScXMidGvV0BE2RJV3ap2BL7G0EJirkqpccTaawbsvBO8GZaB3JjCeFBEbnEWI1P8ZoLRQ==", "requires": {} }, "react-infinite-scroll-component": { diff --git a/ui/package.json b/ui/package.json index 25cc8cd8a..b32a48b1d 100644 --- a/ui/package.json +++ b/ui/package.json @@ -21,7 +21,7 @@ "react-bootstrap": "^2.3.0", "react-bootstrap-typeahead": "^5.1.4", "react-dom": "^18.0.0", - "react-hook-form": "^7.30.0", + "react-hook-form": "^7.34.0", "react-infinite-scroll-component": "^6.1.0", "react-router": "^5.1.0", "react-router-dom": "^5.1.0", diff --git a/ui/public/assets/data/configuration.json b/ui/public/assets/data/configuration.json new file mode 100644 index 000000000..82e86dd4d --- /dev/null +++ b/ui/public/assets/data/configuration.json @@ -0,0 +1,29 @@ +{ + "resourceId": 11, + "name": "setname1", + "properties": [ + { + "resourceId":"577", + "category":"OPSubClaim", + "configFile":"oidc.properties", + "description":"The source attribute used in generating the sub claim", + "idpVersion":"4.1", + "module":"idp.oidc.OP", + "moduleVersion":"3", + "propertyName":"idp.oidc.subject.sourceAttribute", + "displayType":"string", + "propertyValue": "foo" + }, + { + "resourceId": "393", + "category": "ReloadableServices", + "configFile": "services.properties", + "defaultValue": "false", + "description": "Fail at startup if MetadataConfiguration is invalid", + "idpVersion": "all", + "propertyName": "idp.service.metadata.failFast", + "displayType": "boolean", + "propertyValue": "true" + } + ] +} diff --git a/ui/public/assets/data/configurations.json b/ui/public/assets/data/configurations.json new file mode 100644 index 000000000..82d601b1e --- /dev/null +++ b/ui/public/assets/data/configurations.json @@ -0,0 +1,6 @@ +[ + { + "resourceId": "foo", + "name": "Configuration 1" + } +] \ No newline at end of file diff --git a/ui/public/assets/schema/configuration/configuration.json b/ui/public/assets/schema/configuration/configuration.json new file mode 100644 index 000000000..6694bcf25 --- /dev/null +++ b/ui/public/assets/schema/configuration/configuration.json @@ -0,0 +1,37 @@ +{ + "type": "object", + "properties": { + "properties": { + "title": "label.configuration-properties", + "description": "label.configuration-properties", + "type": "array", + "required": ["property", "value"], + "items": { + "type": "object", + "properties": { + "property": { + "title": "label.property-key", + "description": "tooltip.property-key", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "description": { + "title": "label.property-descr", + "description": "tooltip.property-descr", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "value": { + "title": "label.property-value", + "description": "tooltip.property-value", + "type": "string", + "minLength": 1, + "maxLength": 255 + } + } + } + } + } +} diff --git a/ui/public/data/properties.json b/ui/public/data/properties.json new file mode 100644 index 000000000..dea2860f5 --- /dev/null +++ b/ui/public/data/properties.json @@ -0,0 +1,7874 @@ +[ + { + "property_name": "idp.searchForProperties", + "property_type": "bool", + "property_default_value": true, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Auto-load all files matching conf/**/*.properties", + "note": "" + }, + { + "property_name": "idp.additionalProperties", + "property_type": "Comma-delimited paths", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.", + "note": "ex. /conf/ldap.properties, /conf/services.properties" + }, + { + "property_name": "idp.entityID", + "property_type": "URI", + "property_default_value": "none", + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The unique name of the IdP used as the iisuer in all SAML profiles", + "note": "ex. https://unicon.net/idp/shibboleth" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "resource path", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.artifact.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to allow use of the SAML artifact bindings when sending messages", + "note": "" + }, + { + "property_name": "idp.artifact.secureChannel", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)", + "note": "" + }, + { + "property_name": "idp.artifact.endpointIndex", + "property_type": "int", + "property_default_value": 2, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the endpoint in SAML metadata associated with artifacts issued by a server node", + "note": "" + }, + { + "property_name": "idp.artifact.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)", + "note": "" + }, + { + "property_name": "idp.bindings.inMetadataOrder", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout.", + "note": "" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "file pathname", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.scope", + "property_type": "string", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "applies a (fixed) scope typically a domain-valued suffix to an input attribute's values", + "note": "" + }, + { + "property_name": "idp.cookie.secure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will be limited to TLS", + "note": "" + }, + { + "property_name": "idp.cookie.httpOnly", + "property_type": "bool", + "property_default_value": true, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property", + "note": "" + }, + { + "property_name": "idp.cookie.domain", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the domain of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.path", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the path of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.maxAge", + "property_type": "int", + "property_default_value": 31536000, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)", + "note": "" + }, + { + "property_name": "idp.cookie.sameSite", + "property_type": "Null/None/Lax/Strict", + "property_default_value": "None", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified", + "note": "" + }, + { + "property_name": "idp.cookie.sameSiteCondition", + "property_type": "Bean ID of Predicate", + "property_default_value": "shibboleth.Conditions.FALSE", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Predicate condition bean controlling whether SameSite filter runs", + "note": "" + }, + { + "property_name": "idp.sealer.keyStrategy", + "property_type": "Bean ID of DataSealerKeyStrategy", + "property_default_value": "shibboleth.DataSealerKeyStrategy", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.", + "note": "" + }, + { + "property_name": "idp.sealer.storeType", + "property_type": "string", + "property_default_value": "JCEKS", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Type of Java keystore used for IdP's internal AES encryption key", + "note": "" + }, + { + "property_name": "idp.sealer.updateInterval", + "property_type": "duration", + "property_default_value": "PT15M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time between checks for a new AES key version", + "note": "" + }, + { + "property_name": "idp.sealer.aliasBase", + "property_type": "string", + "property_default_value": "secret", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)", + "note": "" + }, + { + "property_name": "idp.sealer.storeResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore resource containing AES encryption key usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.versionResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource that tracks the active AES encryption key version usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.storePassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore password unlocking AES encryption keystore typically set during installation", + "note": "" + }, + { + "property_name": "idp.sealer.keyPassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Key password unlocking AES encryption key typically set to the same as the previous property and set during installation", + "note": "" + }, + { + "property_name": "idp.signing.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing private key for signing typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.signing.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a private key for decryption typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate private key for decryption generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.encryption.cert.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate public key certificate generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.security.config", + "property_type": "Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)", + "property_default_value": "shibboleth.DefaultSecurityConfiguration", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SecurityConfiguration", + "note": "" + }, + { + "property_name": "idp.signing.config", + "property_type": "Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.SigningConfiguration.SHA256", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SignatureSigningConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.config", + "property_type": "Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.EncryptionConfiguration.CBC", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default EncryptionConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.optional", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true failure to locate an encryption key to use won't result in request failure", + "note": "" + }, + { + "property_name": "idp.encryption.keyagreement.metadata.defaultUseKeyWrap", + "property_type": "string", + "property_default_value": "Default", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration", + "note": "" + }, + { + "property_name": "idp.trust.signatures", + "property_type": "Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)", + "property_default_value": "shibboleth.ChainingSignatureTrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify signatures", + "note": "" + }, + { + "property_name": "idp.trust.certificates", + "property_type": "Bean ID of TrustEngine (org.opensaml.security.trust)", + "property_default_value": "shibboleth.ChainingX509TrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify TLS certificates", + "note": "" + }, + { + "property_name": "idp.policy.messageLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped messages", + "note": "" + }, + { + "property_name": "idp.policy.assertionLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped assertions", + "note": "" + }, + { + "property_name": "idp.policy.clockSkew", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default allowance for clock differences between systems", + "note": "" + }, + { + "property_name": "idp.security.basicKeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.BasicKeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the BasicKeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.security.x509KeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.X509KeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the X509KeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.csrf.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Enables CSRF protection", + "note": "" + }, + { + "property_name": "idp.csrf.token.parameter", + "property_type": "string", + "property_default_value": "csrf_token", + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Name of the HTTP parameter that stores the CSRF token", + "note": "" + }, + { + "property_name": "idp.hsts", + "property_type": "string", + "property_default_value": "max-age=0", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an HSTS response header", + "note": "" + }, + { + "property_name": "idp.frameoptions", + "property_type": "DENY/SAMEORIGIN", + "property_default_value": "DENY", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an X-Frame-Options response header", + "note": "" + }, + { + "property_name": "idp.csp", + "property_type": "string", + "property_default_value": "frame-ancestors 'none'", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures a Content Security Policy response header", + "note": "" + }, + { + "property_name": "idp.webflows", + "property_type": "resource path", + "property_default_value": "%{idp.home}/flows", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-supplied webflows from", + "note": "" + }, + { + "property_name": "idp.views", + "property_type": "Comma-delimited paths", + "property_default_value": "%{idp.home}/views", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading.", + "note": "" + }, + { + "property_name": "idp.errors.detailed", + "property_type": "bool", + "property_default_value": false, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to expose detailed error causes in status information provided to outside parties", + "note": "" + }, + { + "property_name": "idp.errors.signed", + "property_type": "bool", + "property_default_value": true, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)", + "note": "" + }, + { + "property_name": "idp.errors.defaultView", + "property_type": "string", + "property_default_value": "error", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The default view name to render for exceptions and events", + "note": "" + }, + { + "property_name": "idp.errors.excludedExceptions", + "property_type": "Bean ID of Properties (java.util.Properties)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class).", + "note": "" + }, + { + "property_name": "idp.errors.exceptionMappings", + "property_type": "Bean ID of Collection (java.util)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)", + "note": "" + }, + { + "property_name": "idp.storage.cleanupInterval", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Interval of background thread sweeping server-side storage for expired records", + "note": "" + }, + { + "property_name": "idp.storage.htmlLocalStorage", + "property_type": "bool", + "property_default_value": false, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use HTML Local Storage (if available) instead of cookies", + "note": "" + }, + { + "property_name": "idp.storage.clientSessionStorageName", + "property_type": "string", + "property_default_value": "shib_idp_session_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default per-session instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.storage.clientPersistentStorageName", + "property_type": "string", + "property_default_value": "shib_idp_persistent_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default persistent instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.replayCache.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for message replay checking (must be server-side)", + "note": "" + }, + { + "property_name": "idp.replayCache.strict", + "property_type": "bool", + "property_default_value": true, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether storage errors during replay checks should be treated as a replay", + "note": "" + }, + { + "property_name": "idp.session.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to enable the IdP's session tracking feature", + "note": "" + }, + { + "property_name": "idp.session.StorageService", + "property_type": "Bean ID of StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.ClientSessionStorageService", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean name of a storage implementation/configuration to use for IdP sessions", + "note": "" + }, + { + "property_name": "idp.session.cookieName", + "property_type": "string", + "property_default_value": "shib_idp_session", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)", + "note": "" + }, + { + "property_name": "idp.session.idSize", + "property_type": "int", + "property_default_value": 32, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Number of characters in IdP session identifiers", + "note": "" + }, + { + "property_name": "idp.session.consistentAddress", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to bind IdP sessions to IP addresses", + "note": "" + }, + { + "property_name": "idp.session.consistentAddressCondition", + "property_type": "BiPredicate", + "property_default_value": "Direct string comparison", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A 2-argument predicate that compares a bound session's address to a client address", + "note": "" + }, + { + "property_name": "idp.session.timeout", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Inactivity timeout policy for IdP sessions (must be non-zero)", + "note": "" + }, + { + "property_name": "idp.session.slop", + "property_type": "duration", + "property_default_value": 0, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Extra time after expiration before removing SP sessions in case a logout is invoked", + "note": "" + }, + { + "property_name": "idp.session.maskStorageFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to hide storage failures from users during session cache reads/writes", + "note": "" + }, + { + "property_name": "idp.session.trackSPSessions", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)", + "note": "" + }, + { + "property_name": "idp.session.secondaryServiceIndex", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)", + "note": "" + }, + { + "property_name": "idp.session.defaultSPlifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting", + "note": "" + }, + { + "property_name": "idp.authn.flows", + "property_type": "regex", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Required expression that identifies the login flows to globally enable", + "note": "ex. Password, MA, DUO" + }, + { + "property_name": "idp.authn.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default amount of time to allow reuse prior authentication flows", + "note": "measured since first usage" + }, + { + "property_name": "idp.authn.defaultTimeout", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default inactivity timeout to prevent reuse of prior authentication flows", + "note": "measured since last usage" + }, + { + "property_name": "idp.authn.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication", + "note": "" + }, + { + "property_name": "idp.authn.favorSSO", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to prioritize prior authentication results when an SP requests more than one possible matching method", + "note": "" + }, + { + "property_name": "idp.authn.rpui", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to populate information about the relying party into the tree for user interfaces during login and interceptors", + "note": "" + }, + { + "property_name": "idp.authn.identitySwitchIsError", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session.", + "note": "" + }, + { + "property_name": "idp.authn.discoveryURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose", + "note": "" + }, + { + "property_name": "idp.authn.overrideRequestedAuthnContext", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set.", + "note": "" + }, + { + "property_name": "idp.consent.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientPersistentStorageService", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of storage service used to store users' consent choices", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of attribute-release flow along with system default behavior", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.consentValueMessageCodeSuffix", + "property_type": "string", + "property_default_value": ".text", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix of message property used as value of consent storage records when idp.consent.compareValues is true", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of terms-of-use flow", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.allowDoNotRemember", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether not remembering/storing consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowGlobal", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether consent to any attribute and to any relying party is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowPerAttribute", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether per-attribute consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.compareValues", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute values and terms of use text are stored and compared for equality", + "note": "" + }, + { + "property_name": "idp.consent.maxStoredRecords", + "property_type": "int", + "property_default_value": 10, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.expandedMaxStoredRecords", + "property_type": "int", + "property_default_value": 0, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using larger/server-side storage, 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.storageRecordLifetime", + "property_type": "duration", + "property_default_value": "(v4.0=P1Y,v4.1=infinite)", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "4.x", + "module": "", + "module_vers": "", + "description": "Time in milliseconds to expire consent storage records", + "note": "" + }, + { + "property_name": "idp.logout.elaboration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search metadata for user interface information associated with every service involved in logout propagation", + "note": "" + }, + { + "property_name": "idp.logout.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to require signed logout messages in accordance with the SAML 2.0 standard", + "note": "" + }, + { + "property_name": "idp.logout.promptUser", + "property_type": "Bean ID of Predicate", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session", + "note": "" + }, + { + "property_name": "idp.logout.preserveQuery", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic", + "note": "" + }, + { + "property_name": "idp.logout.assumeAsync", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints", + "note": "" + }, + { + "property_name": "idp.logout.propagationHidden", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user", + "note": "" + }, + { + "property_name": "idp.soap.httpClient", + "property_type": "Bean ID of HttpClient to use for SOAP-based logout", + "property_default_value": "SOAPClient.HttpClient", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)", + "note": "" + }, + { + "property_name": "idp.ui.fallbackLanguages", + "property_type": "Comma-delimited list", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "languages to use if no match can be found with the browser-supported languages", + "note": "ex. en, fr, de" + }, + { + "property_name": "idp.cas.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)", + "note": "" + }, + { + "property_name": "idp.cas.serviceRegistryClass", + "property_type": "?", + "property_default_value": "net.shibboleth.idp.cas.service.PatternServiceRegistry", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "CAS service registry implementation class", + "note": "" + }, + { + "property_name": "idp.cas.relyingPartyIdFromMetadata", + "property_type": "bool", + "property_default_value": false, + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true CAS services provisioned with SAML metadata are identified via entityID", + "note": "" + }, + { + "property_name": "idp.fticks.federation", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Enables F-TICKS output and specifies the value of the federation-identifier field", + "note": "" + }, + { + "property_name": "idp.fticks.condition", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean name of a Predicate to use to decide whether to run", + "note": "" + }, + { + "property_name": "idp.fticks.algorithm", + "property_type": "string", + "property_default_value": "SHA-2", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Digest algorithm used to obscure usernames", + "note": "" + }, + { + "property_name": "idp.fticks.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A salt to apply when digesting usernames (if not specified, the username will not be included)", + "note": "" + }, + { + "property_name": "idp.fticks.loghost", + "property_type": "string", + "property_default_value": "localhost", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog host", + "note": "" + }, + { + "property_name": "idp.fticks.logport", + "property_type": "int", + "property_default_value": 514, + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog port", + "note": "" + }, + { + "property_name": "idp.audit.shortenBindings", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set false if you want SAML bindings \"spelled out\" in audit log", + "note": "" + }, + { + "property_name": "idp.velocity.runtime.strictmode", + "property_type": "bool", + "property_default_value": false, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set to true to fail on velocity syntax errors", + "note": "" + }, + { + "property_name": "idp.intercept.External.externalPath", + "property_type": "path", + "property_default_value": "contextRelative:intercept.jsp", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Path to use with External interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.generalPolicy", + "property_type": "Policy ID", + "property_default_value": "GeneralImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.specificPolicy", + "property_type": "Policy ID", + "property_default_value": "SpecificImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.authenticator", + "property_type": "string", + "property_default_value": "anonSearchAuthenticator", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.ldapURL", + "property_type": "LDAP URI", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection URI for LDAP directory", + "note": "ex. ldap://localhost or ldaps://localhost" + }, + { + "property_name": "idp.authn.LDAP.useStartTLS", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether StartTLS should be used after connecting with LDAP alone.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for the TCP connection to occur.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.responseTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for an LDAP response message", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectionStrategy", + "property_type": "string", + "property_default_value": "ACTIVE_PASSIVE", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.sslConfig", + "property_type": "string", + "property_default_value": "certificateTrust", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.trustCertificates", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load trust anchors from when using sslConfig = certificateTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.crt" + }, + { + "property_name": "idp.authn.LDAP.trustStore", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.truststore" + }, + { + "property_name": "idp.authn.LDAP.returnAttributes", + "property_type": "comma-seperated strings", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to request during authentication", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.baseDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.subtreeSearch", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.userFilter", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDNCredential", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.dnFormat", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator", + "note": "ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryOnFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryWithBindDN", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordPolicy", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Policy Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordExpiration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Expired Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.activeDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.freeIPADirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.eDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.disablePooling", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether connection pools should be used for LDAP authentication and DN resolution", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.minSize", + "property_type": "int", + "property_default_value": 3, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Minimum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.maxSize", + "property_type": "int", + "property_default_value": 10, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateOnCheckout", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections when checking them out of the pool", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriodically", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections in the background", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between validation if idp.pool.LDAP.validatePeriodically is true", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "DN to search with the validateFilter: defaults to the rootDSE", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateFilter", + "property_type": "string", + "property_default_value": "(objectClass=*)", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Search filter to execute in order to validate a pooled connection", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.prunePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between looking for idle connections to reduce the pool back to its minimum size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.idleTime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration connections must be idle to be eligible for pruning", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.blockWaitTime", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration to wait for a free connection in the pool", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindPoolPassivator", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind.", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfigNames", + "property_type": "string", + "property_default_value": "ShibUserPassAuth", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited set of JAAS application configuration names to use", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfig", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/authn/jaas.config", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Location of JAAS configuration file", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.refreshConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.preserveTicket", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.servicePrincipal", + "property_type": "string", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.keytab", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal", + "note": "" + }, + { + "property_name": "idp.authn.External.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.External.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.External.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.External.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.External.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.External.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.External.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.External.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.External.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.External.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUser.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkRemoteUser", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to check REMOTE_USER for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkAttributes", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited lists of request attributes to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkHeaders", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of request headers to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to lowercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to uppercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "A regular expression that must match the username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.allowedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to accept while blocking all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.deniedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to deny while accepting all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUserInternal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.externalAuthnPath", + "property_type": "URL path", + "property_default_value": "/Authn/SPNEGO", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Servlet-relative path to the SPNEGO external authentication implementation", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.enforceRun", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to always try to run SPNEGO independent of the user's auto-login setting", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.refreshKrbConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.cookieName", + "property_type": "string", + "property_default_value": "_idp_spnego_autologin", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.2, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Name of cookie used to track auto-login state of client", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SPNEGO.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, saml1/urn:ietf:rfc:1510", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:x509-prompt.jsp", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.X509.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.saveCertificateToCredentialSet", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to save the certificate into the Subject's public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509Internal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.IPAddress.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Function.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Function.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Function.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Function.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Function.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.apiHost", + "property_type": "URL", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb API hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.applicationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, \"Generate an akey\".", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.apiHost", + "property_type": "URL", + "property_default_value": "${idp.duo.apiHost}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.factor", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Allow the factor to be defaulted to auto if no headers are received", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.authn.Duo.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Duo.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Duo.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Duo.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.externalAuthnPath", + "property_type": "url path", + "property_default_value": "servletRelative:/Authn/SAML2/POST/SSO", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the IdP's AssertionConsumerService", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyEntityID", + "property_type": "string", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Statically-defined entityID of IdP to use for authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.outboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run just prior to AuthnRequest signing/encoding step", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run at the late stages of Response decoding/processing", + "note": "" + }, + { + "property_name": "idp.authn.SAML.assertionValidator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of AssertionValidator to run", + "note": "" + }, + { + "property_name": "idp.authn.SAML.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SAML.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SAML.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SAML.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.validateLoginTransitions", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions", + "note": "" + }, + { + "property_name": "idp.authn.MFA.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.MFA.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.MFA.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.MFA.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.transientId.generator", + "property_type": "Bean ID of a TransientIdGenerationStrategy", + "property_default_value": "shibboleth.CryptoTransientIdGenerator", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for generating transient IDs", + "note": "" + }, + { + "property_name": "idp.nameid.saml2.default", + "property_type": "URI", + "property_default_value": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.nameid.saml1.default", + "property_type": "URI", + "property_default_value": "urn:mace:shibboleth:1.0:nameIdentifier", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.persistentId.generator", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for sourcing persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.dataSource", + "property_type": "Bean ID of a JDBC DataSource", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a data source for storage-based management of persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.computed", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a strategy plugin to use to generate the first persistent identifier for each subject", + "note": "used to migrate from the computed to stored strategies: can be null" + }, + { + "property_name": "idp.persistentId.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable", + "note": "" + }, + { + "property_name": "idp.persistentId.useUnfilteredAttributes", + "property_type": "boolean", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether or not the previous property has access to unreleased attributes", + "note": "" + }, + { + "property_name": "idp.persistentId.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A secret salt for the hash when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encodedSalt", + "property_type": "Base64-encoded String", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "An encoded form of the persistentId.salt", + "note": "" + }, + { + "property_name": "idp.persistentId.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The hash algorithm used when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encoding", + "property_type": "string", + "property_default_value": "BASE64", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64", + "note": "" + }, + { + "property_name": "idp.persistentId.exceptionMap", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ComputedIdExceptionMap", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services", + "note": "" + }, + { + "property_name": "idp.persistentId.queryTimeout", + "property_type": "duration", + "property_default_value": "PT5S", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Query timeout for database access", + "note": "" + }, + { + "property_name": "idp.persistentId.transactionRetries", + "property_type": "int", + "property_default_value": 3, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Number of retries in the event database locking bugs cause retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.retryableErrors", + "property_type": "string", + "property_default_value": "23000,23505", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "List of error strings to identify as retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.verifyDatabase", + "property_type": "bool", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.", + "note": "" + }, + { + "property_name": "idp.persistentId.tableName", + "property_type": "string", + "property_default_value": "shibpid", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the name of the table in the database", + "note": "" + }, + { + "property_name": "idp.persistentId.localEntityColumn", + "property_type": "string", + "property_default_value": "localEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerEntityColumn", + "property_type": "string", + "property_default_value": "peerEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.principalNameColumn", + "property_type": "string", + "property_default_value": "principalName", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.sourceIdColumn", + "property_type": "string", + "property_default_value": "localId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.persistentIdColumn", + "property_type": "string", + "property_default_value": "persistentId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerProvidedIdColumn", + "property_type": "string", + "property_default_value": "peerProvidedId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.createTimeColumn", + "property_type": "string", + "property_default_value": "creationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.deactivationTimeColumn", + "property_type": "string", + "property_default_value": "deactivationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.service.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set default fail-fast behavior of all services unless overridden by service", + "note": "" + }, + { + "property_name": "idp.service.logging.resource", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/logback.xml", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Logging configuration resource to use (the reloadable service ID is shibboleth.LoggingService)", + "note": "" + }, + { + "property_name": "idp.service.logging.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if logging configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.logging.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.RelyingPartyResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for RelyingPartyConfiguration", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if RelyingPartyConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to RelyingPartyConfiguration and reload service. A value of 0 indicates that the relying party configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.ignoreUnmappedEntityAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "See MetadataDrivenConfiguration SAML Attribute Name Format Usage", + "note": "" + }, + { + "property_name": "idp.service.metadata.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MetadataResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for MetadataConfiguration", + "note": "" + }, + { + "property_name": "idp.service.metadata.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if MetadataConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.metadata.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.metadata.enableByReferenceFilters", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeRegistryConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeRegistryConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.encodeType", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeResolverConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeResolverConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.stripNulls", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invisible to dependant attribute definitions) use a SimpleAttributeDefinition and specify ignoreNullValues", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.suppressDisplayInfo", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so there should be no reason to revert this behavior unless using third party software which expect the IdPAttribute DisplayName and DisplayDescriptions to be pre-populated", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeFilterResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeFilterConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeFilterConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.NameIdentifierGenerationResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for NameIDGenerationConfiguration", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if NameIDGenerationConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to NameIDGenerationConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.access.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AccessControlResource", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AccessControlConfiguration", + "note": "" + }, + { + "property_name": "idp.service.access.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AccessControlConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.access.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AccessControlConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.CASServiceRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for CASServiceRegistry configuration", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if CASServiceRegistry configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice CASServiceRegistry configuration changes and reload service", + "note": "" + }, + { + "property_name": "idp.service.managedBean.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ManagedBeanResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for ManagedBeanConfiguration", + "note": "" + }, + { + "property_name": "idp.service.managedBean.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if ManagedBeanConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.managedBean.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice ManagedBeanConfiguration changes and reload service", + "note": "" + }, + { + "property_name": "idp.message.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MessageSourceResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying Spring message property resources", + "note": "" + }, + { + "property_name": "idp.message.cacheSeconds", + "property_type": "int", + "property_default_value": 300, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Seconds between reloads of message property resources", + "note": "" + }, + { + "property_name": "idp.status.logging", + "property_type": "string", + "property_default_value": "Status", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.status.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.status.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.status.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.status.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.logging", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.reload.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.reload.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.reload.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.logging", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.resolvertest.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.resolvertest.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.resolvertest.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.logging", + "property_type": "string", + "property_default_value": "MetadataQuery", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.mdquery.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.mdquery.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.mdquery.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.logging", + "property_type": "string", + "property_default_value": "Metrics", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.metrics.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.metrics.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.logging", + "property_type": "string", + "property_default_value": "Hello", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.hello.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByAdminUser", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.hello.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.hello.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.resolveAttributes", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.logging", + "property_type": "string", + "property_default_value": "Lockout", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.lockout.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.lockout.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.lockout.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.logging", + "property_type": "string", + "property_default_value": "Storage", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.storage.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.storage.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.storage.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.storage.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.logging", + "property_type": "string", + "property_default_value": "UnlockKeys", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.unlock-keys.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.unlock-keys.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.unlock-keys.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.c14n.simple.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributesToResolve", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributeSourceIds", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolveFromSubject", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolutionCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone", + "note": "" + }, + { + "property_name": "idp.c14n.x500.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.subjectAltNameTypes", + "property_type": "List", + "property_default_value": "none", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of subjectAltName extension types to look for", + "note": "" + }, + { + "property_name": "idp.c14n.x500.objectIDs", + "property_type": "List", + "property_default_value": "2.5.4.3", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attribute OIDs to search for in the subject DN", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.service.logging.saml1sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2slo", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.logout", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.cas", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.status", + "property_type": "string", + "property_default_value": "Status", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.resolvertest", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.serviceReload", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.audit.hashAlgorithm", + "property_type": "string", + "property_default_value": "SHA-256", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Hash algorithm to apply to various hashed fields", + "note": "" + }, + { + "property_name": "idp.audit.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Salt to apply to hashed fields must be set to use those fields", + "note": "" + }, + { + "property_name": "idp.oidc.issuer", + "property_type": "URL", + "property_default_value": "none", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set the Open ID Connect Issuer value", + "note": "" + }, + { + "property_name": "idp.oidc.idToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT1H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of ID token", + "note": "" + }, + { + "property_name": "idp.oidc.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token", + "note": "" + }, + { + "property_name": "idp.oidc.authorizeCode.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of authorization code", + "note": "" + }, + { + "property_name": "idp.oidc.refreshToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of refresh token", + "note": "" + }, + { + "property_name": "idp.oidc.forcePKCE", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is required to use PKCE", + "note": "" + }, + { + "property_name": "idp.oidc.allowPKCEPlain", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is allowed to use PKCE code challenge method plain", + "note": "" + }, + { + "property_name": "idp.oidc.encodedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests", + "note": "" + }, + { + "property_name": "idp.oidc.encodeConsentInTokens", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage", + "note": "" + }, + { + "property_name": "idp.oidc.alwaysIncludedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to always include in ID token regardless of response_type", + "note": "" + }, + { + "property_name": "idp.oidc.deniedUserInfoAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to omit from UserInfo token", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.authorizeCode.lifetime", + "property_type": "duration", + "property_default_value": "PT6H", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of entries in revocation cache for authorize code", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of StorageService for revocation cache requires server-side storage", + "note": "" + }, + { + "property_name": "idp.oidc.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods", + "note": "" + }, + { + "property_name": "idp.oauth2.grantTypes", + "property_type": "Collection", + "property_default_value": "authorization_code,refresh_token", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "OAuth grant types to allow", + "note": "" + }, + { + "property_name": "idp.oauth2.enforceRefreshTokenRotation", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.type", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Format of access token. Supported values are JWT or nothing.", + "note": "" + }, + { + "property_name": "idp.oauth2.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token issued to client for resource server", + "note": "" + }, + { + "property_name": "idp.oauth2.revocationMethod", + "property_type": "string", + "property_default_value": "CHAIN", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultRegistrationValidity", + "property_type": "duration", + "property_default_value": "PT24H", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Registration lifetime", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultScope", + "property_type": "string", + "property_default_value": "openid profile email address phone offline_access", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default scopes accepted in dynamic registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultSubjectType", + "property_type": "string", + "property_default_value": "public", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default subject type if not set by client in request. Maybe set to pairwise or public.", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultMetadataPolicyFile", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "OPMetadataPolicies", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Full path to the file containing default metadata policy used for dynamic client registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods when using dynamic registration", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rs.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-rs.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.es.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-es.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK EC signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rsa.enc.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-encryption-rsa.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA decryption keypair", + "note": "" + }, + { + "property_name": "idp.oidc.signing.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.SigningConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default signing configuration", + "note": "" + }, + { + "property_name": "idp.oidc.encryption.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.EncryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default encryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rodecrypt.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectDecryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request decryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request signature validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default JWT token validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.authn.OAuth2Client.requireAll", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether all validators must succeed or just one", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.removeAfterValidation", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.retainAsPrivateCredential", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution", + "note": "use with caution as it retains the password and makes it available in plaintext from within server memory at various stages." + }, + { + "property_name": "idp.authn.OAuth2Client.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.OAuth2Client.supportedPrincipals", + "property_type": "string", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.oidc.ResponseHeaderFilter", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ResponseHeaderFilter", + "config_category": "OPCustomFilterRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.template", + "property_type": "resource path", + "property_default_value": "%{idp.home}/static/openid-configuration.json", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Location of discovery template to use", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.resolver", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.DefaultOpenIdConfigurationResolver", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Implementation bean for discovery shouldn't require alteration", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.logging", + "property_type": "string", + "property_default_value": "IssueRegistrationAccessToken", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Audit logging label for this profile", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.nonBrowserSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Enables support for non-browser-based authentication", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to enable user authentication for requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to resolve attributes if authentication is enabled", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.defaultTokenLifetime", + "property_type": "duration", + "property_default_value": "P1D", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Default access token lifetime if not specified", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to all requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyLocationPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyLocation", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.clientIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a clientId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.lookup.policy", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "If true any failures during initialization of any resolvers result in IdP startup failure", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.checkInterval", + "property_type": "duration", + "property_default_value": "PT0S", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "When non-zero enables monitoring of resources for service reload", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientInformationResolverResources", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of bean used to define the resources to use in configuring this service", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedScope", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function called shibboleth.oidc.AllowedScopeStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedAudience", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.authn.flows", + "property_type": "regex", + "property_default_value": "OAuth2Client", + "config_category": "OPClientAuthentication", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regular expression matching OAuth login flows to enable.", + "note": "" + }, + { + "property_name": "idp.oidc.subject.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The source attribute used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The digest algorithm used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.DuoOIDC.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.oidc.apiHost", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "DuoOIDC API hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.clientId", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The OAuth 2.0 Client Identifier valid at the Authorization Server", + "note": "" + }, + { + "property_name": "idp.duo.oidc.redirectURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Redirection URI to which the 2FA response will be sent", + "note": "ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback" + }, + { + "property_name": "idp.duo.oidc.redirecturl.allowedOrigins", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.health", + "property_type": "string", + "property_default_value": "/oauth/v1/health_check", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 health check endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.token", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 token endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.authorize", + "property_type": "string", + "property_default_value": "/oauth/v1/authorize", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 authorization endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.clockSkew", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Leeway allowed in token expiry calculations", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.iatWindow", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Maximum amount (in either direction from now) of duration for which a token is valid after it is issued", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.issuerPath", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.preferredUsername", + "property_type": "string", + "property_default_value": "preferred_username", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.authLifetime", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "How long the authentication is valid. Only applies to forced authentication requests.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.apiHost", + "property_type": "string", + "property_default_value": "%{idp.duo.oidc.apiHost}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI integration key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI secret key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.factor", + "property_type": "strinig", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Allow the factor to be defaulted in as \"auto\" if no headers are received", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Pass client address to Duo in API calls to support logging", + "note": "push display" + }, + { + "property_name": "idp.duo.oidc.connectionTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for the connection to be established", + "note": "" + }, + { + "property_name": "idp.duo.oidc.connectionRequestTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for a connection to be returned from the connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.socketTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum period inactivity between two consecutive data packets", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsTotal", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max total simultaneous connections allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsPerRoute", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max simultaneous connections per route allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nimbus.checkRevocation", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "To enable certificate revocation checking", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.headerName", + "property_type": "string", + "property_default_value": "X-Shibboleth-TOTP", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of request header to use for extracting non-browser submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.fieldName", + "property_type": "string", + "property_default_value": "tokencode", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of HTML form field to use for locating browser-submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.tokenSeedAttribute", + "property_type": "string", + "property_default_value": "tokenSeeds", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of IdPAttribute to resolve to obtain token seeds for users", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.TOTP.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.metadata.dnsname", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier", + "note": "" + }, + { + "property_name": "idp.metadata.backchannel.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.path", + "property_type": "URL", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.height", + "property_type": "int", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The height of the logo in pixels.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.width", + "property_type": "init", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The width of the logo in pixels", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.langs", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.displayname.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.description.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.oidc.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.defaultSecretExpiration", + "property_type": "duration", + "property_default_value": "P12M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The validity of client secret registered", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.allowNoneForRequestSigning", + "property_type": "bool", + "property_default_value": true, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regardless of what signing algorithms are configured allow none for request object signing", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.validateRemoteJwks", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwk.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Storage for storing remote jwk sets.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.metadata.saml", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwksuri.fetchInterval", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Upgrade interval to the remote JWKs", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.minRefreshDelay", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.maxRefreshDelay", + "property_type": "duration", + "property_default_value": "PT4H", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.LoginHintLookupStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultRequestLoginHintLookupFunction", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.SPSessionCreationStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultSPSessionCreationStrategy", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.", + "note": "no doc" + } +] \ No newline at end of file diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 546241f10..ca70ee51a 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -34,6 +34,7 @@ import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; import { ProtectRoute } from './core/components/ProtectRoute'; +import { IdpConfiguration } from './admin/IdpConfiguration'; function App() { @@ -108,6 +109,11 @@ function App() { } /> + + + + + } /> diff --git a/ui/src/app/admin/IdpConfiguration.js b/ui/src/app/admin/IdpConfiguration.js new file mode 100644 index 000000000..50bacf1e6 --- /dev/null +++ b/ui/src/app/admin/IdpConfiguration.js @@ -0,0 +1,43 @@ +import React from 'react'; +import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom'; +import { ConfigurationsProvider } from './hoc/ConfigurationsProvider'; +import { NewConfiguration } from './container/NewConfiguration'; +import { EditConfiguration } from './container/EditConfiguration'; +import { ConfigurationList } from './container/ConfigurationList'; + +export function IdpConfiguration() { + + let { path, url } = useRouteMatch(); + + return ( + <> + + + + {(configurations, onDelete) => + + } + + } /> + + + {(configurations) => + + } + + + } /> + + + {(configurations) => + + } + + } /> + + + } /> + + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js new file mode 100644 index 000000000..bceac7a42 --- /dev/null +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -0,0 +1,196 @@ +import React from 'react'; +import Button from 'react-bootstrap/Button'; +import { useFieldArray, useForm } from 'react-hook-form'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faSpinner, faSave, faTrash } from '@fortawesome/free-solid-svg-icons'; + +import Translate from '../../i18n/components/translate'; +import PropertySelector from './PropertySelector'; + +import { useProperties } from '../hoc/PropertiesProvider'; + +import Form from 'react-bootstrap/Form'; +import FloatingLabel from 'react-bootstrap/FloatingLabel'; +import { useTranslator } from '../../i18n/hooks'; +import { includes, uniqBy } from 'lodash'; + +export function ConfigurationForm({ configurations, configuration = {}, loading, onSave, onCancel }) { + + const [names, setNames] = React.useState([]); + + const { control, register, getValues, watch, formState: { errors, isValid }, handleSubmit } = useForm({ + defaultValues: { + ...configuration + }, + reValidateMode: 'onChange', + mode: 'onChange', + }); + + const { fields, append, remove } = useFieldArray({ + control, + name: "properties", + rules: { + minLength: 1 + } + }); + + const properties = useProperties(); + const selected = watch('properties'); + + const addProperties = (props) => { + + const parsed = props.reduce((coll, prop, idx) => { + if (prop.isCategory) { + return [...coll, ...properties.filter(p => p.category === prop.category)]; + } else { + return [...coll, prop]; + } + }, []); + + const names = selected.map(p => p.propertyName); + + const filtered = parsed.filter(p => includes(names, p.propertyName) ? false : true); + + const deduped = uniqBy(filtered, (i) => i.propertyName); + + append(deduped); + }; + + const saveConfig = (formValues) => { + const parsed = formValues.properties.map(p => ({ + propertyName: p.propertyName, + propertyValue: p.propertyValue, + configFile: p.configFile, + category: p.category, + displayType: p.displayType + })); + onSave({ + ...formValues, + properties: parsed + }); + }; + + const translator = useTranslator(); + + React.useEffect(() => { + setNames(configurations.map(p => p.name)); + }, [configurations]); + + const onNext = (data) => {}; + + return (<> +
+
+ + + + +
+
+
+
+
+ + Name + v.trim() === configuration.name || !includes(names, v) + } + })} /> + + {errors?.name?.type === 'unique' && } + {errors?.name?.type === 'required' && } + + +
+
+
+
+
+ +
+
+
+
+
+
+
+ + + + + + + + + + + + {fields.map((p, idx) => ( + + + + + + + + ))} + {fields.length === 0 && + + + + } + +
PropertyCategoryTypeValueAction
{ p.propertyName }{ p.category }{ p.displayType === 'number' ? 'integer' : p.displayType } + {p.displayType !== 'boolean' ? + + (p.displayType === 'number' ? parseInt(v) : v), + })} /> + + : + + } + + +
+ At least one property is required. +
+
+
+
+
+
+ ) +} diff --git a/ui/src/app/admin/component/PropertySelector.js b/ui/src/app/admin/component/PropertySelector.js new file mode 100644 index 000000000..9f219e403 --- /dev/null +++ b/ui/src/app/admin/component/PropertySelector.js @@ -0,0 +1,104 @@ +import React, { Fragment, useCallback } from 'react'; +import { groupBy, includes, orderBy } from 'lodash'; +import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; +import Button from 'react-bootstrap/Button'; + +import { ToggleButton } from '../../form/component/ToggleButton'; + +export function PropertySelector ({ properties, options, onAddProperties }) { + const [selected, setSelected] = React.useState([]); + + const menu = useCallback((results, menuProps, state) => { + let index = 0; + const ordered = orderBy(results, 'category'); + const grouped = groupBy(ordered, 'category'); + const items = Object.keys(grouped).sort().map((item, idx) => { + index = index + 1; + const used = grouped[item].filter((i) => properties.some((p) => p.propertyName === i.propertyName)); + if (used.length >= grouped[item].length || includes(selected, item)) { + return + } + const cat = {category: item, propertyName: item, isCategory: true}; + const catSelected = selected.some(s => s.propertyName === item); + return ( + + {index !== 0 && } + + + {item} - Add all + + + {grouped[item].map((i) => { + if (!properties.some((p) => p.propertyName === i.propertyName)) { + index = index + 1; + const item = + s.propertyName === i.propertyName)}> + + {`- ${i.propertyName}`} + + ; + return item; + } + return null; + })} + + ); + }); + + return {items}; + }, [properties, selected]); + + const token = (option, { onRemove }, index) => ( + + {`${option.propertyName}`} + + ); + + const select = (data) => { + setSelected(data); + }; + + const add = (s) => { + onAddProperties(s); + setSelected([]); + }; + + return ( + +
+ + select(selected)} + options={options} + selected={selected} + labelKey={option => `${option.propertyName}`} + filterBy={['propertyName', 'category', 'displayType']} + renderMenu={ menu } + paginate={false} + multiple={ true } + maxResults={options.length} + renderToken={ token }> + {({ isMenuShown, toggleMenu }) => ( + toggleMenu()}> + Options + + )} + +
+ + + ) +} + +export default PropertySelector; \ No newline at end of file diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js new file mode 100644 index 000000000..cef6880b2 --- /dev/null +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -0,0 +1,148 @@ +import React from 'react'; +import { faDownload, faEdit, faPlusCircle, faSpinner, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; + +import Button from 'react-bootstrap/Button'; +import ButtonGroup from 'react-bootstrap/ButtonGroup'; +import Popover from 'react-bootstrap/Popover'; +import { Link } from 'react-router-dom'; + +import { Translate } from '../../i18n/components/translate'; + +import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; +import OverlayTrigger from 'react-bootstrap/OverlayTrigger'; +import { useTranslator } from '../../i18n/hooks'; +import useFetch from 'use-http'; +import API_BASE_PATH from '../../App.constant'; +import { downloadAsZip } from '../../core/utility/download_as'; + +export function ConfigurationList({ configurations, onDelete, loading }) { + + const remove = (id) => { + onDelete(id); + } + + const translate = useTranslator(); + + const downloader = useFetch(`${API_BASE_PATH}/shib/property/set`, { + cachePolicy: 'no-cache', + headers: { + 'Content-Type': 'application/zip', + 'Accept': 'application/zip' + } + }); + + const download = async (id, type) => { + await downloader.get(`/${id}${ type === 'single' ? '/onefile' : '' }`); + const file = await downloader.response.blob(); + if (downloader.response.ok) { + downloadAsZip('configuration', file); + console.log(file); + } + }; + + return ( + + {(block) => +
+ {loading ? +
+ +
+ : +
+
+
+ + Configuration Management + +
+
+
+ +   + Create new configuration + +
+
+ + + + + + + + + + {(configurations?.length > 0) ? configurations.map((c, i) => + + + + + + ) : + + } + +
+ Configuration Name (label) + + Download + + Actions +
+ + {c.name} + + +
+ + + + + )} + aria-label={translate('')}> + + +
+ + + + )} + aria-label={translate('')}> + + + {downloader.loading && } +
+ 		+ + + +   Edit + + + +
+ No configurations. +
+
+
+
+
+ } +
+ } + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js new file mode 100644 index 000000000..dfa90aa8e --- /dev/null +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -0,0 +1,94 @@ +import React from 'react'; + +import { Prompt, useHistory, useParams } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useConfiguration } from '../hooks'; +import { ConfigurationForm } from '../component/ConfigurationForm'; + +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { PropertiesProvider } from '../hoc/PropertiesProvider'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faSpinner } from '@fortawesome/free-solid-svg-icons'; + +export function EditConfiguration({ configurations }) { + const history = useHistory(); + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + const { id } = useParams(); + + const { put, get, response, loading } = useConfiguration({}); + + const [blocking, setBlocking] = React.useState(false); + + const [configuration, setConfiguration] = React.useState(); + + async function save(config) { + let toast; + const resp = await put(`${config.resourceId}`, config); + if (response.ok) { + gotoList({ refresh: true }); + toast = createNotificationAction(`Updated configuration successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + async function loadConfiguration(id) { + const config = await get(`/${id}`); + if (response.ok) { + setConfiguration(config); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadConfiguration(id) }, []); + + const cancel = () => { + gotoList(); + }; + + const gotoList = (state = null) => { + setBlocking(false); + history.push(`/configurations`, state); + }; + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Edit configuration set +
+
+
+
+ {loading ? +
+ +
+ : + + {configuration && save(data)} + onCancel={() => cancel()} /> } + + } +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/NewConfiguration.js b/ui/src/app/admin/container/NewConfiguration.js new file mode 100644 index 000000000..d9a1bf33c --- /dev/null +++ b/ui/src/app/admin/container/NewConfiguration.js @@ -0,0 +1,81 @@ +import React from 'react'; + +import { Prompt, useHistory } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useConfiguration } from '../hooks'; +import { Schema } from '../../form/Schema'; +import { ConfigurationForm } from '../component/ConfigurationForm'; + +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { BASE_PATH } from '../../App.constant'; +import { PropertiesProvider } from '../hoc/PropertiesProvider'; + +export function NewConfiguration({ configurations }) { + const history = useHistory(); + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { post, response, loading } = useConfiguration({}); + + const [blocking, setBlocking] = React.useState(false); + + async function save(config) { + let toast; + const resp = await post(``, config); + if (response.ok) { + gotoList({ refresh: true }); + toast = createNotificationAction(`Added configuration successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + const cancel = () => { + gotoList(); + }; + + const gotoList = (state = null) => { + setBlocking(false); + history.push(`/configurations`, state); + }; + + const [configuration] = React.useState({}); + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Create new configuration set +
+
+
+
+ + + {(schema) => + save(data)} + onCancel={() => cancel()} />} + + +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/hoc/ConfigurationsProvider.js b/ui/src/app/admin/hoc/ConfigurationsProvider.js new file mode 100644 index 000000000..99220c94c --- /dev/null +++ b/ui/src/app/admin/hoc/ConfigurationsProvider.js @@ -0,0 +1,42 @@ +import React from 'react'; +import { useConfigurations } from '../hooks'; +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; + +export function ConfigurationsProvider({ children, cache = 'no-cache' }) { + + const [configurations, setConfigurations] = React.useState([]); + + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { get, del, response, loading } = useConfigurations({ + cachePolicy: cache + }); + + async function loadConfigurations() { + const list = await get(`shib/property/set`); + if (response.ok) { + setConfigurations(list); + } + } + + async function removeConfiguration(id) { + let toast; + const resp = await del(`shib/property/set/${id}`); + if (response.ok) { + loadConfigurations(); + toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadConfigurations() }, []); + + return (<>{children(configurations, removeConfiguration, loading)}); +} diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js new file mode 100644 index 000000000..5ab7bde75 --- /dev/null +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -0,0 +1,47 @@ +import React from 'react'; +import useFetch from 'use-http'; +import API_BASE_PATH from '../../App.constant'; + +const PropertiesContext = React.createContext(); + +const { Provider, Consumer } = PropertiesContext; + +function PropertiesProvider({ children, cache = 'no-cache' }) { + + const [properties, setProperties] = React.useState([]); + + + const { get, response, loading } = useFetch('', { + cachePolicy: cache + }); + + async function loadProperties() { + const list = await get(`${API_BASE_PATH}/shib/properties`); + if (response.ok) { + setProperties(list); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperties() }, []); + + return ({children}); +} + +function useProperties() { + const { properties } = React.useContext(PropertiesContext); + return properties.map((p, idx) => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p);; +} + +function usePropertiesLoading() { + const { loading } = React.useContext(PropertiesContext); + return loading; +} + +export { + PropertiesProvider, + PropertiesContext, + Consumer as PropertiesConsumer, + useProperties, + usePropertiesLoading, +}; diff --git a/ui/src/app/admin/hoc/PropertyProvider.js b/ui/src/app/admin/hoc/PropertyProvider.js new file mode 100644 index 000000000..119f3d26d --- /dev/null +++ b/ui/src/app/admin/hoc/PropertyProvider.js @@ -0,0 +1,20 @@ +import React from 'react'; +import { useProperty } from '../hooks'; + +export function PropertyProvider({ id, children }) { + + const [property, setProperty] = React.useState(); + const { get, response } = useProperty(id); + + async function loadProperty() { + const r = await get(``); + if (response.ok) { + setProperty(r); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperty() }, []); + + return (<>{children(property)}); +} \ No newline at end of file diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index b2c63a7c3..54d9d3117 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -46,3 +46,25 @@ export function useGroupUiValidator() { export function useRoleUiSchema() { return {}; } + +export function useConfigurations (opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/`, opts); +} + +export function useConfiguration(opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/shib/property/set`, opts); +} + +export function useConfigurationUiSchema () { + return { + description: { + 'ui:widget': 'textarea' + } + }; +} + +export function useConfigDownload () { + return useFetch(`${API_BASE_PATH}/shib/property/set`, { + cachePolicy: 'no-cache' + }); +} diff --git a/ui/src/app/core/components/Header.js b/ui/src/app/core/components/Header.js index ff979056b..114b73a8c 100644 --- a/ui/src/app/core/components/Header.js +++ b/ui/src/app/core/components/Header.js @@ -7,7 +7,7 @@ import Dropdown from 'react-bootstrap/Dropdown'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; -import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge } from '@fortawesome/free-solid-svg-icons'; +import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge, faFileLines } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; import { useTranslator } from '../../i18n/hooks'; @@ -88,6 +88,10 @@ export function Header () { + + + + } diff --git a/ui/src/app/core/components/ProtectRoute.js b/ui/src/app/core/components/ProtectRoute.js index 77133d9e7..c8a7a299f 100644 --- a/ui/src/app/core/components/ProtectRoute.js +++ b/ui/src/app/core/components/ProtectRoute.js @@ -1,7 +1,6 @@ -import { isUndefined } from 'lodash'; import React from 'react'; import { Redirect } from 'react-router-dom'; - +import { isUndefined } from 'lodash'; import { useCurrentUser, useIsAdmin } from '../user/UserContext'; export function ProtectRoute({ children, redirectTo, ...rest }) { diff --git a/ui/src/app/core/utility/download_as_xml.js b/ui/src/app/core/utility/download_as.js similarity index 54% rename from ui/src/app/core/utility/download_as_xml.js rename to ui/src/app/core/utility/download_as.js index a9256fc63..4fc0cc4fd 100644 --- a/ui/src/app/core/utility/download_as_xml.js +++ b/ui/src/app/core/utility/download_as.js @@ -1,6 +1,11 @@ import * as FileSaver from 'file-saver'; +export const downloadAsZip = (fileName, data) => { + // const blob = new Blob([data], { type: 'text/zip;charset=utf-8' }); + FileSaver.saveAs(data, `${fileName}.zip`); +} + export const downloadAsXml = (fileName, xml) => { const blob = new Blob([xml], { type: 'text/xml;charset=utf-8' }); FileSaver.saveAs(blob, `${fileName}.xml`); -} \ No newline at end of file +} diff --git a/ui/src/app/core/utility/download_as_xml.test.js b/ui/src/app/core/utility/download_as_xml.test.js index 38a87e6fe..3e8583fe9 100644 --- a/ui/src/app/core/utility/download_as_xml.test.js +++ b/ui/src/app/core/utility/download_as_xml.test.js @@ -1,5 +1,5 @@ import * as FileSaver from 'file-saver'; -import { downloadAsXml } from './download_as_xml'; +import { downloadAsXml } from './download_as'; jest.mock('file-saver'); it('attempts to save the provided content', () => { diff --git a/ui/src/app/form/component/ToggleButton.js b/ui/src/app/form/component/ToggleButton.js new file mode 100644 index 000000000..d45c04cd4 --- /dev/null +++ b/ui/src/app/form/component/ToggleButton.js @@ -0,0 +1,23 @@ +import Button from 'react-bootstrap/Button'; +import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; +import { faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; + +export function ToggleButton ({ isOpen, onClick, disabled, children }) { + return ( + + ); +} + +export default ToggleButton; \ No newline at end of file diff --git a/ui/src/app/form/component/fields/FilterTargetField.js b/ui/src/app/form/component/fields/FilterTargetField.js index f78c522dd..d42738059 100644 --- a/ui/src/app/form/component/fields/FilterTargetField.js +++ b/ui/src/app/form/component/fields/FilterTargetField.js @@ -324,7 +324,4 @@ const FilterTargetField = ({ ); }; -/* -*/ - export default FilterTargetField; \ No newline at end of file diff --git a/ui/src/app/form/component/widgets/OptionWidget.js b/ui/src/app/form/component/widgets/OptionWidget.js index 92fc81b3d..b4ac812c6 100644 --- a/ui/src/app/form/component/widgets/OptionWidget.js +++ b/ui/src/app/form/component/widgets/OptionWidget.js @@ -2,31 +2,17 @@ import React, { useRef } from "react"; import ListGroup from "react-bootstrap/ListGroup"; import Form from "react-bootstrap/Form"; -import Button from 'react-bootstrap/Button'; + import Translate from "../../../i18n/components/translate"; import { InfoIcon } from "../InfoIcon"; import { Typeahead } from 'react-bootstrap-typeahead'; import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; -import { faAsterisk, faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; +import { faAsterisk } from "@fortawesome/free-solid-svg-icons"; import { useTranslator } from "../../../i18n/hooks"; +import { ToggleButton } from '../ToggleButton'; -const ToggleButton = ({ isOpen, onClick, disabled, children }) => ( - -); const OptionWidget = ({ id, diff --git a/ui/src/app/metadata/hoc/FilterTargetPreview.js b/ui/src/app/metadata/hoc/FilterTargetPreview.js index 8bd8550d3..2fd81e4c3 100644 --- a/ui/src/app/metadata/hoc/FilterTargetPreview.js +++ b/ui/src/app/metadata/hoc/FilterTargetPreview.js @@ -4,7 +4,7 @@ import { useFetch } from 'use-http'; import Modal from 'react-bootstrap/Modal'; import Button from 'react-bootstrap/Button'; import Translate from '../../i18n/components/translate'; -import { downloadAsXml } from '../../core/utility/download_as_xml'; +import { downloadAsXml } from '../../core/utility/download_as'; export function FilterTargetPreview ({ entityId, children }) { diff --git a/ui/src/app/metadata/view/MetadataXml.js b/ui/src/app/metadata/view/MetadataXml.js index 17e79d26a..fa6252cd9 100644 --- a/ui/src/app/metadata/view/MetadataXml.js +++ b/ui/src/app/metadata/view/MetadataXml.js @@ -9,7 +9,7 @@ import { MetadataObjectContext } from '../hoc/MetadataSelector'; import { MetadataXmlContext } from '../hoc/MetadataXmlLoader'; import { MetadataViewToggle } from '../component/MetadataViewToggle'; -import { downloadAsXml } from '../../core/utility/download_as_xml'; +import { downloadAsXml } from '../../core/utility/download_as'; export function MetadataXml () { const { xml, reload } = React.useContext(MetadataXmlContext); diff --git a/ui/src/theme/project/configuration.scss b/ui/src/theme/project/configuration.scss new file mode 100644 index 000000000..0da05f1ff --- /dev/null +++ b/ui/src/theme/project/configuration.scss @@ -0,0 +1,11 @@ +#property-selector { + .dropdown-header { + padding-right: 0rem; + padding-left: 0rem; + font-size: 1rem; + + .dropdown-item { + font-weight: bold; + } + } +} \ No newline at end of file diff --git a/ui/src/theme/project/forms.scss b/ui/src/theme/project/forms.scss index b60471ce0..daa0d8cb9 100644 --- a/ui/src/theme/project/forms.scss +++ b/ui/src/theme/project/forms.scss @@ -124,6 +124,10 @@ mark { } } +.form-floating > label { + color:#9299A0; +} + @media only screen and (max-width: 1200px) { .form-section:not(:first-child) { border-left: 0px; diff --git a/ui/src/theme/project/index.scss b/ui/src/theme/project/index.scss index 4e36779c5..fd2b6a070 100644 --- a/ui/src/theme/project/index.scss +++ b/ui/src/theme/project/index.scss @@ -13,6 +13,8 @@ @import './utility'; @import './notifications'; @import './filters'; +@import './typeahead'; +@import './configuration'; html, body { height: 100%; diff --git a/ui/src/theme/project/typeahead.scss b/ui/src/theme/project/typeahead.scss new file mode 100644 index 000000000..5bf91a8ca --- /dev/null +++ b/ui/src/theme/project/typeahead.scss @@ -0,0 +1,43 @@ +@import '~react-bootstrap-typeahead/css/Typeahead'; + +.rbt-token-removeable { + cursor: pointer; + padding-right: 21px; +} + +.rbt-token { + background-color: #e7f4ff; + border: 0; + border-radius: .25rem; + color: #007bff; + display: inline-block; + line-height: 1em; + margin: 1px 3px 2px 0; + padding: 4px 7px; + padding-right: 1.8em; + position: relative; + + .rbt-token-remove-button { + bottom: 0; + color: inherit; + font-size: inherit; + font-weight: normal; + opacity: 1; + outline: none; + padding: 3px 7px; + position: absolute; + right: 0; + text-shadow: none; + top: 0px; + + box-sizing: content-box; + width: 1em; + height: 1em; + padding: .25em .25em; + color: inherit; + background: transparent center/1em auto no-repeat; + border: 0; + border-radius: .375rem; + } +} +