From 099ccb8fb788e38b6a2c7f76015decfc4dce11bc Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 4 Aug 2022 14:24:22 -0700 Subject: [PATCH 01/63] Added initial UI for property list --- ui/public/assets/data/properties.json | 1 + .../assets/schema/properties/property.json | 30 ++++++ ui/src/app/App.js | 6 ++ ui/src/app/admin/Properties.js | 34 +++++++ ui/src/app/admin/component/PropertyForm.js | 56 +++++++++++ ui/src/app/admin/container/EditProperty.js | 92 +++++++++++++++++++ ui/src/app/admin/container/NewProperty.js | 80 ++++++++++++++++ ui/src/app/admin/container/PropertyList.js | 80 ++++++++++++++++ ui/src/app/admin/hoc/PropertiesProvider.js | 42 +++++++++ ui/src/app/admin/hoc/PropertyProvider.js | 20 ++++ ui/src/app/admin/hooks.js | 16 ++++ ui/src/app/core/components/Header.js | 6 +- 12 files changed, 462 insertions(+), 1 deletion(-) create mode 100644 ui/public/assets/data/properties.json create mode 100644 ui/public/assets/schema/properties/property.json create mode 100644 ui/src/app/admin/Properties.js create mode 100644 ui/src/app/admin/component/PropertyForm.js create mode 100644 ui/src/app/admin/container/EditProperty.js create mode 100644 ui/src/app/admin/container/NewProperty.js create mode 100644 ui/src/app/admin/container/PropertyList.js create mode 100644 ui/src/app/admin/hoc/PropertiesProvider.js create mode 100644 ui/src/app/admin/hoc/PropertyProvider.js diff --git a/ui/public/assets/data/properties.json b/ui/public/assets/data/properties.json new file mode 100644 index 000000000..0637a088a --- /dev/null +++ b/ui/public/assets/data/properties.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/ui/public/assets/schema/properties/property.json b/ui/public/assets/schema/properties/property.json new file mode 100644 index 000000000..f0e90ff49 --- /dev/null +++ b/ui/public/assets/schema/properties/property.json @@ -0,0 +1,30 @@ +{ + "type": "object", + "required": [ + "property", + "value" + ], + "properties": { + "property": { + "title": "label.property-key", + "description": "tooltip.property-key", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "description": { + "title": "label.property-descr", + "description": "tooltip.property-descr", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "value": { + "title": "label.property-value", + "description": "tooltip.property-value", + "type": "string", + "minLength": 1, + "maxLength": 255 + } + } +} \ No newline at end of file diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 546241f10..9c4e00422 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -34,6 +34,7 @@ import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; import { ProtectRoute } from './core/components/ProtectRoute'; +import { Properties } from './admin/Properties'; function App() { @@ -108,6 +109,11 @@ function App() { } /> + + + + + } /> diff --git a/ui/src/app/admin/Properties.js b/ui/src/app/admin/Properties.js new file mode 100644 index 000000000..b81e0af48 --- /dev/null +++ b/ui/src/app/admin/Properties.js @@ -0,0 +1,34 @@ +import React from 'react'; +import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom'; +import { PropertiesProvider } from './hoc/PropertiesProvider'; +import { NewProperty } from './container/NewProperty'; +import { EditProperty } from './container/EditProperty'; +import { PropertyList } from './container/PropertyList'; + +export function Properties() { + + let { path, url } = useRouteMatch(); + + return ( + <> + + + + {(properties, onDelete) => + + } + + } /> + + + } /> + + + } /> + + + } /> + + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/component/PropertyForm.js b/ui/src/app/admin/component/PropertyForm.js new file mode 100644 index 000000000..54a0800ea --- /dev/null +++ b/ui/src/app/admin/component/PropertyForm.js @@ -0,0 +1,56 @@ +import React from 'react'; +import Button from 'react-bootstrap/Button'; +import Form from '../../form/Form'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; +import Translate from '../../i18n/components/translate'; + +import { usePropertyUiSchema } from '../hooks'; +import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; + +export function PropertyForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { + + const { dispatch } = React.useContext(FormContext); + const onChange = ({ formData, errors }) => { + dispatch(setFormDataAction(formData)); + dispatch(setFormErrorAction(errors)); + }; + + const uiSchema = usePropertyUiSchema(); + + return (<> +
+
+ + + + +
+
+
+
+
onChange(form)} + schema={schema} + uiSchema={uiSchema} + liveValidate={true}> + <> +
+
+
+
+ ) +} +/**/ \ No newline at end of file diff --git a/ui/src/app/admin/container/EditProperty.js b/ui/src/app/admin/container/EditProperty.js new file mode 100644 index 000000000..beac8c5f8 --- /dev/null +++ b/ui/src/app/admin/container/EditProperty.js @@ -0,0 +1,92 @@ +import React from 'react'; + +import { Prompt, useHistory } from 'react-router-dom'; +import { useParams } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useProperties } from '../hooks'; +import { Schema } from '../../form/Schema'; +import { FormManager } from '../../form/FormManager'; + +import { PropertyForm } from '../component/PropertyForm'; +import { PropertyProvider } from '../hoc/PropertyProvider'; +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { BASE_PATH } from '../../App.constant'; + +export function EditProperty() { + + const { id } = useParams(); + + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const history = useHistory(); + + const { put, response, loading } = useProperties(); + + const [blocking, setBlocking] = React.useState(false); + + async function save(property) { + let toast; + const resp = await put(`/${property.resourceId}`, property); + if (response.ok) { + gotoDetail({ refresh: true }); + toast = createNotificationAction(`Updated property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + const cancel = () => { + gotoDetail(); + }; + + const gotoDetail = (state = null) => { + setBlocking(false); + history.push(`/properties`, state); + }; + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Edit property +
+
+
+
+ + {(property) => + + {(schema) => + <>{property && + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + + }} + + } + +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/NewProperty.js b/ui/src/app/admin/container/NewProperty.js new file mode 100644 index 000000000..911a10bc8 --- /dev/null +++ b/ui/src/app/admin/container/NewProperty.js @@ -0,0 +1,80 @@ +import React from 'react'; + +import { Prompt, useHistory } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useProperties } from '../hooks'; +import { Schema } from '../../form/Schema'; +import { FormManager } from '../../form/FormManager'; +import { PropertyForm } from '../component/PropertyForm'; + +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { BASE_PATH } from '../../App.constant'; + +export function NewProperty() { + const history = useHistory(); + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { post, response, loading } = useProperties({}); + + const [blocking, setBlocking] = React.useState(false); + + async function save(property) { + let toast; + const resp = await post(``, property); + if (response.ok) { + gotoDetail({ refresh: true }); + toast = createNotificationAction(`Added property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + const cancel = () => { + gotoDetail(); + }; + + const gotoDetail = (state = null) => { + setBlocking(false); + history.push(`/properties`, state); + }; + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Add a new property +
+
+
+
+ + {(schema) => + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + } + +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/PropertyList.js b/ui/src/app/admin/container/PropertyList.js new file mode 100644 index 000000000..2312cc1d2 --- /dev/null +++ b/ui/src/app/admin/container/PropertyList.js @@ -0,0 +1,80 @@ +import React from 'react'; +import { faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; + +import Button from 'react-bootstrap/Button'; +import { Link } from 'react-router-dom'; + +import { Translate } from '../../i18n/components/translate'; + +import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; + +export function PropertyList({ properties, onDelete }) { + + const remove = (id) => { + onDelete(id); + } + + return ( + + {(block) => +
+
+
+
+ + Roles Management + +
+
+
+ +   + Add new property + +
+
+ + + + + + + + + {(properties?.length > 0) ? properties.map((property, i) => + + + + + ) : + + } + +
+ Role Name + Actions
{property.name} + + + + + Edit + + + + +
No properties defined.
+
+
+
+
+
+ } + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js new file mode 100644 index 000000000..341d7736f --- /dev/null +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -0,0 +1,42 @@ +import React from 'react'; +import { useProperties } from '../hooks'; +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; + +export function PropertiesProvider({ children, cache = 'no-cache' }) { + + const [properties, setProperties] = React.useState([]); + + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { get, del, response, loading } = useProperties({ + cachePolicy: cache + }); + + async function loadProperties() { + const list = await get(`assets/data/properties.json`); + if (response.ok) { + setProperties(list); + } + } + + async function removeProperty(id) { + let toast; + const resp = await del(`/${id}`); + if (response.ok) { + loadProperties(); + toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperties() }, []); + + return (<>{children(properties, removeProperty, loading)}); +} \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertyProvider.js b/ui/src/app/admin/hoc/PropertyProvider.js new file mode 100644 index 000000000..119f3d26d --- /dev/null +++ b/ui/src/app/admin/hoc/PropertyProvider.js @@ -0,0 +1,20 @@ +import React from 'react'; +import { useProperty } from '../hooks'; + +export function PropertyProvider({ id, children }) { + + const [property, setProperty] = React.useState(); + const { get, response } = useProperty(id); + + async function loadProperty() { + const r = await get(``); + if (response.ok) { + setProperty(r); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperty() }, []); + + return (<>{children(property)}); +} \ No newline at end of file diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index b2c63a7c3..955c510a6 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -46,3 +46,19 @@ export function useGroupUiValidator() { export function useRoleUiSchema() { return {}; } + +export function useProperties (opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/properties`, opts); +} + +export function useProperty (id, opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/property/${id}`, opts); +} + +export function usePropertyUiSchema () { + return { + description: { + 'ui:widget': 'textarea' + } + }; +} diff --git a/ui/src/app/core/components/Header.js b/ui/src/app/core/components/Header.js index ff979056b..d8773a709 100644 --- a/ui/src/app/core/components/Header.js +++ b/ui/src/app/core/components/Header.js @@ -7,7 +7,7 @@ import Dropdown from 'react-bootstrap/Dropdown'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; -import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge } from '@fortawesome/free-solid-svg-icons'; +import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge, faFileLines } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; import { useTranslator } from '../../i18n/hooks'; @@ -88,6 +88,10 @@ export function Header () { + + + + } From cdc4207d3874972ce13104bf0a96e2b8b97c5bfe Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 4 Aug 2022 14:24:22 -0700 Subject: [PATCH 02/63] Added initial UI for property list Former-commit-id: 099ccb8fb788e38b6a2c7f76015decfc4dce11bc --- ui/public/assets/data/properties.json | 1 + .../assets/schema/properties/property.json | 30 ++++++ ui/src/app/App.js | 6 ++ ui/src/app/admin/Properties.js | 34 +++++++ ui/src/app/admin/component/PropertyForm.js | 56 +++++++++++ ui/src/app/admin/container/EditProperty.js | 92 +++++++++++++++++++ ui/src/app/admin/container/NewProperty.js | 80 ++++++++++++++++ ui/src/app/admin/container/PropertyList.js | 80 ++++++++++++++++ ui/src/app/admin/hoc/PropertiesProvider.js | 42 +++++++++ ui/src/app/admin/hoc/PropertyProvider.js | 20 ++++ ui/src/app/admin/hooks.js | 16 ++++ ui/src/app/core/components/Header.js | 6 +- 12 files changed, 462 insertions(+), 1 deletion(-) create mode 100644 ui/public/assets/data/properties.json create mode 100644 ui/public/assets/schema/properties/property.json create mode 100644 ui/src/app/admin/Properties.js create mode 100644 ui/src/app/admin/component/PropertyForm.js create mode 100644 ui/src/app/admin/container/EditProperty.js create mode 100644 ui/src/app/admin/container/NewProperty.js create mode 100644 ui/src/app/admin/container/PropertyList.js create mode 100644 ui/src/app/admin/hoc/PropertiesProvider.js create mode 100644 ui/src/app/admin/hoc/PropertyProvider.js diff --git a/ui/public/assets/data/properties.json b/ui/public/assets/data/properties.json new file mode 100644 index 000000000..0637a088a --- /dev/null +++ b/ui/public/assets/data/properties.json @@ -0,0 +1 @@ +[] \ No newline at end of file diff --git a/ui/public/assets/schema/properties/property.json b/ui/public/assets/schema/properties/property.json new file mode 100644 index 000000000..f0e90ff49 --- /dev/null +++ b/ui/public/assets/schema/properties/property.json @@ -0,0 +1,30 @@ +{ + "type": "object", + "required": [ + "property", + "value" + ], + "properties": { + "property": { + "title": "label.property-key", + "description": "tooltip.property-key", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "description": { + "title": "label.property-descr", + "description": "tooltip.property-descr", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "value": { + "title": "label.property-value", + "description": "tooltip.property-value", + "type": "string", + "minLength": 1, + "maxLength": 255 + } + } +} \ No newline at end of file diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 546241f10..9c4e00422 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -34,6 +34,7 @@ import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; import { ProtectRoute } from './core/components/ProtectRoute'; +import { Properties } from './admin/Properties'; function App() { @@ -108,6 +109,11 @@ function App() { } /> + + + + + } /> diff --git a/ui/src/app/admin/Properties.js b/ui/src/app/admin/Properties.js new file mode 100644 index 000000000..b81e0af48 --- /dev/null +++ b/ui/src/app/admin/Properties.js @@ -0,0 +1,34 @@ +import React from 'react'; +import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom'; +import { PropertiesProvider } from './hoc/PropertiesProvider'; +import { NewProperty } from './container/NewProperty'; +import { EditProperty } from './container/EditProperty'; +import { PropertyList } from './container/PropertyList'; + +export function Properties() { + + let { path, url } = useRouteMatch(); + + return ( + <> + + + + {(properties, onDelete) => + + } + + } /> + + + } /> + + + } /> + + + } /> + + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/component/PropertyForm.js b/ui/src/app/admin/component/PropertyForm.js new file mode 100644 index 000000000..54a0800ea --- /dev/null +++ b/ui/src/app/admin/component/PropertyForm.js @@ -0,0 +1,56 @@ +import React from 'react'; +import Button from 'react-bootstrap/Button'; +import Form from '../../form/Form'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; +import Translate from '../../i18n/components/translate'; + +import { usePropertyUiSchema } from '../hooks'; +import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; + +export function PropertyForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { + + const { dispatch } = React.useContext(FormContext); + const onChange = ({ formData, errors }) => { + dispatch(setFormDataAction(formData)); + dispatch(setFormErrorAction(errors)); + }; + + const uiSchema = usePropertyUiSchema(); + + return (<> +
+
+ + + + +
+
+
+
+
onChange(form)} + schema={schema} + uiSchema={uiSchema} + liveValidate={true}> + <> +
+
+
+
+ ) +} +/**/ \ No newline at end of file diff --git a/ui/src/app/admin/container/EditProperty.js b/ui/src/app/admin/container/EditProperty.js new file mode 100644 index 000000000..beac8c5f8 --- /dev/null +++ b/ui/src/app/admin/container/EditProperty.js @@ -0,0 +1,92 @@ +import React from 'react'; + +import { Prompt, useHistory } from 'react-router-dom'; +import { useParams } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useProperties } from '../hooks'; +import { Schema } from '../../form/Schema'; +import { FormManager } from '../../form/FormManager'; + +import { PropertyForm } from '../component/PropertyForm'; +import { PropertyProvider } from '../hoc/PropertyProvider'; +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { BASE_PATH } from '../../App.constant'; + +export function EditProperty() { + + const { id } = useParams(); + + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const history = useHistory(); + + const { put, response, loading } = useProperties(); + + const [blocking, setBlocking] = React.useState(false); + + async function save(property) { + let toast; + const resp = await put(`/${property.resourceId}`, property); + if (response.ok) { + gotoDetail({ refresh: true }); + toast = createNotificationAction(`Updated property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + const cancel = () => { + gotoDetail(); + }; + + const gotoDetail = (state = null) => { + setBlocking(false); + history.push(`/properties`, state); + }; + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Edit property +
+
+
+
+ + {(property) => + + {(schema) => + <>{property && + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + + }} + + } + +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/NewProperty.js b/ui/src/app/admin/container/NewProperty.js new file mode 100644 index 000000000..911a10bc8 --- /dev/null +++ b/ui/src/app/admin/container/NewProperty.js @@ -0,0 +1,80 @@ +import React from 'react'; + +import { Prompt, useHistory } from 'react-router-dom'; +import Translate from '../../i18n/components/translate'; +import { useProperties } from '../hooks'; +import { Schema } from '../../form/Schema'; +import { FormManager } from '../../form/FormManager'; +import { PropertyForm } from '../component/PropertyForm'; + +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; +import { BASE_PATH } from '../../App.constant'; + +export function NewProperty() { + const history = useHistory(); + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { post, response, loading } = useProperties({}); + + const [blocking, setBlocking] = React.useState(false); + + async function save(property) { + let toast; + const resp = await post(``, property); + if (response.ok) { + gotoDetail({ refresh: true }); + toast = createNotificationAction(`Added property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + }; + + const cancel = () => { + gotoDetail(); + }; + + const gotoDetail = (state = null) => { + setBlocking(false); + history.push(`/properties`, state); + }; + + return ( +
+ + `message.unsaved-editor` + } + /> +
+
+
+
+ Add a new property +
+
+
+
+ + {(schema) => + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + } + +
+
+
+ ); +} \ No newline at end of file diff --git a/ui/src/app/admin/container/PropertyList.js b/ui/src/app/admin/container/PropertyList.js new file mode 100644 index 000000000..2312cc1d2 --- /dev/null +++ b/ui/src/app/admin/container/PropertyList.js @@ -0,0 +1,80 @@ +import React from 'react'; +import { faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; + +import Button from 'react-bootstrap/Button'; +import { Link } from 'react-router-dom'; + +import { Translate } from '../../i18n/components/translate'; + +import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; + +export function PropertyList({ properties, onDelete }) { + + const remove = (id) => { + onDelete(id); + } + + return ( + + {(block) => +
+
+
+
+ + Roles Management + +
+
+
+ +   + Add new property + +
+
+ + + + + + + + + {(properties?.length > 0) ? properties.map((property, i) => + + + + + ) : + + } + +
+ Role Name + Actions
{property.name} + + + + + Edit + + + + +
No properties defined.
+
+
+
+
+
+ } + + ); +} \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js new file mode 100644 index 000000000..341d7736f --- /dev/null +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -0,0 +1,42 @@ +import React from 'react'; +import { useProperties } from '../hooks'; +import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; +import { useTranslator } from '../../i18n/hooks'; + +export function PropertiesProvider({ children, cache = 'no-cache' }) { + + const [properties, setProperties] = React.useState([]); + + const notifier = useNotificationDispatcher(); + const translator = useTranslator(); + + const { get, del, response, loading } = useProperties({ + cachePolicy: cache + }); + + async function loadProperties() { + const list = await get(`assets/data/properties.json`); + if (response.ok) { + setProperties(list); + } + } + + async function removeProperty(id) { + let toast; + const resp = await del(`/${id}`); + if (response.ok) { + loadProperties(); + toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); + } else { + toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); + } + if (toast) { + notifier(toast); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperties() }, []); + + return (<>{children(properties, removeProperty, loading)}); +} \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertyProvider.js b/ui/src/app/admin/hoc/PropertyProvider.js new file mode 100644 index 000000000..119f3d26d --- /dev/null +++ b/ui/src/app/admin/hoc/PropertyProvider.js @@ -0,0 +1,20 @@ +import React from 'react'; +import { useProperty } from '../hooks'; + +export function PropertyProvider({ id, children }) { + + const [property, setProperty] = React.useState(); + const { get, response } = useProperty(id); + + async function loadProperty() { + const r = await get(``); + if (response.ok) { + setProperty(r); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperty() }, []); + + return (<>{children(property)}); +} \ No newline at end of file diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index b2c63a7c3..955c510a6 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -46,3 +46,19 @@ export function useGroupUiValidator() { export function useRoleUiSchema() { return {}; } + +export function useProperties (opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/properties`, opts); +} + +export function useProperty (id, opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/property/${id}`, opts); +} + +export function usePropertyUiSchema () { + return { + description: { + 'ui:widget': 'textarea' + } + }; +} diff --git a/ui/src/app/core/components/Header.js b/ui/src/app/core/components/Header.js index ff979056b..d8773a709 100644 --- a/ui/src/app/core/components/Header.js +++ b/ui/src/app/core/components/Header.js @@ -7,7 +7,7 @@ import Dropdown from 'react-bootstrap/Dropdown'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; -import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge } from '@fortawesome/free-solid-svg-icons'; +import { faTh, faSignOutAlt, faPlusCircle, faCube, faCubes, faUsersCog, faSpinner, faUserCircle, faCog, faBoxOpen, faTags, faIdBadge, faFileLines } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; import { useTranslator } from '../../i18n/hooks'; @@ -88,6 +88,10 @@ export function Header () { + + + + } From 5bd0e2138de520486178133c016356e30691eba5 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Mon, 15 Aug 2022 08:02:59 -0700 Subject: [PATCH 03/63] Property list --- .../main/resources/i18n/messages.properties | 2 +- .../schema/configuration/configuration.json | 37 + .../assets/schema/properties/property.json | 30 - ui/public/data/properties.json | 659 ++++++++++++++++++ ui/src/app/App.js | 6 +- .../{Properties.js => IdpConfiguration.js} | 20 +- .../{PropertyForm.js => ConfigurationForm.js} | 15 +- .../{PropertyList.js => ConfigurationList.js} | 12 +- .../{EditProperty.js => EditConfiguration.js} | 8 +- .../{NewProperty.js => NewConfiguration.js} | 8 +- ...sProvider.js => ConfigurationsProvider.js} | 2 +- ui/src/app/core/components/Header.js | 4 +- ui/src/app/core/components/ProtectRoute.js | 8 +- 13 files changed, 735 insertions(+), 76 deletions(-) create mode 100644 ui/public/assets/schema/configuration/configuration.json delete mode 100644 ui/public/assets/schema/properties/property.json create mode 100644 ui/public/data/properties.json rename ui/src/app/admin/{Properties.js => IdpConfiguration.js} (54%) rename ui/src/app/admin/component/{PropertyForm.js => ConfigurationForm.js} (75%) rename ui/src/app/admin/container/{PropertyList.js => ConfigurationList.js} (89%) rename ui/src/app/admin/container/{EditProperty.js => EditConfiguration.js} (94%) rename ui/src/app/admin/container/{NewProperty.js => NewConfiguration.js} (91%) rename ui/src/app/admin/hoc/{PropertiesProvider.js => ConfigurationsProvider.js} (94%) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 3b3e67e83..c33e3b4a1 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -646,7 +646,7 @@ tooltip.dont-sign-response=Don\u0027t Sign Response tooltip.turn-off-encryption=Turn Off Encryption of Response tooltip.usa-sha-algorithm=Use SHA1 Signing Algorithm tooltip.authentication-methods-to-use=Authentication Methods to Use -tooltip.ignore-auth-method=Ignore any SP-Requested Authentication Method +tooltip.ignore-auth-method=Reject any AuthnReuests from this SP that contain an explicitly requested AuthnContext class tooltip.omit-not-before-condition=Omit Not Before Condition tooltip.responder-id=ResponderId tooltip.instruction=Information icon diff --git a/ui/public/assets/schema/configuration/configuration.json b/ui/public/assets/schema/configuration/configuration.json new file mode 100644 index 000000000..6694bcf25 --- /dev/null +++ b/ui/public/assets/schema/configuration/configuration.json @@ -0,0 +1,37 @@ +{ + "type": "object", + "properties": { + "properties": { + "title": "label.configuration-properties", + "description": "label.configuration-properties", + "type": "array", + "required": ["property", "value"], + "items": { + "type": "object", + "properties": { + "property": { + "title": "label.property-key", + "description": "tooltip.property-key", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "description": { + "title": "label.property-descr", + "description": "tooltip.property-descr", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "value": { + "title": "label.property-value", + "description": "tooltip.property-value", + "type": "string", + "minLength": 1, + "maxLength": 255 + } + } + } + } + } +} diff --git a/ui/public/assets/schema/properties/property.json b/ui/public/assets/schema/properties/property.json deleted file mode 100644 index f0e90ff49..000000000 --- a/ui/public/assets/schema/properties/property.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "type": "object", - "required": [ - "property", - "value" - ], - "properties": { - "property": { - "title": "label.property-key", - "description": "tooltip.property-key", - "type": "string", - "minLength": 1, - "maxLength": 255 - }, - "description": { - "title": "label.property-descr", - "description": "tooltip.property-descr", - "type": "string", - "minLength": 1, - "maxLength": 255 - }, - "value": { - "title": "label.property-value", - "description": "tooltip.property-value", - "type": "string", - "minLength": 1, - "maxLength": 255 - } - } -} \ No newline at end of file diff --git a/ui/public/data/properties.json b/ui/public/data/properties.json new file mode 100644 index 000000000..a022a4fd5 --- /dev/null +++ b/ui/public/data/properties.json @@ -0,0 +1,659 @@ +[ +{"note":"ex. /conf/ldap.properties, /conf/services.properties","property_name":"idp.additionalProperties","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set."}, +{"note":"","property_name":"idp.searchForProperties","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-load all files matching conf/**/*.properties"}, +{"note":"ex. https://unicon.net/idp/shibboleth","property_name":"idp.entityID","idp_vers":"all","property_default_value":"none","property_type":"URI","module_vers":"","configuration_cat":"RP","module":"","description":"The unique name of the IdP used as the iisuer in all SAML profiles"}, +{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, +{"note":"","property_name":"idp.artifact.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether to allow use of the SAML artifact bindings when sending messages"}, +{"note":"","property_name":"idp.artifact.secureChannel","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)"}, +{"note":"","property_name":"idp.artifact.endpointIndex","idp_vers":"all","property_default_value":"2","property_type":"int","module_vers":"","configuration_cat":"RP","module":"","description":"Identifies the endpoint in SAML metadata associated with artifacts issued by a server node"}, +{"note":"","property_name":"idp.artifact.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)"}, +{"note":"","property_name":"idp.bindings.inMetadataOrder","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout."}, +{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"file pathname","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, +{"note":"","property_name":"idp.scope","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"applies a (fixed) scope typically a domain-valued suffix to an input attribute's values"}, +{"note":"","property_name":"idp.cookie.secure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will be limited to TLS"}, +{"note":"","property_name":"idp.cookie.httpOnly","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property"}, +{"note":"","property_name":"idp.cookie.domain","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the domain of any cookies issued by the IdP (not including the container)"}, +{"note":"","property_name":"idp.cookie.path","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the path of any cookies issued by the IdP (not including the container)"}, +{"note":"","property_name":"idp.cookie.maxAge","idp_vers":"all","property_default_value":"31536000","property_type":"int","module_vers":"","configuration_cat":"SEC","module":"","description":"Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)"}, +{"note":"","property_name":"idp.cookie.sameSite","idp_vers":"all","property_default_value":"None","property_type":"Null/None/Lax/Strict","module_vers":"","configuration_cat":"SEC","module":"","description":"Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified"}, +{"note":"","property_name":"idp.cookie.sameSiteCondition","idp_vers":"all","property_default_value":"shibboleth.Conditions.FALSE","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SEC","module":"","description":"Predicate condition bean controlling whether SameSite filter runs"}, +{"note":"","property_name":"idp.sealer.keyStrategy","idp_vers":"all","property_default_value":"shibboleth.DataSealerKeyStrategy","property_type":"Bean ID of DataSealerKeyStrategy","module_vers":"","configuration_cat":"SEC","module":"","description":"Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option."}, +{"note":"","property_name":"idp.sealer.storeType","idp_vers":"all","property_default_value":"JCEKS","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Type of Java keystore used for IdP's internal AES encryption key"}, +{"note":"","property_name":"idp.sealer.updateInterval","idp_vers":"all","property_default_value":"PT15M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Time between checks for a new AES key version"}, +{"note":"","property_name":"idp.sealer.aliasBase","idp_vers":"all","property_default_value":"secret","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)"}, +{"note":"","property_name":"idp.sealer.storeResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore resource containing AES encryption key usually a file path"}, +{"note":"","property_name":"idp.sealer.versionResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource that tracks the active AES encryption key version usually a file path"}, +{"note":"","property_name":"idp.sealer.storePassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore password unlocking AES encryption keystore typically set during installation"}, +{"note":"","property_name":"idp.sealer.keyPassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Key password unlocking AES encryption key typically set to the same as the previous property and set during installation"}, +{"note":"","property_name":"idp.signing.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing private key for signing typically a file in the credentials directory"}, +{"note":"","property_name":"idp.signing.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a private key for decryption typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.key.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate private key for decryption generally unused except while changing decryption keys"}, +{"note":"","property_name":"idp.encryption.cert.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate public key certificate generally unused except while changing decryption keys"}, +{"note":"","property_name":"idp.security.config","idp_vers":"all","property_default_value":"shibboleth.DefaultSecurityConfiguration","property_type":"Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SecurityConfiguration "}, +{"note":"","property_name":"idp.signing.config","idp_vers":"all","property_default_value":"shibboleth.SigningConfiguration.SHA256","property_type":"Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SignatureSigningConfiguration"}, +{"note":"","property_name":"idp.encryption.config","idp_vers":"all","property_default_value":"shibboleth.EncryptionConfiguration.CBC","property_type":"Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default EncryptionConfiguration"}, +{"note":"","property_name":"idp.encryption.optional","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true failure to locate an encryption key to use won't result in request failure "}, +{"note":"","property_name":"idp.encryption.keyagreement.metadata.defaultUseKeyWrap","idp_vers":"all","property_default_value":"Default","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration"}, +{"note":"","property_name":"idp.trust.signatures","idp_vers":"all","property_default_value":"shibboleth.ChainingSignatureTrustEngine","property_type":"Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify signatures"}, +{"note":"","property_name":"idp.trust.certificates","idp_vers":"all","property_default_value":"shibboleth.ChainingX509TrustEngine","property_type":"Bean ID of TrustEngine (org.opensaml.security.trust)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify TLS certificates"}, +{"note":"","property_name":"idp.policy.messageLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped messages"}, +{"note":"","property_name":"idp.policy.assertionLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped assertions"}, +{"note":"","property_name":"idp.policy.clockSkew","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default allowance for clock differences between systems"}, +{"note":"","property_name":"idp.security.basicKeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.BasicKeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the BasicKeyInfoGeneratorFactory used by default"}, +{"note":"","property_name":"idp.security.x509KeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.X509KeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the X509KeyInfoGeneratorFactory used by default"}, +{"note":"","property_name":"idp.csrf.enabled","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CSRF","module":"","description":"Enables CSRF protection"}, +{"note":"","property_name":"idp.csrf.token.parameter","idp_vers":"4","property_default_value":"csrf_token","property_type":"string","module_vers":"","configuration_cat":"CSRF","module":"","description":"Name of the HTTP parameter that stores the CSRF token"}, +{"note":"","property_name":"idp.hsts","idp_vers":"all","property_default_value":"max-age=0","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an HSTS response header"}, +{"note":"","property_name":"idp.frameoptions","idp_vers":"all","property_default_value":"DENY","property_type":"DENY/SAMEORIGIN","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an X-Frame-Options response header"}, +{"note":"","property_name":"idp.csp","idp_vers":"all","property_default_value":"frame-ancestors 'none'","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures a Content Security Policy response header"}, +{"note":"","property_name":"idp.webflows","idp_vers":"all","property_default_value":"%{idp.home}/flows","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-supplied webflows from"}, +{"note":"","property_name":"idp.views","idp_vers":"all","property_default_value":"%{idp.home}/views","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading."}, +{"note":"","property_name":"idp.errors.detailed","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to expose detailed error causes in status information provided to outside parties"}, +{"note":"","property_name":"idp.errors.signed","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)"}, +{"note":"","property_name":"idp.errors.defaultView","idp_vers":"all","property_default_value":"error","property_type":"string","module_vers":"","configuration_cat":"ERR","module":"","description":"The default view name to render for exceptions and events"}, +{"note":"","property_name":"idp.errors.excludedExceptions","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Properties (java.util.Properties)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class)."}, +{"note":"","property_name":"idp.errors.exceptionMappings","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Collection (java.util)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)"}, +{"note":"","property_name":"idp.storage.cleanupInterval","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"STOR","module":"","description":"Interval of background thread sweeping server-side storage for expired records"}, +{"note":"","property_name":"idp.storage.htmlLocalStorage","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether to use HTML Local Storage (if available) instead of cookies"}, +{"note":"","property_name":"idp.storage.clientSessionStorageName","idp_vers":"all","property_default_value":"shib_idp_session_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default per-session instance of the client storage service"}, +{"note":"","property_name":"idp.storage.clientPersistentStorageName","idp_vers":"all","property_default_value":"shib_idp_persistent_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default persistent instance of the client storage service"}, +{"note":"","property_name":"idp.replayCache.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for message replay checking (must be server-side)"}, +{"note":"","property_name":"idp.replayCache.strict","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether storage errors during replay checks should be treated as a replay"}, +{"note":"","property_name":"idp.session.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to enable the IdP's session tracking feature"}, +{"note":"","property_name":"idp.session.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientSessionStorageService","property_type":"Bean ID of StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"SESS","module":"","description":"Bean name of a storage implementation/configuration to use for IdP sessions"}, +{"note":"","property_name":"idp.session.cookieName","idp_vers":"4.2","property_default_value":"shib_idp_session","property_type":"string","module_vers":"","configuration_cat":"SESS","module":"","description":"Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)"}, +{"note":"","property_name":"idp.session.idSize","idp_vers":"all","property_default_value":"32","property_type":"int","module_vers":"","configuration_cat":"SESS","module":"","description":"Number of characters in IdP session identifiers"}, +{"note":"","property_name":"idp.session.consistentAddress","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to bind IdP sessions to IP addresses"}, +{"note":"","property_name":"idp.session.consistentAddressCondition","idp_vers":"all","property_default_value":"Direct string comparison","property_type":"BiPredicate","module_vers":"","configuration_cat":"SESS","module":"","description":"A 2-argument predicate that compares a bound session's address to a client address"}, +{"note":"","property_name":"idp.session.timeout","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Inactivity timeout policy for IdP sessions (must be non-zero)"}, +{"note":"","property_name":"idp.session.slop","idp_vers":"all","property_default_value":"0","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Extra time after expiration before removing SP sessions in case a logout is invoked"}, +{"note":"","property_name":"idp.session.maskStorageFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to hide storage failures from users during session cache reads/writes"}, +{"note":"","property_name":"idp.session.trackSPSessions","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)"}, +{"note":"","property_name":"idp.session.secondaryServiceIndex","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)"}, +{"note":"","property_name":"idp.session.defaultSPlifetime","idp_vers":"all","property_default_value":"PT2H","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting"}, +{"note":" ex. Password, MA, DUO","property_name":"idp.authn.flows","idp_vers":"all","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Required expression that identifies the login flows to globally enable"}, +{"note":" measured since first usage","property_name":"idp.authn.defaultLifetime","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default amount of time to allow reuse prior authentication flows"}, +{"note":" measured since last usage","property_name":"idp.authn.defaultTimeout","idp_vers":"all","property_default_value":"PT30M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default inactivity timeout to prevent reuse of prior authentication flows"}, +{"note":"","property_name":"idp.authn.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication"}, +{"note":"","property_name":"idp.authn.favorSSO","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to prioritize prior authentication results when an SP requests more than one possible matching method"}, +{"note":"","property_name":"idp.authn.rpui","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to populate information about the relying party into the tree for user interfaces during login and interceptors"}, +{"note":"","property_name":"idp.authn.identitySwitchIsError","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session."}, +{"note":"","property_name":"idp.authn.discoveryURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose"}, +{"note":"","property_name":"idp.authn.overrideRequestedAuthnContext","idp_vers":"4","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set."}, +{"note":"","property_name":"idp.consent.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientPersistentStorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of storage service used to store users' consent choices"}, +{"note":"","property_name":"idp.consent.attribute-release.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, +{"note":"","property_name":"idp.consent.attribute-release.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, +{"note":"","property_name":"idp.consent.attribute-release.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of attribute-release flow along with system default behavior"}, +{"note":"","property_name":"idp.consent.attribute-release.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, +{"note":"","property_name":"idp.consent.terms-of-use.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, +{"note":"","property_name":"idp.consent.terms-of-use.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, +{"note":"","property_name":"idp.consent.terms-of-use.consentValueMessageCodeSuffix","idp_vers":"all","property_default_value":".text","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Suffix of message property used as value of consent storage records when idp.consent.compareValues is true"}, +{"note":"","property_name":"idp.consent.terms-of-use.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of terms-of-use flow"}, +{"note":"","property_name":"idp.consent.terms-of-use.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, +{"note":"","property_name":"idp.consent.allowDoNotRemember","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether not remembering/storing consent is allowed"}, +{"note":"","property_name":"idp.consent.allowGlobal","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether consent to any attribute and to any relying party is allowed"}, +{"note":"","property_name":"idp.consent.allowPerAttribute","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether per-attribute consent is allowed"}, +{"note":"","property_name":"idp.consent.compareValues","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether attribute values and terms of use text are stored and compared for equality"}, +{"note":"","property_name":"idp.consent.maxStoredRecords","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit"}, +{"note":"","property_name":"idp.consent.expandedMaxStoredRecords","idp_vers":"all","property_default_value":"0","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using larger/server-side storage, 0 = no limit"}, +{"note":"","property_name":"idp.consent.storageRecordLifetime","idp_vers":"4.x","property_default_value":"(v4.0=P1Y,v4.1=infinite)","property_type":"duration","module_vers":"","configuration_cat":"CONS","module":"","description":"Time in milliseconds to expire consent storage records"}, +{"note":"","property_name":"idp.logout.elaboration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to search metadata for user interface information associated with every service involved in logout propagation"}, +{"note":"","property_name":"idp.logout.authenticated","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to require signed logout messages in accordance with the SAML 2.0 standard"}, +{"note":"","property_name":"idp.logout.promptUser","idp_vers":"all","property_default_value":"false","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SLO","module":"","description":"If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session"}, +{"note":"","property_name":"idp.logout.preserveQuery","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic"}, +{"note":"","property_name":"idp.logout.assumeAsync","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints"}, +{"note":"","property_name":"idp.logout.propagationHidden","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user"}, +{"note":"","property_name":"idp.soap.httpClient","idp_vers":"all","property_default_value":"SOAPClient.HttpClient","property_type":"Bean ID of HttpClient to use for SOAP-based logout","module_vers":"","configuration_cat":"IDP","module":"","description":"Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)"}, +{"note":"ex. en, fr, de","property_name":"idp.ui.fallbackLanguages","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited list","module_vers":"","configuration_cat":"IDP","module":"","description":"languages to use if no match can be found with the browser-supported languages"}, +{"note":"","property_name":"idp.cas.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CAS","module":"","description":"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)"}, +{"note":"","property_name":"idp.cas.serviceRegistryClass","idp_vers":"all","property_default_value":"net.shibboleth.idp.cas.service.PatternServiceRegistry","property_type":"?","module_vers":"","configuration_cat":"CAS","module":"","description":"CAS service registry implementation class"}, +{"note":"","property_name":"idp.cas.relyingPartyIdFromMetadata","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CAS","module":"","description":"If true CAS services provisioned with SAML metadata are identified via entityID"}, +{"note":"","property_name":"idp.fticks.federation","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Enables F-TICKS output and specifies the value of the federation-identifier field"}, +{"note":"","property_name":"idp.fticks.condition","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"FTICK","module":"","description":"Optional bean name of a Predicate to use to decide whether to run"}, +{"note":"","property_name":"idp.fticks.algorithm","idp_vers":"all","property_default_value":"SHA-2","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Digest algorithm used to obscure usernames"}, +{"note":"","property_name":"idp.fticks.salt","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"A salt to apply when digesting usernames (if not specified, the username will not be included)"}, +{"note":"","property_name":"idp.fticks.loghost","idp_vers":"all","property_default_value":"localhost","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog host"}, +{"note":"","property_name":"idp.fticks.logport","idp_vers":"all","property_default_value":"514","property_type":"int","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog port"}, +{"note":"","property_name":"idp.audit.shortenBindings","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SERV","module":"","description":"Set false if you want SAML bindings \"spelled out\" in audit log"}, +{"note":"","property_name":"idp.velocity.runtime.strictmode","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Set to true to fail on velocity syntax errors"}, +{"note":"","property_name":"idp.intercept.External.externalPath","idp_vers":"all","property_default_value":"contextRelative:intercept.jsp","property_type":"path","module_vers":"","configuration_cat":"IDP","module":"","description":"Path to use with External interceptor flow"}, +{"note":"","property_name":"idp.impersonate.generalPolicy","idp_vers":"all","property_default_value":"GeneralImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, +{"note":"","property_name":"idp.impersonate.specificPolicy","idp_vers":"all","property_default_value":"SpecificImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, +{"note":"","property_name":"idp.authn.LDAP.authenticator","idp_vers":"all","property_default_value":"anonSearchAuthenticator","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator"}, +{"note":" ex. ldap://localhost or ldaps://localhost","property_name":"idp.authn.LDAP.ldapURL","idp_vers":"all","property_default_value":"none","property_type":"LDAP URI","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection URI for LDAP directory"}, +{"note":"","property_name":"idp.authn.LDAP.useStartTLS","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether StartTLS should be used after connecting with LDAP alone."}, +{"note":"","property_name":"idp.authn.LDAP.connectTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for the TCP connection to occur."}, +{"note":"","property_name":"idp.authn.LDAP.responseTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for an LDAP response message"}, +{"note":"","property_name":"idp.authn.LDAP.connectionStrategy","idp_vers":"all","property_default_value":"ACTIVE_PASSIVE","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM"}, +{"note":"","property_name":"idp.authn.LDAP.sslConfig","idp_vers":"all","property_default_value":"certificateTrust","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust"}, +{"note":"ex. %{idp.home}/credentials/ldap-server.crt","property_name":"idp.authn.LDAP.trustCertificates","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load trust anchors from when using sslConfig = certificateTrust"}, +{"note":"ex. %{idp.home}/credentials/ldap-server.truststore","property_name":"idp.authn.LDAP.trustStore","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust"}, +{"note":"","property_name":"idp.authn.LDAP.returnAttributes","idp_vers":"all","property_default_value":"none","property_type":"comma-seperated strings","module_vers":"","configuration_cat":"LDAP","module":"","description":"List of attributes to request during authentication"}, +{"note":"","property_name":"idp.authn.LDAP.baseDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.subtreeSearch","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.userFilter","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.bindDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.bindDNCredential","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties"}, +{"note":"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com","property_name":"idp.authn.LDAP.dnFormat","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.resolveEntryOnFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails."}, +{"note":"","property_name":"idp.authn.LDAP.resolveEntryWithBindDN","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user."}, +{"note":"","property_name":"idp.authn.LDAP.usePasswordPolicy","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Policy Control."}, +{"note":"","property_name":"idp.authn.LDAP.usePasswordExpiration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Expired Control."}, +{"note":"","property_name":"idp.authn.LDAP.activeDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types."}, +{"note":"","property_name":"idp.authn.LDAP.freeIPADirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product."}, +{"note":"","property_name":"idp.authn.LDAP.eDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product."}, +{"note":"","property_name":"idp.authn.LDAP.disablePooling","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether connection pools should be used for LDAP authentication and DN resolution"}, +{"note":"","property_name":"idp.pool.LDAP.minSize","idp_vers":"all","property_default_value":"3","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Minimum LDAP connection pool size"}, +{"note":"","property_name":"idp.pool.LDAP.maxSize","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Maximum LDAP connection pool size"}, +{"note":"","property_name":"idp.pool.LDAP.validateOnCheckout","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections when checking them out of the pool"}, +{"note":"","property_name":"idp.pool.LDAP.validatePeriodically","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections in the background"}, +{"note":"","property_name":"idp.pool.LDAP.validatePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between validation if idp.pool.LDAP.validatePeriodically is true"}, +{"note":"","property_name":"idp.pool.LDAP.validateDN","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to search with the validateFilter: defaults to the rootDSE"}, +{"note":"","property_name":"idp.pool.LDAP.validateFilter","idp_vers":"4.0.1","property_default_value":"(objectClass=*)","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Search filter to execute in order to validate a pooled connection"}, +{"note":"","property_name":"idp.pool.LDAP.prunePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between looking for idle connections to reduce the pool back to its minimum size"}, +{"note":"","property_name":"idp.pool.LDAP.idleTime","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration connections must be idle to be eligible for pruning"}, +{"note":"","property_name":"idp.pool.LDAP.blockWaitTime","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration to wait for a free connection in the pool"}, +{"note":"","property_name":"idp.authn.LDAP.bindPoolPassivator","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind."}, +{"note":"","property_name":"idp.authn.JAAS.loginConfigNames","idp_vers":"4.1","property_default_value":"ShibUserPassAuth","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Comma-delimited set of JAAS application configuration names to use"}, +{"note":"","property_name":"idp.authn.JAAS.loginConfig","idp_vers":"4.1","property_default_value":"%{idp.home}/conf/authn/jaas.config","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Location of JAAS configuration file"}, +{"note":"","property_name":"idp.authn.Krb5.refreshConfig","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt"}, +{"note":"","property_name":"idp.authn.Krb5.preserveTicket","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set"}, +{"note":"","property_name":"idp.authn.Krb5.servicePrincipal","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it"}, +{"note":"","property_name":"idp.authn.Krb5.keytab","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal"}, +{"note":"","property_name":"idp.authn.External.externalAuthnPath","idp_vers":"4.1","property_default_value":"contextRelative:external.jsp","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Spring Web Flow redirection expression for the protected resource"}, +{"note":"","property_name":"idp.authn.External.matchExpression","idp_vers":"4.1","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Regular expression to match username against"}, +{"note":"","property_name":"idp.authn.External.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.External.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.External.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.External.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.External.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, +{"note":"","property_name":"idp.authn.External.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, +{"note":"","property_name":"idp.authn.External.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether to invoke IdP discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.External.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.External.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.External.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.External.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.External.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.RemoteUser.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUser.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.RemoteUserInternal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUserInternal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.SPNEGO.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.SPNEGO.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.X509.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.X509.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.X509Internal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.X509Internal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.IPAddress.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.IPAddress.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.Function.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.Function.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.Duo.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.Duo.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step"}, +{"note":"","property_name":"idp.authn.SAML.inboundMessageHandlerFunction","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of Function to run at the late stages of Response decoding/processing"}, +{"note":"","property_name":"idp.authn.SAML.assertionValidator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of AssertionValidator to run"}, +{"note":"","property_name":"idp.authn.SAML.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.SAML.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.SAML.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.SAML.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.SAML.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, +{"note":"","property_name":"idp.authn.SAML.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, +{"note":"","property_name":"idp.authn.SAML.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to invoke IdP discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.SAML.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.SAML.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.SAML.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.SAML.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.SAML.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.MFA.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.MFA.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of BiConsumer to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone"}, +{"note":"","property_name":"idp.c14n.x500.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.x500.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":"","property_name":"idp.c14n.x500.trim","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to trim leading and trailing whitespace from the username"}, +{"note":"","property_name":"idp.c14n.x500.subjectAltNameTypes","idp_vers":"4.1","property_default_value":"none","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of subjectAltName extension types to look for"}, +{"note":"","property_name":"idp.c14n.x500.objectIDs","idp_vers":"4.1","property_default_value":"2.5.4.3","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of attribute OIDs to search for in the subject DN"}, +{"note":"","property_name":"idp.c14n.saml.proxy.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.saml.proxy.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":"","property_name":"idp.c14n.saml.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.saml.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2slo","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.logout","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.cas","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.status","idp_vers":"all","property_default_value":"Status","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.resolvertest","idp_vers":"all","property_default_value":"ResolverTest","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.serviceReload","idp_vers":"all","property_default_value":"Reload","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":"","property_name":"idp.audit.hashAlgorithm","idp_vers":"4.1","property_default_value":"SHA-256","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Hash algorithm to apply to various hashed fields"}, +{"note":"","property_name":"idp.audit.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Salt to apply to hashed fields must be set to use those fields"}, +{"note":"","property_name":"idp.oidc.issuer","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set the Open ID Connect Issuer value "}, +{"note":"","property_name":"idp.oidc.idToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT1H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of ID token"}, +{"note":"","property_name":"idp.oidc.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token"}, +{"note":"","property_name":"idp.oidc.authorizeCode.defaultLifetime","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of authorization code"}, +{"note":"","property_name":"idp.oidc.refreshToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT2H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of refresh token"}, +{"note":"","property_name":"idp.oidc.forcePKCE","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is required to use PKCE"}, +{"note":"","property_name":"idp.oidc.allowPKCEPlain","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is allowed to use PKCE code challenge method plain"}, +{"note":"","property_name":"idp.oidc.encodedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests"}, +{"note":"","property_name":"idp.oidc.encodeConsentInTokens","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage"}, +{"note":"","property_name":"idp.oidc.alwaysIncludedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to always include in ID token regardless of response_type"}, +{"note":"","property_name":"idp.oidc.deniedUserInfoAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to omit from UserInfo token"}, +{"note":"","property_name":"idp.oidc.revocationCache.authorizeCode.lifetime","idp_vers":"4.1","property_default_value":"PT6H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of entries in revocation cache for authorize code"}, +{"note":"","property_name":"idp.oidc.revocationCache.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of StorageService for revocation cache requires server-side storage"}, +{"note":"","property_name":"idp.oidc.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods"}, +{"note":"","property_name":"idp.oauth2.grantTypes","idp_vers":"4.1","property_default_value":"authorization_code,refresh_token","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"OAuth grant types to allow"}, +{"note":"","property_name":"idp.oauth2.enforceRefreshTokenRotation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token."}, +{"note":"","property_name":"idp.oauth2.accessToken.type","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Format of access token. Supported values are JWT or nothing."}, +{"note":"","property_name":"idp.oauth2.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token"}, +{"note":"","property_name":"idp.oauth2.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token issued to client for resource server"}, +{"note":"","property_name":"idp.oauth2.revocationMethod","idp_vers":"4.1","property_default_value":"CHAIN","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultRegistrationValidity","idp_vers":"4.1","property_default_value":"PT24H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Registration lifetime"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultScope","idp_vers":"4.1","property_default_value":"openid profile email address phone offline_access","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default scopes accepted in dynamic registration"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultSubjectType","idp_vers":"4.1","property_default_value":"public","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default subject type if not set by client in request. Maybe set to pairwise or public."}, +{"note":"","property_name":"idp.oidc.dynreg.defaultMetadataPolicyFile","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Full path to the file containing default metadata policy used for dynamic client registration"}, +{"note":"","property_name":"idp.oidc.dynreg.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods when using dynamic registration"}, +{"note":"","property_name":"idp.signing.oidc.rs.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-rs.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA signing keypair"}, +{"note":"","property_name":"idp.signing.oidc.es.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-es.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK EC signing keypair"}, +{"note":"","property_name":"idp.signing.oidc.rsa.enc.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-encryption-rsa.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA decryption keypair"}, +{"note":"","property_name":"idp.oidc.signing.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.SigningConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default signing configuration"}, +{"note":"","property_name":"idp.oidc.encryption.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.EncryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default encryption configuration"}, +{"note":"","property_name":"idp.oidc.rodecrypt.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectDecryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request decryption configuration"}, +{"note":"one of these has the wrong name","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request signature validation configuration"}, +{"note":"one of these has the wrong name ","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default JWT token validation configuration"}, +{"note":"","property_name":"idp.authn.OAuth2Client.requireAll","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether all validators must succeed or just one"}, +{"note":"","property_name":"idp.authn.OAuth2Client.removeAfterValidation","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)"}, +{"note":"use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.","property_name":"idp.authn.OAuth2Client.retainAsPrivateCredential","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution"}, +{"note":"","property_name":"idp.authn.OAuth2Client.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.OAuth2Client.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.OAuth2Client.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of BiConsumer>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter."}, +{"note":"","property_name":"idp.service.clientinfo.failFast","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"If true any failures during initialization of any resolvers result in IdP startup failure"}, +{"note":"","property_name":"idp.service.clientinfo.checkInterval","idp_vers":"4.1","property_default_value":"PT0S","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"When non-zero enables monitoring of resources for service reload"}, +{"note":"","property_name":"idp.service.clientinfo.resources","idp_vers":"4.1","property_default_value":"shibboleth.ClientInformationResolverResources","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Name of bean used to define the resources to use in configuring this service"}, +{"note":"","property_name":"idp.oauth2.defaultAllowedScope","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function called shibboleth.oidc.AllowedScopeStrategy"}, +{"note":"","property_name":"idp.oauth2.defaultAllowedAudience","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy"}, +{"note":"","property_name":"idp.oauth2.authn.flows","idp_vers":"4.1","property_default_value":"OAuth2Client","property_type":"regex","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regular expression matching OAuth login flows to enable."}, +{"note":"","property_name":"idp.oidc.subject.sourceAttribute","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The source attribute used in generating the sub claim"}, +{"note":"","property_name":"idp.oidc.subject.algorithm","idp_vers":"4.1","property_default_value":"SHA","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The digest algorithm used in generating the sub claim"}, +{"note":"","property_name":"idp.oidc.subject.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository"}, +{"note":"","property_name":"idp.authn.DuoOIDC.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.DuoOIDC.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.DuoOIDC.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.DuoOIDC.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.DuoOIDC.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, +{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.DuoOIDC.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow considers itself to be proxying"}, +{"note":"","property_name":"idp.authn.DuoOIDC.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to invoke IdP-discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.DuoOIDC.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate determining whether flow is usable for request"}, +{"note":"","property_name":"idp.authn.DuoOIDC.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofBiConsumer for subject customization"}, +{"note":"","property_name":"idp.authn.DuoOIDC.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, +{"note":"","property_name":"idp.duo.oidc.apiHost","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"DuoOIDC API hostname assigned to the integration"}, +{"note":"","property_name":"idp.duo.oidc.clientId","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The OAuth 2.0 Client Identifier valid at the Authorization Server"}, +{"note":"ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback","property_name":"idp.duo.oidc.redirectURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Redirection URI to which the 2FA response will be sent"}, +{"note":"","property_name":"idp.duo.oidc.redirecturl.allowedOrigins","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection."}, +{"note":"","property_name":"idp.duo.oidc.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token)."}, +{"note":"","property_name":"idp.duo.oidc.endpoint.health","idp_vers":"4.1","property_default_value":"/oauth/v1/health_check","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 health check endpoint"}, +{"note":"","property_name":"idp.duo.oidc.endpoint.token","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 token endpoint"}, +{"note":"","property_name":"idp.duo.oidc.endpoint.authorize","idp_vers":"4.1","property_default_value":"/oauth/v1/authorize","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 authorization endpoint"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.clockSkew","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Leeway allowed in token expiry calculations"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.iatWindow","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum amount (in either direction from now) of duration for which a token is valid after it is issued"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.issuerPath","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.preferredUsername","idp_vers":"4.1","property_default_value":"preferred_username","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request."}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.authLifetime","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"How long the authentication is valid. Only applies to forced authentication requests."}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.apiHost","idp_vers":"4.1","property_default_value":"%{idp.duo.oidc.apiHost}","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI hostname assigned to the integration"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.integrationKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI integration key supplied by Duo"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI secret key supplied by Duo"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.factor","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Factor","property_type":"strinig","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI factor"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.device","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Device","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI device ID or name"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.passcode","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Passcode","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI passcode"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.auto","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Allow the factor to be defaulted in as \"auto\" if no headers are received"}, +{"note":" push display","property_name":"idp.duo.oidc.nonbrowser.clientAddressTrusted","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Pass client address to Duo in API calls to support logging"}, +{"note":"","property_name":"idp.duo.oidc.connectionTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for the connection to be established"}, +{"note":"","property_name":"idp.duo.oidc.connectionRequestTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for a connection to be returned from the connection manager"}, +{"note":"","property_name":"idp.duo.oidc.socketTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum period inactivity between two consecutive data packets"}, +{"note":"","property_name":"idp.duo.oidc.maxConnectionsTotal","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max total simultaneous connections allowed by the pooling connection manager"}, +{"note":"","property_name":"idp.duo.oidc.maxConnectionsPerRoute","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max simultaneous connections per route allowed by the pooling connection manager"}, +{"note":"","property_name":"idp.duo.oidc.nimbus.checkRevocation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"To enable certificate revocation checking"}, +{"note":"","property_name":"idp.authn.TOTP.headerName","idp_vers":"4.1","property_default_value":"X-Shibboleth-TOTP","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of request header to use for extracting non-browser submitted token codes"}, +{"note":"","property_name":"idp.authn.TOTP.fieldName","idp_vers":"4.1","property_default_value":"tokencode","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of HTML form field to use for locating browser-submitted token codes"}, +{"note":"","property_name":"idp.authn.TOTP.tokenSeedAttribute","idp_vers":"4.1","property_default_value":"tokenSeeds","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of IdPAttribute to resolve to obtain token seeds for users"}, +{"note":"","property_name":"idp.authn.TOTP.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.TOTP.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.TOTP.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.TOTP.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.TOTP.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, +{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.TOTP.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow considers itself to be proxying"}, +{"note":"","property_name":"idp.authn.TOTP.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to invoke IdP-discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.TOTP.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.TOTP.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.TOTP.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.TOTP.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate determining whether flow is usable for request"}, +{"note":"","property_name":"idp.authn.TOTP.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofBiConsumer for subject customization"}, +{"note":"","property_name":"idp.authn.TOTP.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, +{"note":"","property_name":"idp.authn.TOTP.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, +{"note":"","property_name":"idp.metadata.dnsname","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier"}, +{"note":"","property_name":"idp.metadata.backchannel.cert","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.path","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.height","idp_vers":"4.1","property_default_value":"80","property_type":"int","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The height of the logo in pixels."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.width","idp_vers":"4.1","property_default_value":"80","property_type":"init","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The width of the logo in pixels"}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.langs","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.displayname.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.description.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, +{"note":"no doc","property_name":"idp.oidc.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.defaultSecretExpiration","idp_vers":"4.1","property_default_value":"P12M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The validity of client secret registered"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.allowNoneForRequestSigning","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regardless of what signing algorithms are configured allow none for request object signing"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.validateRemoteJwks","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.defaultMetadataPolicy","idp_vers":"4.1","property_default_value":"shibboleth.oidc.dynreg.DefaultMetadataPolicy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine the default metadata policy used for dynamic client registration"}, +{"note":"no doc","property_name":"idp.oidc.jwk.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Storage for storing remote jwk sets."}, +{"note":"no doc","property_name":"idp.oidc.metadata.saml","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution"}, +{"note":"no doc","property_name":"idp.oidc.jwksuri.fetchInterval","idp_vers":"4.1","property_default_value":"PT30M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Upgrade interval to the remote JWKs"}, +{"note":"no doc","property_name":"idp.oidc.config.minRefreshDelay","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, +{"note":"no doc","property_name":"idp.oidc.config.maxRefreshDelay","idp_vers":"4.1","property_default_value":"PT4H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, +{"note":"no doc","property_name":"idp.oidc.LoginHintLookupStrategy","idp_vers":"4.1","property_default_value":"DefaultRequestLoginHintLookupFunction","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is."}, +{"note":"no doc","property_name":"idp.oidc.SPSessionCreationStrategy","idp_vers":"4.1","property_default_value":"DefaultSPSessionCreationStrategy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported."} +] \ No newline at end of file diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 9c4e00422..ca70ee51a 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -34,7 +34,7 @@ import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; import { ProtectRoute } from './core/components/ProtectRoute'; -import { Properties } from './admin/Properties'; +import { IdpConfiguration } from './admin/IdpConfiguration'; function App() { @@ -109,9 +109,9 @@ function App() { } /> - + - + } /> diff --git a/ui/src/app/admin/Properties.js b/ui/src/app/admin/IdpConfiguration.js similarity index 54% rename from ui/src/app/admin/Properties.js rename to ui/src/app/admin/IdpConfiguration.js index b81e0af48..621b54e71 100644 --- a/ui/src/app/admin/Properties.js +++ b/ui/src/app/admin/IdpConfiguration.js @@ -1,11 +1,11 @@ import React from 'react'; import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom'; -import { PropertiesProvider } from './hoc/PropertiesProvider'; -import { NewProperty } from './container/NewProperty'; -import { EditProperty } from './container/EditProperty'; -import { PropertyList } from './container/PropertyList'; +import { ConfigurationsProvider } from './hoc/ConfigurationsProvider'; +import { NewConfiguration } from './container/NewConfiguration'; +import { EditConfiguration } from './container/EditConfiguration'; +import { ConfigurationList } from './container/ConfigurationList'; -export function Properties() { +export function IdpConfiguration() { let { path, url } = useRouteMatch(); @@ -13,17 +13,17 @@ export function Properties() { <> - + {(properties, onDelete) => - + } - + } /> - + } /> - + } /> diff --git a/ui/src/app/admin/component/PropertyForm.js b/ui/src/app/admin/component/ConfigurationForm.js similarity index 75% rename from ui/src/app/admin/component/PropertyForm.js rename to ui/src/app/admin/component/ConfigurationForm.js index 54a0800ea..93d9ff1d9 100644 --- a/ui/src/app/admin/component/PropertyForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,14 +1,12 @@ import React from 'react'; import Button from 'react-bootstrap/Button'; -import Form from '../../form/Form'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; -import { usePropertyUiSchema } from '../hooks'; import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; -export function PropertyForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { +export function ConfigurationForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { const { dispatch } = React.useContext(FormContext); const onChange = ({ formData, errors }) => { @@ -16,8 +14,6 @@ export function PropertyForm({ property = {}, errors = [], loading = false, sche dispatch(setFormErrorAction(errors)); }; - const uiSchema = usePropertyUiSchema(); - return (<>
@@ -40,14 +36,7 @@ export function PropertyForm({ property = {}, errors = [], loading = false, sche
-
onChange(form)} - schema={schema} - uiSchema={uiSchema} - liveValidate={true}> - <> -
+
diff --git a/ui/src/app/admin/container/PropertyList.js b/ui/src/app/admin/container/ConfigurationList.js similarity index 89% rename from ui/src/app/admin/container/PropertyList.js rename to ui/src/app/admin/container/ConfigurationList.js index 2312cc1d2..300aab019 100644 --- a/ui/src/app/admin/container/PropertyList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -9,7 +9,7 @@ import { Translate } from '../../i18n/components/translate'; import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; -export function PropertyList({ properties, onDelete }) { +export function ConfigurationList({ properties, onDelete }) { const remove = (id) => { onDelete(id); @@ -23,14 +23,14 @@ export function PropertyList({ properties, onDelete }) {
- Roles Management + Configuration Management
  - Add new property + Create new configuration
@@ -38,7 +38,7 @@ export function PropertyList({ properties, onDelete }) { - Role Name + Configuration Name (label) Actions @@ -49,7 +49,7 @@ export function PropertyList({ properties, onDelete }) { {property.name} - + Edit @@ -65,7 +65,7 @@ export function PropertyList({ properties, onDelete }) { ) : - No properties defined. + No configurations. } diff --git a/ui/src/app/admin/container/EditProperty.js b/ui/src/app/admin/container/EditConfiguration.js similarity index 94% rename from ui/src/app/admin/container/EditProperty.js rename to ui/src/app/admin/container/EditConfiguration.js index beac8c5f8..4703cc098 100644 --- a/ui/src/app/admin/container/EditProperty.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -7,13 +7,13 @@ import { useProperties } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; -import { PropertyForm } from '../component/PropertyForm'; import { PropertyProvider } from '../hoc/PropertyProvider'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; +import { ConfigurationForm } from '../component/ConfigurationForm'; -export function EditProperty() { +export function EditConfiguration() { const { id } = useParams(); @@ -68,12 +68,12 @@ export function EditProperty() {
{(property) => - + {(schema) => <>{property && {(data, errors) => -
- + {(schema) => {(data, errors) => - - + - + diff --git a/ui/src/app/core/components/ProtectRoute.js b/ui/src/app/core/components/ProtectRoute.js index c01706920..c8a7a299f 100644 --- a/ui/src/app/core/components/ProtectRoute.js +++ b/ui/src/app/core/components/ProtectRoute.js @@ -1,9 +1,13 @@ import React from 'react'; import { Redirect } from 'react-router-dom'; - -import { useIsAdmin } from '../user/UserContext'; +import { isUndefined } from 'lodash'; +import { useCurrentUser, useIsAdmin } from '../user/UserContext'; export function ProtectRoute({ children, redirectTo, ...rest }) { + const user = useCurrentUser(); const isAdmin = useIsAdmin(); + if (isUndefined(user?.role)) { + return <> + } return isAdmin ? children : ; } \ No newline at end of file From a574d2fc6212ba97e2e352713c47948c55b22f16 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Mon, 15 Aug 2022 08:02:59 -0700 Subject: [PATCH 04/63] Property list Former-commit-id: 5bd0e2138de520486178133c016356e30691eba5 --- .../main/resources/i18n/messages.properties | 2 +- .../schema/configuration/configuration.json | 37 + .../assets/schema/properties/property.json | 30 - ui/public/data/properties.json | 659 ++++++++++++++++++ ui/src/app/App.js | 6 +- .../{Properties.js => IdpConfiguration.js} | 20 +- .../{PropertyForm.js => ConfigurationForm.js} | 15 +- .../{PropertyList.js => ConfigurationList.js} | 12 +- .../{EditProperty.js => EditConfiguration.js} | 8 +- .../{NewProperty.js => NewConfiguration.js} | 8 +- ...sProvider.js => ConfigurationsProvider.js} | 2 +- ui/src/app/core/components/Header.js | 4 +- ui/src/app/core/components/ProtectRoute.js | 8 +- 13 files changed, 735 insertions(+), 76 deletions(-) create mode 100644 ui/public/assets/schema/configuration/configuration.json delete mode 100644 ui/public/assets/schema/properties/property.json create mode 100644 ui/public/data/properties.json rename ui/src/app/admin/{Properties.js => IdpConfiguration.js} (54%) rename ui/src/app/admin/component/{PropertyForm.js => ConfigurationForm.js} (75%) rename ui/src/app/admin/container/{PropertyList.js => ConfigurationList.js} (89%) rename ui/src/app/admin/container/{EditProperty.js => EditConfiguration.js} (94%) rename ui/src/app/admin/container/{NewProperty.js => NewConfiguration.js} (91%) rename ui/src/app/admin/hoc/{PropertiesProvider.js => ConfigurationsProvider.js} (94%) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 3b3e67e83..c33e3b4a1 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -646,7 +646,7 @@ tooltip.dont-sign-response=Don\u0027t Sign Response tooltip.turn-off-encryption=Turn Off Encryption of Response tooltip.usa-sha-algorithm=Use SHA1 Signing Algorithm tooltip.authentication-methods-to-use=Authentication Methods to Use -tooltip.ignore-auth-method=Ignore any SP-Requested Authentication Method +tooltip.ignore-auth-method=Reject any AuthnReuests from this SP that contain an explicitly requested AuthnContext class tooltip.omit-not-before-condition=Omit Not Before Condition tooltip.responder-id=ResponderId tooltip.instruction=Information icon diff --git a/ui/public/assets/schema/configuration/configuration.json b/ui/public/assets/schema/configuration/configuration.json new file mode 100644 index 000000000..6694bcf25 --- /dev/null +++ b/ui/public/assets/schema/configuration/configuration.json @@ -0,0 +1,37 @@ +{ + "type": "object", + "properties": { + "properties": { + "title": "label.configuration-properties", + "description": "label.configuration-properties", + "type": "array", + "required": ["property", "value"], + "items": { + "type": "object", + "properties": { + "property": { + "title": "label.property-key", + "description": "tooltip.property-key", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "description": { + "title": "label.property-descr", + "description": "tooltip.property-descr", + "type": "string", + "minLength": 1, + "maxLength": 255 + }, + "value": { + "title": "label.property-value", + "description": "tooltip.property-value", + "type": "string", + "minLength": 1, + "maxLength": 255 + } + } + } + } + } +} diff --git a/ui/public/assets/schema/properties/property.json b/ui/public/assets/schema/properties/property.json deleted file mode 100644 index f0e90ff49..000000000 --- a/ui/public/assets/schema/properties/property.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "type": "object", - "required": [ - "property", - "value" - ], - "properties": { - "property": { - "title": "label.property-key", - "description": "tooltip.property-key", - "type": "string", - "minLength": 1, - "maxLength": 255 - }, - "description": { - "title": "label.property-descr", - "description": "tooltip.property-descr", - "type": "string", - "minLength": 1, - "maxLength": 255 - }, - "value": { - "title": "label.property-value", - "description": "tooltip.property-value", - "type": "string", - "minLength": 1, - "maxLength": 255 - } - } -} \ No newline at end of file diff --git a/ui/public/data/properties.json b/ui/public/data/properties.json new file mode 100644 index 000000000..a022a4fd5 --- /dev/null +++ b/ui/public/data/properties.json @@ -0,0 +1,659 @@ +[ +{"note":"ex. /conf/ldap.properties, /conf/services.properties","property_name":"idp.additionalProperties","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set."}, +{"note":"","property_name":"idp.searchForProperties","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-load all files matching conf/**/*.properties"}, +{"note":"ex. https://unicon.net/idp/shibboleth","property_name":"idp.entityID","idp_vers":"all","property_default_value":"none","property_type":"URI","module_vers":"","configuration_cat":"RP","module":"","description":"The unique name of the IdP used as the iisuer in all SAML profiles"}, +{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, +{"note":"","property_name":"idp.artifact.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether to allow use of the SAML artifact bindings when sending messages"}, +{"note":"","property_name":"idp.artifact.secureChannel","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)"}, +{"note":"","property_name":"idp.artifact.endpointIndex","idp_vers":"all","property_default_value":"2","property_type":"int","module_vers":"","configuration_cat":"RP","module":"","description":"Identifies the endpoint in SAML metadata associated with artifacts issued by a server node"}, +{"note":"","property_name":"idp.artifact.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)"}, +{"note":"","property_name":"idp.bindings.inMetadataOrder","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout."}, +{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"file pathname","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, +{"note":"","property_name":"idp.scope","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"applies a (fixed) scope typically a domain-valued suffix to an input attribute's values"}, +{"note":"","property_name":"idp.cookie.secure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will be limited to TLS"}, +{"note":"","property_name":"idp.cookie.httpOnly","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property"}, +{"note":"","property_name":"idp.cookie.domain","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the domain of any cookies issued by the IdP (not including the container)"}, +{"note":"","property_name":"idp.cookie.path","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the path of any cookies issued by the IdP (not including the container)"}, +{"note":"","property_name":"idp.cookie.maxAge","idp_vers":"all","property_default_value":"31536000","property_type":"int","module_vers":"","configuration_cat":"SEC","module":"","description":"Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)"}, +{"note":"","property_name":"idp.cookie.sameSite","idp_vers":"all","property_default_value":"None","property_type":"Null/None/Lax/Strict","module_vers":"","configuration_cat":"SEC","module":"","description":"Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified"}, +{"note":"","property_name":"idp.cookie.sameSiteCondition","idp_vers":"all","property_default_value":"shibboleth.Conditions.FALSE","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SEC","module":"","description":"Predicate condition bean controlling whether SameSite filter runs"}, +{"note":"","property_name":"idp.sealer.keyStrategy","idp_vers":"all","property_default_value":"shibboleth.DataSealerKeyStrategy","property_type":"Bean ID of DataSealerKeyStrategy","module_vers":"","configuration_cat":"SEC","module":"","description":"Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option."}, +{"note":"","property_name":"idp.sealer.storeType","idp_vers":"all","property_default_value":"JCEKS","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Type of Java keystore used for IdP's internal AES encryption key"}, +{"note":"","property_name":"idp.sealer.updateInterval","idp_vers":"all","property_default_value":"PT15M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Time between checks for a new AES key version"}, +{"note":"","property_name":"idp.sealer.aliasBase","idp_vers":"all","property_default_value":"secret","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)"}, +{"note":"","property_name":"idp.sealer.storeResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore resource containing AES encryption key usually a file path"}, +{"note":"","property_name":"idp.sealer.versionResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource that tracks the active AES encryption key version usually a file path"}, +{"note":"","property_name":"idp.sealer.storePassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore password unlocking AES encryption keystore typically set during installation"}, +{"note":"","property_name":"idp.sealer.keyPassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Key password unlocking AES encryption key typically set to the same as the previous property and set during installation"}, +{"note":"","property_name":"idp.signing.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing private key for signing typically a file in the credentials directory"}, +{"note":"","property_name":"idp.signing.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a private key for decryption typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory"}, +{"note":"","property_name":"idp.encryption.key.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate private key for decryption generally unused except while changing decryption keys"}, +{"note":"","property_name":"idp.encryption.cert.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate public key certificate generally unused except while changing decryption keys"}, +{"note":"","property_name":"idp.security.config","idp_vers":"all","property_default_value":"shibboleth.DefaultSecurityConfiguration","property_type":"Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SecurityConfiguration "}, +{"note":"","property_name":"idp.signing.config","idp_vers":"all","property_default_value":"shibboleth.SigningConfiguration.SHA256","property_type":"Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SignatureSigningConfiguration"}, +{"note":"","property_name":"idp.encryption.config","idp_vers":"all","property_default_value":"shibboleth.EncryptionConfiguration.CBC","property_type":"Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default EncryptionConfiguration"}, +{"note":"","property_name":"idp.encryption.optional","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true failure to locate an encryption key to use won't result in request failure "}, +{"note":"","property_name":"idp.encryption.keyagreement.metadata.defaultUseKeyWrap","idp_vers":"all","property_default_value":"Default","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration"}, +{"note":"","property_name":"idp.trust.signatures","idp_vers":"all","property_default_value":"shibboleth.ChainingSignatureTrustEngine","property_type":"Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify signatures"}, +{"note":"","property_name":"idp.trust.certificates","idp_vers":"all","property_default_value":"shibboleth.ChainingX509TrustEngine","property_type":"Bean ID of TrustEngine (org.opensaml.security.trust)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify TLS certificates"}, +{"note":"","property_name":"idp.policy.messageLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped messages"}, +{"note":"","property_name":"idp.policy.assertionLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped assertions"}, +{"note":"","property_name":"idp.policy.clockSkew","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default allowance for clock differences between systems"}, +{"note":"","property_name":"idp.security.basicKeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.BasicKeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the BasicKeyInfoGeneratorFactory used by default"}, +{"note":"","property_name":"idp.security.x509KeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.X509KeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the X509KeyInfoGeneratorFactory used by default"}, +{"note":"","property_name":"idp.csrf.enabled","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CSRF","module":"","description":"Enables CSRF protection"}, +{"note":"","property_name":"idp.csrf.token.parameter","idp_vers":"4","property_default_value":"csrf_token","property_type":"string","module_vers":"","configuration_cat":"CSRF","module":"","description":"Name of the HTTP parameter that stores the CSRF token"}, +{"note":"","property_name":"idp.hsts","idp_vers":"all","property_default_value":"max-age=0","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an HSTS response header"}, +{"note":"","property_name":"idp.frameoptions","idp_vers":"all","property_default_value":"DENY","property_type":"DENY/SAMEORIGIN","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an X-Frame-Options response header"}, +{"note":"","property_name":"idp.csp","idp_vers":"all","property_default_value":"frame-ancestors 'none'","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures a Content Security Policy response header"}, +{"note":"","property_name":"idp.webflows","idp_vers":"all","property_default_value":"%{idp.home}/flows","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-supplied webflows from"}, +{"note":"","property_name":"idp.views","idp_vers":"all","property_default_value":"%{idp.home}/views","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading."}, +{"note":"","property_name":"idp.errors.detailed","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to expose detailed error causes in status information provided to outside parties"}, +{"note":"","property_name":"idp.errors.signed","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)"}, +{"note":"","property_name":"idp.errors.defaultView","idp_vers":"all","property_default_value":"error","property_type":"string","module_vers":"","configuration_cat":"ERR","module":"","description":"The default view name to render for exceptions and events"}, +{"note":"","property_name":"idp.errors.excludedExceptions","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Properties (java.util.Properties)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class)."}, +{"note":"","property_name":"idp.errors.exceptionMappings","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Collection (java.util)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)"}, +{"note":"","property_name":"idp.storage.cleanupInterval","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"STOR","module":"","description":"Interval of background thread sweeping server-side storage for expired records"}, +{"note":"","property_name":"idp.storage.htmlLocalStorage","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether to use HTML Local Storage (if available) instead of cookies"}, +{"note":"","property_name":"idp.storage.clientSessionStorageName","idp_vers":"all","property_default_value":"shib_idp_session_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default per-session instance of the client storage service"}, +{"note":"","property_name":"idp.storage.clientPersistentStorageName","idp_vers":"all","property_default_value":"shib_idp_persistent_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default persistent instance of the client storage service"}, +{"note":"","property_name":"idp.replayCache.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for message replay checking (must be server-side)"}, +{"note":"","property_name":"idp.replayCache.strict","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether storage errors during replay checks should be treated as a replay"}, +{"note":"","property_name":"idp.session.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to enable the IdP's session tracking feature"}, +{"note":"","property_name":"idp.session.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientSessionStorageService","property_type":"Bean ID of StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"SESS","module":"","description":"Bean name of a storage implementation/configuration to use for IdP sessions"}, +{"note":"","property_name":"idp.session.cookieName","idp_vers":"4.2","property_default_value":"shib_idp_session","property_type":"string","module_vers":"","configuration_cat":"SESS","module":"","description":"Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)"}, +{"note":"","property_name":"idp.session.idSize","idp_vers":"all","property_default_value":"32","property_type":"int","module_vers":"","configuration_cat":"SESS","module":"","description":"Number of characters in IdP session identifiers"}, +{"note":"","property_name":"idp.session.consistentAddress","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to bind IdP sessions to IP addresses"}, +{"note":"","property_name":"idp.session.consistentAddressCondition","idp_vers":"all","property_default_value":"Direct string comparison","property_type":"BiPredicate","module_vers":"","configuration_cat":"SESS","module":"","description":"A 2-argument predicate that compares a bound session's address to a client address"}, +{"note":"","property_name":"idp.session.timeout","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Inactivity timeout policy for IdP sessions (must be non-zero)"}, +{"note":"","property_name":"idp.session.slop","idp_vers":"all","property_default_value":"0","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Extra time after expiration before removing SP sessions in case a logout is invoked"}, +{"note":"","property_name":"idp.session.maskStorageFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to hide storage failures from users during session cache reads/writes"}, +{"note":"","property_name":"idp.session.trackSPSessions","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)"}, +{"note":"","property_name":"idp.session.secondaryServiceIndex","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)"}, +{"note":"","property_name":"idp.session.defaultSPlifetime","idp_vers":"all","property_default_value":"PT2H","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting"}, +{"note":" ex. Password, MA, DUO","property_name":"idp.authn.flows","idp_vers":"all","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Required expression that identifies the login flows to globally enable"}, +{"note":" measured since first usage","property_name":"idp.authn.defaultLifetime","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default amount of time to allow reuse prior authentication flows"}, +{"note":" measured since last usage","property_name":"idp.authn.defaultTimeout","idp_vers":"all","property_default_value":"PT30M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default inactivity timeout to prevent reuse of prior authentication flows"}, +{"note":"","property_name":"idp.authn.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication"}, +{"note":"","property_name":"idp.authn.favorSSO","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to prioritize prior authentication results when an SP requests more than one possible matching method"}, +{"note":"","property_name":"idp.authn.rpui","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to populate information about the relying party into the tree for user interfaces during login and interceptors"}, +{"note":"","property_name":"idp.authn.identitySwitchIsError","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session."}, +{"note":"","property_name":"idp.authn.discoveryURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose"}, +{"note":"","property_name":"idp.authn.overrideRequestedAuthnContext","idp_vers":"4","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set."}, +{"note":"","property_name":"idp.consent.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientPersistentStorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of storage service used to store users' consent choices"}, +{"note":"","property_name":"idp.consent.attribute-release.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, +{"note":"","property_name":"idp.consent.attribute-release.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, +{"note":"","property_name":"idp.consent.attribute-release.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of attribute-release flow along with system default behavior"}, +{"note":"","property_name":"idp.consent.attribute-release.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, +{"note":"","property_name":"idp.consent.terms-of-use.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, +{"note":"","property_name":"idp.consent.terms-of-use.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, +{"note":"","property_name":"idp.consent.terms-of-use.consentValueMessageCodeSuffix","idp_vers":"all","property_default_value":".text","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Suffix of message property used as value of consent storage records when idp.consent.compareValues is true"}, +{"note":"","property_name":"idp.consent.terms-of-use.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of terms-of-use flow"}, +{"note":"","property_name":"idp.consent.terms-of-use.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, +{"note":"","property_name":"idp.consent.allowDoNotRemember","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether not remembering/storing consent is allowed"}, +{"note":"","property_name":"idp.consent.allowGlobal","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether consent to any attribute and to any relying party is allowed"}, +{"note":"","property_name":"idp.consent.allowPerAttribute","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether per-attribute consent is allowed"}, +{"note":"","property_name":"idp.consent.compareValues","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether attribute values and terms of use text are stored and compared for equality"}, +{"note":"","property_name":"idp.consent.maxStoredRecords","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit"}, +{"note":"","property_name":"idp.consent.expandedMaxStoredRecords","idp_vers":"all","property_default_value":"0","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using larger/server-side storage, 0 = no limit"}, +{"note":"","property_name":"idp.consent.storageRecordLifetime","idp_vers":"4.x","property_default_value":"(v4.0=P1Y,v4.1=infinite)","property_type":"duration","module_vers":"","configuration_cat":"CONS","module":"","description":"Time in milliseconds to expire consent storage records"}, +{"note":"","property_name":"idp.logout.elaboration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to search metadata for user interface information associated with every service involved in logout propagation"}, +{"note":"","property_name":"idp.logout.authenticated","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to require signed logout messages in accordance with the SAML 2.0 standard"}, +{"note":"","property_name":"idp.logout.promptUser","idp_vers":"all","property_default_value":"false","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SLO","module":"","description":"If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session"}, +{"note":"","property_name":"idp.logout.preserveQuery","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic"}, +{"note":"","property_name":"idp.logout.assumeAsync","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints"}, +{"note":"","property_name":"idp.logout.propagationHidden","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user"}, +{"note":"","property_name":"idp.soap.httpClient","idp_vers":"all","property_default_value":"SOAPClient.HttpClient","property_type":"Bean ID of HttpClient to use for SOAP-based logout","module_vers":"","configuration_cat":"IDP","module":"","description":"Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)"}, +{"note":"ex. en, fr, de","property_name":"idp.ui.fallbackLanguages","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited list","module_vers":"","configuration_cat":"IDP","module":"","description":"languages to use if no match can be found with the browser-supported languages"}, +{"note":"","property_name":"idp.cas.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CAS","module":"","description":"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)"}, +{"note":"","property_name":"idp.cas.serviceRegistryClass","idp_vers":"all","property_default_value":"net.shibboleth.idp.cas.service.PatternServiceRegistry","property_type":"?","module_vers":"","configuration_cat":"CAS","module":"","description":"CAS service registry implementation class"}, +{"note":"","property_name":"idp.cas.relyingPartyIdFromMetadata","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CAS","module":"","description":"If true CAS services provisioned with SAML metadata are identified via entityID"}, +{"note":"","property_name":"idp.fticks.federation","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Enables F-TICKS output and specifies the value of the federation-identifier field"}, +{"note":"","property_name":"idp.fticks.condition","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"FTICK","module":"","description":"Optional bean name of a Predicate to use to decide whether to run"}, +{"note":"","property_name":"idp.fticks.algorithm","idp_vers":"all","property_default_value":"SHA-2","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Digest algorithm used to obscure usernames"}, +{"note":"","property_name":"idp.fticks.salt","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"A salt to apply when digesting usernames (if not specified, the username will not be included)"}, +{"note":"","property_name":"idp.fticks.loghost","idp_vers":"all","property_default_value":"localhost","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog host"}, +{"note":"","property_name":"idp.fticks.logport","idp_vers":"all","property_default_value":"514","property_type":"int","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog port"}, +{"note":"","property_name":"idp.audit.shortenBindings","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SERV","module":"","description":"Set false if you want SAML bindings \"spelled out\" in audit log"}, +{"note":"","property_name":"idp.velocity.runtime.strictmode","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Set to true to fail on velocity syntax errors"}, +{"note":"","property_name":"idp.intercept.External.externalPath","idp_vers":"all","property_default_value":"contextRelative:intercept.jsp","property_type":"path","module_vers":"","configuration_cat":"IDP","module":"","description":"Path to use with External interceptor flow"}, +{"note":"","property_name":"idp.impersonate.generalPolicy","idp_vers":"all","property_default_value":"GeneralImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, +{"note":"","property_name":"idp.impersonate.specificPolicy","idp_vers":"all","property_default_value":"SpecificImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, +{"note":"","property_name":"idp.authn.LDAP.authenticator","idp_vers":"all","property_default_value":"anonSearchAuthenticator","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator"}, +{"note":" ex. ldap://localhost or ldaps://localhost","property_name":"idp.authn.LDAP.ldapURL","idp_vers":"all","property_default_value":"none","property_type":"LDAP URI","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection URI for LDAP directory"}, +{"note":"","property_name":"idp.authn.LDAP.useStartTLS","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether StartTLS should be used after connecting with LDAP alone."}, +{"note":"","property_name":"idp.authn.LDAP.connectTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for the TCP connection to occur."}, +{"note":"","property_name":"idp.authn.LDAP.responseTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for an LDAP response message"}, +{"note":"","property_name":"idp.authn.LDAP.connectionStrategy","idp_vers":"all","property_default_value":"ACTIVE_PASSIVE","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM"}, +{"note":"","property_name":"idp.authn.LDAP.sslConfig","idp_vers":"all","property_default_value":"certificateTrust","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust"}, +{"note":"ex. %{idp.home}/credentials/ldap-server.crt","property_name":"idp.authn.LDAP.trustCertificates","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load trust anchors from when using sslConfig = certificateTrust"}, +{"note":"ex. %{idp.home}/credentials/ldap-server.truststore","property_name":"idp.authn.LDAP.trustStore","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust"}, +{"note":"","property_name":"idp.authn.LDAP.returnAttributes","idp_vers":"all","property_default_value":"none","property_type":"comma-seperated strings","module_vers":"","configuration_cat":"LDAP","module":"","description":"List of attributes to request during authentication"}, +{"note":"","property_name":"idp.authn.LDAP.baseDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.subtreeSearch","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.userFilter","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.bindDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.bindDNCredential","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties"}, +{"note":"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com","property_name":"idp.authn.LDAP.dnFormat","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator"}, +{"note":"","property_name":"idp.authn.LDAP.resolveEntryOnFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails."}, +{"note":"","property_name":"idp.authn.LDAP.resolveEntryWithBindDN","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user."}, +{"note":"","property_name":"idp.authn.LDAP.usePasswordPolicy","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Policy Control."}, +{"note":"","property_name":"idp.authn.LDAP.usePasswordExpiration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Expired Control."}, +{"note":"","property_name":"idp.authn.LDAP.activeDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types."}, +{"note":"","property_name":"idp.authn.LDAP.freeIPADirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product."}, +{"note":"","property_name":"idp.authn.LDAP.eDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product."}, +{"note":"","property_name":"idp.authn.LDAP.disablePooling","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether connection pools should be used for LDAP authentication and DN resolution"}, +{"note":"","property_name":"idp.pool.LDAP.minSize","idp_vers":"all","property_default_value":"3","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Minimum LDAP connection pool size"}, +{"note":"","property_name":"idp.pool.LDAP.maxSize","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Maximum LDAP connection pool size"}, +{"note":"","property_name":"idp.pool.LDAP.validateOnCheckout","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections when checking them out of the pool"}, +{"note":"","property_name":"idp.pool.LDAP.validatePeriodically","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections in the background"}, +{"note":"","property_name":"idp.pool.LDAP.validatePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between validation if idp.pool.LDAP.validatePeriodically is true"}, +{"note":"","property_name":"idp.pool.LDAP.validateDN","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to search with the validateFilter: defaults to the rootDSE"}, +{"note":"","property_name":"idp.pool.LDAP.validateFilter","idp_vers":"4.0.1","property_default_value":"(objectClass=*)","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Search filter to execute in order to validate a pooled connection"}, +{"note":"","property_name":"idp.pool.LDAP.prunePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between looking for idle connections to reduce the pool back to its minimum size"}, +{"note":"","property_name":"idp.pool.LDAP.idleTime","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration connections must be idle to be eligible for pruning"}, +{"note":"","property_name":"idp.pool.LDAP.blockWaitTime","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration to wait for a free connection in the pool"}, +{"note":"","property_name":"idp.authn.LDAP.bindPoolPassivator","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind."}, +{"note":"","property_name":"idp.authn.JAAS.loginConfigNames","idp_vers":"4.1","property_default_value":"ShibUserPassAuth","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Comma-delimited set of JAAS application configuration names to use"}, +{"note":"","property_name":"idp.authn.JAAS.loginConfig","idp_vers":"4.1","property_default_value":"%{idp.home}/conf/authn/jaas.config","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Location of JAAS configuration file"}, +{"note":"","property_name":"idp.authn.Krb5.refreshConfig","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt"}, +{"note":"","property_name":"idp.authn.Krb5.preserveTicket","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set"}, +{"note":"","property_name":"idp.authn.Krb5.servicePrincipal","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it"}, +{"note":"","property_name":"idp.authn.Krb5.keytab","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal"}, +{"note":"","property_name":"idp.authn.External.externalAuthnPath","idp_vers":"4.1","property_default_value":"contextRelative:external.jsp","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Spring Web Flow redirection expression for the protected resource"}, +{"note":"","property_name":"idp.authn.External.matchExpression","idp_vers":"4.1","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Regular expression to match username against"}, +{"note":"","property_name":"idp.authn.External.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.External.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.External.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.External.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.External.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, +{"note":"","property_name":"idp.authn.External.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, +{"note":"","property_name":"idp.authn.External.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether to invoke IdP discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.External.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.External.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.External.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.External.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.External.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.RemoteUser.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUser.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.RemoteUserInternal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUserInternal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.SPNEGO.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.SPNEGO.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.X509.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.X509.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.X509Internal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.X509Internal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.IPAddress.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.IPAddress.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.Function.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.Function.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.Duo.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.Duo.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step"}, +{"note":"","property_name":"idp.authn.SAML.inboundMessageHandlerFunction","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of Function to run at the late stages of Response decoding/processing"}, +{"note":"","property_name":"idp.authn.SAML.assertionValidator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of AssertionValidator to run"}, +{"note":"","property_name":"idp.authn.SAML.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.SAML.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.SAML.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.SAML.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.SAML.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, +{"note":"","property_name":"idp.authn.SAML.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, +{"note":"","property_name":"idp.authn.SAML.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to invoke IdP discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.SAML.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.SAML.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.SAML.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.SAML.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.SAML.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.MFA.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.MFA.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of BiConsumer to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone"}, +{"note":"","property_name":"idp.c14n.x500.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.x500.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":"","property_name":"idp.c14n.x500.trim","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to trim leading and trailing whitespace from the username"}, +{"note":"","property_name":"idp.c14n.x500.subjectAltNameTypes","idp_vers":"4.1","property_default_value":"none","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of subjectAltName extension types to look for"}, +{"note":"","property_name":"idp.c14n.x500.objectIDs","idp_vers":"4.1","property_default_value":"2.5.4.3","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of attribute OIDs to search for in the subject DN"}, +{"note":"","property_name":"idp.c14n.saml.proxy.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.saml.proxy.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":"","property_name":"idp.c14n.saml.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, +{"note":"","property_name":"idp.c14n.saml.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2slo","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.logout","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.cas","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.status","idp_vers":"all","property_default_value":"Status","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.resolvertest","idp_vers":"all","property_default_value":"ResolverTest","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.serviceReload","idp_vers":"all","property_default_value":"Reload","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, +{"note":"","property_name":"idp.audit.hashAlgorithm","idp_vers":"4.1","property_default_value":"SHA-256","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Hash algorithm to apply to various hashed fields"}, +{"note":"","property_name":"idp.audit.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Salt to apply to hashed fields must be set to use those fields"}, +{"note":"","property_name":"idp.oidc.issuer","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set the Open ID Connect Issuer value "}, +{"note":"","property_name":"idp.oidc.idToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT1H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of ID token"}, +{"note":"","property_name":"idp.oidc.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token"}, +{"note":"","property_name":"idp.oidc.authorizeCode.defaultLifetime","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of authorization code"}, +{"note":"","property_name":"idp.oidc.refreshToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT2H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of refresh token"}, +{"note":"","property_name":"idp.oidc.forcePKCE","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is required to use PKCE"}, +{"note":"","property_name":"idp.oidc.allowPKCEPlain","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is allowed to use PKCE code challenge method plain"}, +{"note":"","property_name":"idp.oidc.encodedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests"}, +{"note":"","property_name":"idp.oidc.encodeConsentInTokens","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage"}, +{"note":"","property_name":"idp.oidc.alwaysIncludedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to always include in ID token regardless of response_type"}, +{"note":"","property_name":"idp.oidc.deniedUserInfoAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to omit from UserInfo token"}, +{"note":"","property_name":"idp.oidc.revocationCache.authorizeCode.lifetime","idp_vers":"4.1","property_default_value":"PT6H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of entries in revocation cache for authorize code"}, +{"note":"","property_name":"idp.oidc.revocationCache.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of StorageService for revocation cache requires server-side storage"}, +{"note":"","property_name":"idp.oidc.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods"}, +{"note":"","property_name":"idp.oauth2.grantTypes","idp_vers":"4.1","property_default_value":"authorization_code,refresh_token","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"OAuth grant types to allow"}, +{"note":"","property_name":"idp.oauth2.enforceRefreshTokenRotation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token."}, +{"note":"","property_name":"idp.oauth2.accessToken.type","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Format of access token. Supported values are JWT or nothing."}, +{"note":"","property_name":"idp.oauth2.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token"}, +{"note":"","property_name":"idp.oauth2.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token issued to client for resource server"}, +{"note":"","property_name":"idp.oauth2.revocationMethod","idp_vers":"4.1","property_default_value":"CHAIN","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultRegistrationValidity","idp_vers":"4.1","property_default_value":"PT24H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Registration lifetime"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultScope","idp_vers":"4.1","property_default_value":"openid profile email address phone offline_access","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default scopes accepted in dynamic registration"}, +{"note":"","property_name":"idp.oidc.dynreg.defaultSubjectType","idp_vers":"4.1","property_default_value":"public","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default subject type if not set by client in request. Maybe set to pairwise or public."}, +{"note":"","property_name":"idp.oidc.dynreg.defaultMetadataPolicyFile","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Full path to the file containing default metadata policy used for dynamic client registration"}, +{"note":"","property_name":"idp.oidc.dynreg.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods when using dynamic registration"}, +{"note":"","property_name":"idp.signing.oidc.rs.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-rs.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA signing keypair"}, +{"note":"","property_name":"idp.signing.oidc.es.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-es.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK EC signing keypair"}, +{"note":"","property_name":"idp.signing.oidc.rsa.enc.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-encryption-rsa.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA decryption keypair"}, +{"note":"","property_name":"idp.oidc.signing.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.SigningConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default signing configuration"}, +{"note":"","property_name":"idp.oidc.encryption.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.EncryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default encryption configuration"}, +{"note":"","property_name":"idp.oidc.rodecrypt.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectDecryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request decryption configuration"}, +{"note":"one of these has the wrong name","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request signature validation configuration"}, +{"note":"one of these has the wrong name ","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default JWT token validation configuration"}, +{"note":"","property_name":"idp.authn.OAuth2Client.requireAll","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether all validators must succeed or just one"}, +{"note":"","property_name":"idp.authn.OAuth2Client.removeAfterValidation","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)"}, +{"note":"use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.","property_name":"idp.authn.OAuth2Client.retainAsPrivateCredential","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution"}, +{"note":"","property_name":"idp.authn.OAuth2Client.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.OAuth2Client.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of Predicate determining whether flow is usable for request"}, +{"note":"Subject> for subject customization","property_name":"idp.authn.OAuth2Client.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of BiConsumer>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter."}, +{"note":"","property_name":"idp.service.clientinfo.failFast","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"If true any failures during initialization of any resolvers result in IdP startup failure"}, +{"note":"","property_name":"idp.service.clientinfo.checkInterval","idp_vers":"4.1","property_default_value":"PT0S","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"When non-zero enables monitoring of resources for service reload"}, +{"note":"","property_name":"idp.service.clientinfo.resources","idp_vers":"4.1","property_default_value":"shibboleth.ClientInformationResolverResources","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Name of bean used to define the resources to use in configuring this service"}, +{"note":"","property_name":"idp.oauth2.defaultAllowedScope","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function called shibboleth.oidc.AllowedScopeStrategy"}, +{"note":"","property_name":"idp.oauth2.defaultAllowedAudience","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy"}, +{"note":"","property_name":"idp.oauth2.authn.flows","idp_vers":"4.1","property_default_value":"OAuth2Client","property_type":"regex","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regular expression matching OAuth login flows to enable."}, +{"note":"","property_name":"idp.oidc.subject.sourceAttribute","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The source attribute used in generating the sub claim"}, +{"note":"","property_name":"idp.oidc.subject.algorithm","idp_vers":"4.1","property_default_value":"SHA","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The digest algorithm used in generating the sub claim"}, +{"note":"","property_name":"idp.oidc.subject.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository"}, +{"note":"","property_name":"idp.authn.DuoOIDC.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.DuoOIDC.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.DuoOIDC.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.DuoOIDC.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.DuoOIDC.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, +{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.DuoOIDC.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow considers itself to be proxying"}, +{"note":"","property_name":"idp.authn.DuoOIDC.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to invoke IdP-discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.DuoOIDC.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate determining whether flow is usable for request"}, +{"note":"","property_name":"idp.authn.DuoOIDC.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofBiConsumer for subject customization"}, +{"note":"","property_name":"idp.authn.DuoOIDC.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, +{"note":"","property_name":"idp.authn.DuoOIDC.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, +{"note":"","property_name":"idp.duo.oidc.apiHost","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"DuoOIDC API hostname assigned to the integration"}, +{"note":"","property_name":"idp.duo.oidc.clientId","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The OAuth 2.0 Client Identifier valid at the Authorization Server"}, +{"note":"ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback","property_name":"idp.duo.oidc.redirectURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Redirection URI to which the 2FA response will be sent"}, +{"note":"","property_name":"idp.duo.oidc.redirecturl.allowedOrigins","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection."}, +{"note":"","property_name":"idp.duo.oidc.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token)."}, +{"note":"","property_name":"idp.duo.oidc.endpoint.health","idp_vers":"4.1","property_default_value":"/oauth/v1/health_check","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 health check endpoint"}, +{"note":"","property_name":"idp.duo.oidc.endpoint.token","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 token endpoint"}, +{"note":"","property_name":"idp.duo.oidc.endpoint.authorize","idp_vers":"4.1","property_default_value":"/oauth/v1/authorize","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 authorization endpoint"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.clockSkew","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Leeway allowed in token expiry calculations"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.iatWindow","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum amount (in either direction from now) of duration for which a token is valid after it is issued"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.issuerPath","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+"}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.preferredUsername","idp_vers":"4.1","property_default_value":"preferred_username","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request."}, +{"note":"","property_name":"idp.duo.oidc.jwt.verifier.authLifetime","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"How long the authentication is valid. Only applies to forced authentication requests."}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.apiHost","idp_vers":"4.1","property_default_value":"%{idp.duo.oidc.apiHost}","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI hostname assigned to the integration"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.integrationKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI integration key supplied by Duo"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI secret key supplied by Duo"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.factor","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Factor","property_type":"strinig","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI factor"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.device","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Device","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI device ID or name"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.passcode","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Passcode","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI passcode"}, +{"note":"","property_name":"idp.duo.oidc.nonbrowser.auto","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Allow the factor to be defaulted in as \"auto\" if no headers are received"}, +{"note":" push display","property_name":"idp.duo.oidc.nonbrowser.clientAddressTrusted","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Pass client address to Duo in API calls to support logging"}, +{"note":"","property_name":"idp.duo.oidc.connectionTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for the connection to be established"}, +{"note":"","property_name":"idp.duo.oidc.connectionRequestTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for a connection to be returned from the connection manager"}, +{"note":"","property_name":"idp.duo.oidc.socketTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum period inactivity between two consecutive data packets"}, +{"note":"","property_name":"idp.duo.oidc.maxConnectionsTotal","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max total simultaneous connections allowed by the pooling connection manager"}, +{"note":"","property_name":"idp.duo.oidc.maxConnectionsPerRoute","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max simultaneous connections per route allowed by the pooling connection manager"}, +{"note":"","property_name":"idp.duo.oidc.nimbus.checkRevocation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"To enable certificate revocation checking"}, +{"note":"","property_name":"idp.authn.TOTP.headerName","idp_vers":"4.1","property_default_value":"X-Shibboleth-TOTP","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of request header to use for extracting non-browser submitted token codes"}, +{"note":"","property_name":"idp.authn.TOTP.fieldName","idp_vers":"4.1","property_default_value":"tokencode","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of HTML form field to use for locating browser-submitted token codes"}, +{"note":"","property_name":"idp.authn.TOTP.tokenSeedAttribute","idp_vers":"4.1","property_default_value":"tokenSeeds","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of IdPAttribute to resolve to obtain token seeds for users"}, +{"note":"","property_name":"idp.authn.TOTP.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, +{"note":"","property_name":"idp.authn.TOTP.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, +{"note":"","property_name":"idp.authn.TOTP.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow allows for passive authentication"}, +{"note":"","property_name":"idp.authn.TOTP.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow supports forced authentication"}, +{"note":"","property_name":"idp.authn.TOTP.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, +{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.TOTP.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow considers itself to be proxying"}, +{"note":"","property_name":"idp.authn.TOTP.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to invoke IdP-discovery prior to running flow"}, +{"note":"","property_name":"idp.authn.TOTP.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Lifetime of results produced by this flow"}, +{"note":"","property_name":"idp.authn.TOTP.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Inactivity timeout of results produced by this flow"}, +{"note":"","property_name":"idp.authn.TOTP.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate controlling result reuse for SSO"}, +{"note":"","property_name":"idp.authn.TOTP.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate determining whether flow is usable for request"}, +{"note":"","property_name":"idp.authn.TOTP.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofBiConsumer for subject customization"}, +{"note":"","property_name":"idp.authn.TOTP.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, +{"note":"","property_name":"idp.authn.TOTP.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, +{"note":"","property_name":"idp.metadata.dnsname","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier"}, +{"note":"","property_name":"idp.metadata.backchannel.cert","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.path","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.height","idp_vers":"4.1","property_default_value":"80","property_type":"int","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The height of the logo in pixels."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.width","idp_vers":"4.1","property_default_value":"80","property_type":"init","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The width of the logo in pixels"}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.langs","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit."}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.displayname.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, +{"note":"","property_name":"idp.metadata.idpsso.mdui.description.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, +{"note":"no doc","property_name":"idp.oidc.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.defaultSecretExpiration","idp_vers":"4.1","property_default_value":"P12M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The validity of client secret registered"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.allowNoneForRequestSigning","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regardless of what signing algorithms are configured allow none for request object signing"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.validateRemoteJwks","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request"}, +{"note":"no doc","property_name":"idp.oidc.dynreg.defaultMetadataPolicy","idp_vers":"4.1","property_default_value":"shibboleth.oidc.dynreg.DefaultMetadataPolicy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine the default metadata policy used for dynamic client registration"}, +{"note":"no doc","property_name":"idp.oidc.jwk.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Storage for storing remote jwk sets."}, +{"note":"no doc","property_name":"idp.oidc.metadata.saml","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution"}, +{"note":"no doc","property_name":"idp.oidc.jwksuri.fetchInterval","idp_vers":"4.1","property_default_value":"PT30M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Upgrade interval to the remote JWKs"}, +{"note":"no doc","property_name":"idp.oidc.config.minRefreshDelay","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, +{"note":"no doc","property_name":"idp.oidc.config.maxRefreshDelay","idp_vers":"4.1","property_default_value":"PT4H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, +{"note":"no doc","property_name":"idp.oidc.LoginHintLookupStrategy","idp_vers":"4.1","property_default_value":"DefaultRequestLoginHintLookupFunction","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is."}, +{"note":"no doc","property_name":"idp.oidc.SPSessionCreationStrategy","idp_vers":"4.1","property_default_value":"DefaultSPSessionCreationStrategy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported."} +] \ No newline at end of file diff --git a/ui/src/app/App.js b/ui/src/app/App.js index 9c4e00422..ca70ee51a 100644 --- a/ui/src/app/App.js +++ b/ui/src/app/App.js @@ -34,7 +34,7 @@ import { Roles } from './admin/Roles'; import { Groups } from './admin/Groups'; import { BASE_PATH } from './App.constant'; import { ProtectRoute } from './core/components/ProtectRoute'; -import { Properties } from './admin/Properties'; +import { IdpConfiguration } from './admin/IdpConfiguration'; function App() { @@ -109,9 +109,9 @@ function App() { } /> - + - + } /> diff --git a/ui/src/app/admin/Properties.js b/ui/src/app/admin/IdpConfiguration.js similarity index 54% rename from ui/src/app/admin/Properties.js rename to ui/src/app/admin/IdpConfiguration.js index b81e0af48..621b54e71 100644 --- a/ui/src/app/admin/Properties.js +++ b/ui/src/app/admin/IdpConfiguration.js @@ -1,11 +1,11 @@ import React from 'react'; import { Switch, Route, useRouteMatch, Redirect } from 'react-router-dom'; -import { PropertiesProvider } from './hoc/PropertiesProvider'; -import { NewProperty } from './container/NewProperty'; -import { EditProperty } from './container/EditProperty'; -import { PropertyList } from './container/PropertyList'; +import { ConfigurationsProvider } from './hoc/ConfigurationsProvider'; +import { NewConfiguration } from './container/NewConfiguration'; +import { EditConfiguration } from './container/EditConfiguration'; +import { ConfigurationList } from './container/ConfigurationList'; -export function Properties() { +export function IdpConfiguration() { let { path, url } = useRouteMatch(); @@ -13,17 +13,17 @@ export function Properties() { <> - + {(properties, onDelete) => - + } - + } /> - + } /> - + } /> diff --git a/ui/src/app/admin/component/PropertyForm.js b/ui/src/app/admin/component/ConfigurationForm.js similarity index 75% rename from ui/src/app/admin/component/PropertyForm.js rename to ui/src/app/admin/component/ConfigurationForm.js index 54a0800ea..93d9ff1d9 100644 --- a/ui/src/app/admin/component/PropertyForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,14 +1,12 @@ import React from 'react'; import Button from 'react-bootstrap/Button'; -import Form from '../../form/Form'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; -import { usePropertyUiSchema } from '../hooks'; import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; -export function PropertyForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { +export function ConfigurationForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { const { dispatch } = React.useContext(FormContext); const onChange = ({ formData, errors }) => { @@ -16,8 +14,6 @@ export function PropertyForm({ property = {}, errors = [], loading = false, sche dispatch(setFormErrorAction(errors)); }; - const uiSchema = usePropertyUiSchema(); - return (<>
@@ -40,14 +36,7 @@ export function PropertyForm({ property = {}, errors = [], loading = false, sche
-
onChange(form)} - schema={schema} - uiSchema={uiSchema} - liveValidate={true}> - <> -
+
diff --git a/ui/src/app/admin/container/PropertyList.js b/ui/src/app/admin/container/ConfigurationList.js similarity index 89% rename from ui/src/app/admin/container/PropertyList.js rename to ui/src/app/admin/container/ConfigurationList.js index 2312cc1d2..300aab019 100644 --- a/ui/src/app/admin/container/PropertyList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -9,7 +9,7 @@ import { Translate } from '../../i18n/components/translate'; import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; -export function PropertyList({ properties, onDelete }) { +export function ConfigurationList({ properties, onDelete }) { const remove = (id) => { onDelete(id); @@ -23,14 +23,14 @@ export function PropertyList({ properties, onDelete }) {
- Roles Management + Configuration Management
  - Add new property + Create new configuration
@@ -38,7 +38,7 @@ export function PropertyList({ properties, onDelete }) { - Role Name + Configuration Name (label) Actions @@ -49,7 +49,7 @@ export function PropertyList({ properties, onDelete }) { {property.name} - + Edit @@ -65,7 +65,7 @@ export function PropertyList({ properties, onDelete }) { ) : - No properties defined. + No configurations. } diff --git a/ui/src/app/admin/container/EditProperty.js b/ui/src/app/admin/container/EditConfiguration.js similarity index 94% rename from ui/src/app/admin/container/EditProperty.js rename to ui/src/app/admin/container/EditConfiguration.js index beac8c5f8..4703cc098 100644 --- a/ui/src/app/admin/container/EditProperty.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -7,13 +7,13 @@ import { useProperties } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; -import { PropertyForm } from '../component/PropertyForm'; import { PropertyProvider } from '../hoc/PropertyProvider'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; +import { ConfigurationForm } from '../component/ConfigurationForm'; -export function EditProperty() { +export function EditConfiguration() { const { id } = useParams(); @@ -68,12 +68,12 @@ export function EditProperty() {
{(property) => - + {(schema) => <>{property && {(data, errors) => -
- + {(schema) => {(data, errors) => - - + - + diff --git a/ui/src/app/core/components/ProtectRoute.js b/ui/src/app/core/components/ProtectRoute.js index c01706920..c8a7a299f 100644 --- a/ui/src/app/core/components/ProtectRoute.js +++ b/ui/src/app/core/components/ProtectRoute.js @@ -1,9 +1,13 @@ import React from 'react'; import { Redirect } from 'react-router-dom'; - -import { useIsAdmin } from '../user/UserContext'; +import { isUndefined } from 'lodash'; +import { useCurrentUser, useIsAdmin } from '../user/UserContext'; export function ProtectRoute({ children, redirectTo, ...rest }) { + const user = useCurrentUser(); const isAdmin = useIsAdmin(); + if (isUndefined(user?.role)) { + return <> + } return isAdmin ? children : ; } \ No newline at end of file From 451af42c06db10c856dd6bcf0048207868d6a2b3 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 16 Aug 2022 15:18:24 -0700 Subject: [PATCH 05/63] SHIBUI-2270 Starting backend work --- .../ui/domain/ShibConfigurationProperty.java | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java new file mode 100644 index 000000000..945f9ff96 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java @@ -0,0 +1,55 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain; + +import lombok.Data; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Id; +import java.util.UUID; + +@Entity(name = "shib_configuration_prop") +@Audited +@Data +public class ShibConfigurationProperty { + @Id + @Column(name = "resource_id", nullable = false) + String resourceId = UUID.randomUUID().toString(); + + @Column(name = "category", nullable = false) + String category; + + @Column(name = "config_file", nullable = false) + String configFile; + + @Column(name = "default_value", nullable = false) + String defaultValue; + + @Column(name = "description") + String description; + + @Column(name = "idp_version", nullable = false) + String idpVersion; + + @Column(name = "module") + String module; + + @Column(name = "module_version") + String moduleVersion; + + @Column(name = "note") + String note; + + @Column(name = "property_name", nullable = false) + String propertyName; + + @Column(name = "property_type", nullable = false) + PropertyType propertyType; + + @Column(name = "property_value", nullable = false) + String propertyValue; +} + +enum PropertyType { + BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING +} \ No newline at end of file From 345bbb06ac40e5201e9adca61c69b1ba6084703a Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 16 Aug 2022 15:18:24 -0700 Subject: [PATCH 06/63] SHIBUI-2270 Starting backend work Former-commit-id: 451af42c06db10c856dd6bcf0048207868d6a2b3 --- .../ui/domain/ShibConfigurationProperty.java | 55 +++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java new file mode 100644 index 000000000..945f9ff96 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java @@ -0,0 +1,55 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain; + +import lombok.Data; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.Id; +import java.util.UUID; + +@Entity(name = "shib_configuration_prop") +@Audited +@Data +public class ShibConfigurationProperty { + @Id + @Column(name = "resource_id", nullable = false) + String resourceId = UUID.randomUUID().toString(); + + @Column(name = "category", nullable = false) + String category; + + @Column(name = "config_file", nullable = false) + String configFile; + + @Column(name = "default_value", nullable = false) + String defaultValue; + + @Column(name = "description") + String description; + + @Column(name = "idp_version", nullable = false) + String idpVersion; + + @Column(name = "module") + String module; + + @Column(name = "module_version") + String moduleVersion; + + @Column(name = "note") + String note; + + @Column(name = "property_name", nullable = false) + String propertyName; + + @Column(name = "property_type", nullable = false) + PropertyType propertyType; + + @Column(name = "property_value", nullable = false) + String propertyValue; +} + +enum PropertyType { + BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING +} \ No newline at end of file From e52d50249d4394f552352aaf3eba44af9678fd07 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 16 Aug 2022 15:18:40 -0700 Subject: [PATCH 07/63] SHIBUI-2270 Starting backend work --- .../src/main/resources/db/changelog/temp.sql | 656 ++++++++++++++++++ 1 file changed, 656 insertions(+) create mode 100644 backend/src/main/resources/db/changelog/temp.sql diff --git a/backend/src/main/resources/db/changelog/temp.sql b/backend/src/main/resources/db/changelog/temp.sql new file mode 100644 index 000000000..927ab6522 --- /dev/null +++ b/backend/src/main/resources/db/changelog/temp.sql @@ -0,0 +1,656 @@ +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('17', 'SecurityConfiguration', 'idp.properties', 'Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified', 'all', null, null, null, null, 'idp.cookie.sameSite', 'SELECTION_LIST', 'None,Lax,Strict', null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('3', 'RelyingPartyConfiguration', 'idp.properties', 'The unique name of the IdP used as the iisuer in all SAML profiles', 'all', null, null, 'ex. https://unicon.net/idp/shibboleth', null, 'idp.entityID', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('7', 'RelyingPartyConfiguration', 'idp.properties', 'Identifies the endpoint in SAML metadata associated with artifacts issued by a server node', 'all', null, null, null, '2', 'idp.artifact.endpointIndex', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('16', 'SecurityConfiguration', 'idp.properties', 'Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)', 'all', null, null, null, '31536000', 'idp.cookie.maxAge', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('21', 'SecurityConfiguration', 'idp.properties', 'Time between checks for a new AES key version', 'all', null, null, null, 'PT15M', 'idp.sealer.updateInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('394', 'ReloadableServices', 'services.properties', 'Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads', 'all', null, null, null, '0', 'idp.service.metadata.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('537', 'OPDynamicClientRegistration', 'oidc.properties', 'Registration lifetime', '4.1', 'idp.oidc.OP', '3', null, 'PT24H', 'idp.oidc.dynreg.defaultRegistrationValidity', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('602', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Leeway allowed in token expiry calculations', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.clockSkew', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('603', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum amount (in either direction from now) of duration for which a token is valid after it is issued', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.iatWindow', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('606', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'How long the authentication is valid. Only applies to forced authentication requests.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.authLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('131', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustStore', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('10', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, 'file pathname', '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('4', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, null, '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('2', 'Core', 'idp.properties', 'Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.', 'all', null, null, 'Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties', null, 'idp.additionalProperties', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('23', 'SecurityConfiguration', 'idp.properties', 'Keystore resource containing AES encryption key usually a file path', 'all', null, null, 'resource path', null, 'idp.sealer.storeResource', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('12', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will be limited to TLS', 'all', null, null, null, 'false', 'idp.cookie.secure', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('71', 'SessionConfiguration', 'idp.properties', 'Whether to hide storage failures from users during session cache reads/writes', 'all', null, null, null, 'false', 'idp.session.maskStorageFailure', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('130', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load trust anchors from when using sslConfig = certificateTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustCertificates', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('11', 'Core', 'idp.properties', 'applies a (fixed) scope typically a domain-valued suffix to an input attribute''s values', 'all', null, null, null, null, 'idp.scope', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('14', 'SecurityConfiguration', 'idp.properties', 'Overrides the domain of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.domain', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('33', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SecurityConfiguration', 'all', null, null, 'Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)', 'shibboleth.DefaultSecurityConfiguration', 'idp.security.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('34', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SignatureSigningConfiguration', 'all', null, null, 'Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)', 'shibboleth.SigningConfiguration.SHA256', 'idp.signing.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('8', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.artifact.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('18', 'SecurityConfiguration', 'idp.properties', 'Predicate condition bean controlling whether SameSite filter runs', 'all', null, null, 'Bean ID of Predicate', 'shibboleth.Conditions.FALSE', 'idp.cookie.sameSiteCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('15', 'SecurityConfiguration', 'idp.properties', 'Overrides the path of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.path', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('20', 'SecurityConfiguration', 'idp.properties', 'Type of Java keystore used for IdP''s internal AES encryption key', 'all', null, null, null, 'JCEKS', 'idp.sealer.storeType', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('40', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped messages', 'all', null, null, null, 'PT3M', 'idp.policy.messageLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('41', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped assertions', 'all', null, null, null, 'PT3M', 'idp.policy.assertionLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('42', 'SecurityConfiguration', 'idp.properties', 'Default allowance for clock differences between systems', 'all', null, null, null, 'PT3M', 'idp.policy.clockSkew', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('57', 'StorageConfiguration', 'idp.properties', 'Interval of background thread sweeping server-side storage for expired records', 'all', null, null, null, 'PT10M', 'idp.storage.cleanupInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('69', 'SessionConfiguration', 'idp.properties', 'Inactivity timeout policy for IdP sessions (must be non-zero)', 'all', null, null, null, 'PT60M', 'idp.session.timeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('70', 'SessionConfiguration', 'idp.properties', 'Extra time after expiration before removing SP sessions in case a logout is invoked', 'all', null, null, null, '0', 'idp.session.slop', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('24', 'SecurityConfiguration', 'idp.properties', 'Resource that tracks the active AES encryption key version usually a file path', 'all', null, null, null, null, 'idp.sealer.versionResource', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('66', 'SessionConfiguration', 'idp.properties', 'Number of characters in IdP session identifiers', 'all', null, null, null, '32', 'idp.session.idSize', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('27', 'SecurityConfiguration', 'idp.properties', 'Resource containing private key for signing typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('50', 'Core', 'idp.properties', 'Location from which to load user-supplied webflows from', 'all', null, null, 'resource path', '%{idp.home}/flows', 'idp.webflows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('22', 'SecurityConfiguration', 'idp.properties', 'Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)', 'all', null, null, null, 'secret', 'idp.sealer.aliasBase', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('37', 'SecurityConfiguration', 'idp.properties', 'Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration', 'all', null, null, null, 'Default', 'idp.encryption.keyagreement.metadata.defaultUseKeyWrap', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('46', 'CSRF', 'idp.properties', 'Name of the HTTP parameter that stores the CSRF token', '4', null, null, null, 'csrf_token', 'idp.csrf.token.parameter', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('61', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for message replay checking (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.replayCache.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('38', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify signatures', 'all', null, null, 'Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)', 'shibboleth.ChainingSignatureTrustEngine', 'idp.trust.signatures', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('36', 'SecurityConfiguration', 'idp.properties', 'If true failure to locate an encryption key to use won''t result in request failure', 'all', null, null, null, 'false', 'idp.encryption.optional', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('52', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to expose detailed error causes in status information provided to outside parties', 'all', null, null, null, 'false', 'idp.errors.detailed', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('58', 'StorageConfiguration', 'idp.properties', 'Whether to use HTML Local Storage (if available) instead of cookies', 'all', null, null, null, 'false', 'idp.storage.htmlLocalStorage', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('47', 'Core', 'idp.properties', 'Auto-configures an HSTS response header', 'all', null, null, null, 'max-age=0', 'idp.hsts', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('49', 'Core', 'idp.properties', 'Auto-configures a Content Security Policy response header', 'all', null, null, null, 'frame-ancestors ''none''', 'idp.csp', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('25', 'SecurityConfiguration', 'idp.properties', 'Keystore password unlocking AES encryption keystore typically set during installation', 'all', null, null, null, null, 'idp.sealer.storePassword', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('54', 'ErrorHandlingConfiguration', 'idp.properties', 'The default view name to render for exceptions and events', 'all', null, null, null, 'error', 'idp.errors.defaultView', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('59', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default per-session instance of the client storage service', 'all', null, null, null, 'shib_idp_session_ss', 'idp.storage.clientSessionStorageName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('51', 'Core', 'idp.properties', 'Location from which to load user-modifiable Velocity view templates. This can be set to include "classpath*:/META-INF/net/shibboleth/idp/views" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor', 'all', null, null, 'Comma seperated list of values', '%{idp.home}/views', 'idp.views', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('48', 'Core', 'idp.properties', 'Auto-configures an X-Frame-Options response header', 'all', null, null, null, 'DENY', 'idp.frameoptions', 'SELECTION_LIST', 'DENY,SAMEORIGIN', null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('74', 'SessionConfiguration', 'idp.properties', 'Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting', 'all', null, null, null, 'PT2H', 'idp.session.defaultSPlifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('76', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default amount of time to allow reuse prior authentication flows', 'all', null, null, 'measured since first usage', 'PT60M', 'idp.authn.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('77', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default inactivity timeout to prevent reuse of prior authentication flows', 'all', null, null, 'measured since last usage', 'PT30M', 'idp.authn.defaultTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('86', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.attribute-release.userStorageKeyAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('98', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit', 'all', null, null, null, '10', 'idp.consent.maxStoredRecords', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('28', 'SecurityConfiguration', 'idp.properties', 'Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.cert', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('100', 'ConsentConfiguration', 'idp.properties', 'Time in milliseconds to expire consent storage records', '4.x', null, null, '(v4.0=P1Y,v4.1=infinite)', null, 'idp.consent.storageRecordLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('90', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.terms-of-use.userStorageKeyAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('91', 'ConsentConfiguration', 'idp.properties', 'Suffix of message property used as value of consent storage records when idp.consent.compareValues is true', 'all', null, null, null, '.text', 'idp.consent.terms-of-use.consentValueMessageCodeSuffix', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('31', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate private key for decryption generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.key.2', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('84', 'ConsentConfiguration', 'idp.properties', 'Name of storage service used to store users'' consent choices', 'all', null, null, null, 'shibboleth.ClientPersistentStorageService', 'idp.consent.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('85', 'ConsentConfiguration', 'idp.properties', 'Name of function used to return the String storage key representing a user defaults to the principal name', 'all', null, null, null, 'shibboleth.consent.PrincipalConsentStorageKey', 'idp.consent.attribute-release.userStorageKey', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('72', 'SessionConfiguration', 'idp.properties', 'Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)', 'all', null, null, null, 'false', 'idp.session.trackSPSessions', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('73', 'SessionConfiguration', 'idp.properties', 'Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)', 'all', null, null, null, 'false', 'idp.session.secondaryServiceIndex', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('55', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it''s not necessary to fully qualify the class).', 'all', null, null, 'Bean ID of Properties (java.util.Properties)', null, 'idp.errors.excludedExceptions', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('56', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)', 'all', null, null, 'Bean ID of Collection (java.util)', null, 'idp.errors.exceptionMappings', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('79', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to prioritize prior authentication results when an SP requests more than one possible matching method', 'all', null, null, null, 'false', 'idp.authn.favorSSO', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('81', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to fail requests if a user identity after authentication doesn''t match the identity in a pre-existing session.', 'all', null, null, null, 'false', 'idp.authn.identitySwitchIsError', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('32', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate public key certificate generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.cert.2', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('30', 'SecurityConfiguration', 'idp.properties', 'Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.cert', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('29', 'SecurityConfiguration', 'idp.properties', 'Resource containing a private key for decryption typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('75', 'AuthenticationConfiguration', 'authn/authn.properties', 'Required expression that identifies the login flows to globally enable', 'all', null, null, 'ex. Password, MA, DUO', null, 'idp.authn.flows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('60', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default persistent instance of the client storage service', 'all', null, null, null, 'shib_idp_persistent_ss', 'idp.storage.clientPersistentStorageName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('26', 'SecurityConfiguration', 'idp.properties', 'Key password unlocking AES encryption key typically set to the same as the previous property and set during installation', 'all', null, null, null, null, 'idp.sealer.keyPassword', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('65', 'SessionConfiguration', 'idp.properties', 'Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)', '4.2', null, null, null, 'shib_idp_session', 'idp.session.cookieName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('82', 'AuthenticationConfiguration', 'authn/authn.properties', 'Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose', '4.1', null, null, null, null, 'idp.authn.discoveryURL', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('99', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using larger/server-side storage, 0 = no limit', 'all', null, null, null, '0', 'idp.consent.expandedMaxStoredRecords', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('88', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.attribute-release.auditFormat', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('93', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.terms-of-use.auditFormat', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('121', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'GeneralImpersonationPolicy', 'idp.impersonate.generalPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('152', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to search with the validateFilter: defaults to the rootDSE', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.pool.LDAP.validateDN', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('122', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'SpecificImpersonationPolicy', 'idp.impersonate.specificPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('124', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection URI for LDAP directory', 'all', null, null, 'LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.ldapURL', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('114', 'FTICKSLoggingConfiguration', 'idp.properties', 'Digest algorithm used to obscure usernames', 'all', null, null, null, 'SHA-2', 'idp.fticks.algorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('116', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog host', 'all', null, null, null, 'localhost', 'idp.fticks.loghost', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('112', 'FTICKSLoggingConfiguration', 'idp.properties', 'Enables F-TICKS output and specifies the value of the federation-identifier field', 'all', null, null, null, null, 'idp.fticks.federation', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('137', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDNCredential', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('115', 'FTICKSLoggingConfiguration', 'idp.properties', 'A salt to apply when digesting usernames (if not specified, the username will not be included)', 'all', null, null, null, null, 'idp.fticks.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('138', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator', 'all', null, null, 'ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.dnFormat', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('109', 'CasProtocolConfiguration', 'idp.properties', 'Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed "simple" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)', 'all', null, null, null, 'shibboleth.StorageService', 'idp.cas.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('113', 'FTICKSLoggingConfiguration', 'idp.properties', 'Optional bean name of a Predicate to use to decide whether to run', '4.1', null, null, null, null, 'idp.fticks.condition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('110', 'CasProtocolConfiguration', 'idp.properties', 'CAS service registry implementation class', 'all', null, null, null, 'net.shibboleth.idp.cas.service.PatternServiceRegistry', 'idp.cas.serviceRegistryClass', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('107', 'Core', 'idp.properties', 'Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)', 'all', null, null, 'Bean ID of HttpClient to use for SOAP-based logout', 'SOAPClient.HttpClient', 'idp.soap.httpClient', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('106', 'LogoutConfiguration', 'idp.properties', 'Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user', '4.2', null, null, null, 'false', 'idp.logout.propagationHidden', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('119', 'Core', 'idp.properties', 'Set to true to fail on velocity syntax errors', 'all', null, null, null, 'false', 'idp.velocity.runtime.strictmode', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('162', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it', '4.1', null, null, null, null, 'idp.authn.Krb5.servicePrincipal', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('117', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog port', 'all', null, null, null, '514', 'idp.fticks.logport', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('120', 'Core', 'idp.properties', 'Path to use with External interceptor flow', 'all', null, null, null, 'contextRelative:intercept.jsp', 'idp.intercept.External.externalPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('108', 'Core', 'idp.properties', 'languages to use if no match can be found with the browser-supported languages', 'all', null, null, 'Comma seperated list of values ex. en, fr, de', null, 'idp.ui.fallbackLanguages', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('154', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between looking for idle connections to reduce the pool back to its minimum size', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.prunePeriod', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('151', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between validation if idp.pool.LDAP.validatePeriodically is true', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.validatePeriod', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('166', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.External', null, null, '1000', 'idp.authn.External.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('141', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Policy Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordPolicy', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('321', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('176', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('153', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Search filter to execute in order to validate a pooled connection', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', '(objectClass=*)', 'idp.pool.LDAP.validateFilter', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('191', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('192', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('184', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('185', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('187', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('181', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUser', null, 'regex expected', null, 'idp.authn.RemoteUser.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('202', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'A regular expression that must match the username', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('158', 'JAASAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited set of JAAS application configuration names to use', '4.1', null, null, null, 'ShibUserPassAuth', 'idp.authn.JAAS.loginConfigNames', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('164', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.External', null, null, 'contextRelative:external.jsp', 'idp.authn.External.externalAuthnPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('221', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Servlet-relative path to the SPNEGO external authentication implementation', '4.1', 'idp.authn.SPNEGO', null, 'URL path', '/Authn/SPNEGO', 'idp.authn.SPNEGO.externalAuthnPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('207', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.RemoteUserInternal', null, null, '1000', 'idp.authn.RemoteUserInternal.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('224', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.SPNEGO', null, 'regex expected', null, 'idp.authn.SPNEGO.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('211', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.RemoteUserInternal.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('206', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('214', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.RemoteUserInternal.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('216', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('217', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('230', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SPNEGO.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('208', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('215', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.RemoteUserInternal.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('540', 'OPMetadataPolicies', 'oidc.properties', 'Full path to the file containing default metadata policy used for dynamic client registration', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.dynreg.defaultMetadataPolicyFile', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('205', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'contextRelative:external.jsp', 'idp.authn.RemoteUserInternal.externalAuthnPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('225', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Name of cookie used to track auto-login state of client', '4.2', 'idp.authn.SPNEGO', null, null, '_idp_spnego_autologin', 'idp.authn.SPNEGO.cookieName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('303', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.integrationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('304', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.secretKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('197', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited lists of request attributes to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('226', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.SPNEGO', null, null, '1000', 'idp.authn.SPNEGO.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('218', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('236', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('250', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('251', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('242', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('234', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SPNEGO.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('248', 'X509AuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('249', 'X509AuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('263', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509Internal.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('243', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('244', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('399', 'ReloadableServices', 'services.properties', 'Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry', 'all', null, null, null, 'true', 'idp.service.attribute.registry.encodeType', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('403', 'ReloadableServices', 'services.properties', 'Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.resolver.maskFailures', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('405', 'ReloadableServices', 'services.properties', 'Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther', '4.2', null, null, null, 'true', 'idp.service.attribute.resolver.suppressDisplayInfo', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('264', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509Internal.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('198', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of request headers to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkHeaders', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('203', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to accept while blocking all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.allowedUsernames', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('204', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to deny while accepting all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.deniedUsernames', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('219', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.RemoteUserInternal.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('360', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:mace:shibboleth:1.0:nameIdentifier', 'idp.nameid.saml1.default', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('241', 'X509AuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.X509', null, null, '1000', 'idp.authn.X509.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('256', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.X509Internal.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('237', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step', '4.1', null, null, null, null, 'idp.authn.SAML.outboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('265', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('266', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('291', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.Function.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('292', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.Function.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('579', 'OPSubClaim', 'oidc.properties', 'Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('598', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.secretKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('608', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI integration key supplied by Duo', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.nonbrowser.integrationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('643', 'Metadatagen', 'mdgen.properties', 'A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.displayname.', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('279', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('280', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('293', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('294', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('319', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('320', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('353', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('314', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.Duo.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('311', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('336', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.SAML.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('358', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for generating transient IDs', 'all', null, null, 'Bean ID of a TransientIdGenerationStrategy', 'shibboleth.CryptoTransientIdGenerator', 'idp.transientId.generator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('333', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', null, null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SAML.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('348', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.MFA.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('327', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of Function to run at the late stages of Response decoding/processing', '4.1', null, null, null, null, 'idp.authn.SAML.inboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('328', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of AssertionValidator to run', '4.1', null, null, null, null, 'idp.authn.SAML.assertionValidator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('338', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('339', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('337', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SAML.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('351', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.MFA.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('352', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.MFA.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('330', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.SAML.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('296', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Function', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.Function.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('305', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Factor', 'idp.duo.nonbrowser.header.factor', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('306', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Device', 'idp.duo.nonbrowser.header.device', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('331', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('332', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('335', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.SAML.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('307', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Passcode', 'idp.duo.nonbrowser.header.passcode', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('299', 'DuoAuthnConfiguration', 'authn/duo.properties', 'A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, "Generate an akey".', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.applicationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('300', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.integrationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('322', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Duo', null, null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.Duo.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('301', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.secretKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('325', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Statically-defined entityID of IdP to use for authentication', '4.1', null, null, null, null, 'idp.authn.SAML.proxyEntityID', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('359', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'idp.nameid.saml2.default', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('329', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.SAML.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('344', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.MFA', null, null, '1000', 'idp.authn.MFA.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('340', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('370', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services', 'all', null, null, null, 'shibboleth.ComputedIdExceptionMap', 'idp.persistentId.exceptionMap', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('388', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for RelyingPartyConfiguration', 'all', null, null, null, 'shibboleth.RelyingPartyResolverResources', 'idp.service.relyingparty.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('367', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'An encoded form of the persistentId.salt', 'all', null, null, null, null, 'idp.persistentId.encodedSalt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('389', 'ReloadableServices', 'services.properties', 'Fail at startup if RelyingPartyConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.relyingparty.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('362', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies a data source for storage-based management of persistent IDs', 'all', null, null, 'Bean ID of a JDBC DataSource', null, 'idp.persistentId.dataSource', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('361', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for sourcing persistent IDs', 'all', null, null, 'Bean ID of a PairwiseIdStore', 'shibboleth.ComputedPersistentIdGenerator', 'idp.persistentId.generator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('391', 'ReloadableServices', 'services.properties', 'See MetadataDrivenConfiguration SAML Attribute Name Format Usage', 'all', null, null, null, 'false', 'idp.service.relyingparty.ignoreUnmappedEntityAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('393', 'ReloadableServices', 'services.properties', 'Fail at startup if MetadataConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.metadata.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('368', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The hash algorithm used when using computed persistent IDs', 'all', null, null, null, 'SHA', 'idp.persistentId.algorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('423', 'ReloadableServices', 'services.properties', 'Seconds between reloads of message property resources', 'all', null, null, null, '300', 'idp.message.cacheSeconds', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('392', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for MetadataConfiguration', 'all', null, null, null, 'shibboleth.MetadataResolverResources', 'idp.service.metadata.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('396', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeRegistryConfiguration', 'all', null, null, null, 'shibboleth.AttributeRegistryResources', 'idp.service.attribute.registry.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('400', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeResolverConfiguration', 'all', null, null, null, 'shibboleth.AttributeResolverResources', 'idp.service.attribute.resolver.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('398', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.registry.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('406', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeFilterConfiguration', 'all', null, null, null, 'shibboleth.AttributeFilterResources', 'idp.service.attribute.filter.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('402', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.resolver.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('410', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for NameIDGenerationConfiguration', 'all', null, null, null, 'shibboleth.NameIdentifierGenerationResources', 'idp.service.nameidGeneration.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('413', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AccessControlConfiguration', 'all', null, null, null, 'shibboleth.AccessControlResource', 'idp.service.access.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('416', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for CASServiceRegistry configuration', 'all', null, null, null, 'shibboleth.CASServiceRegistryResources', 'idp.service.cas.registry.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('408', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.filter.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('412', 'ReloadableServices', 'services.properties', 'Time to notice changes to NameIDGenerationConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.nameidGeneration.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('415', 'ReloadableServices', 'services.properties', 'Time to notice changes to AccessControlConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.access.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('418', 'ReloadableServices', 'services.properties', 'Time to notice CASServiceRegistry configuration changes and reload service', 'all', null, null, null, '0', 'idp.service.cas.registry.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('421', 'ReloadableServices', 'services.properties', 'Time to notice ManagedBeanConfiguration changes and reload service', 'all', null, null, null, '0', 'idp.service.managedBean.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('369', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64', 'all', null, null, null, 'BASE64', 'idp.persistentId.encoding', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('397', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeRegistryConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.registry.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('401', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeResolverConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('404', 'ReloadableServices', 'services.properties', 'Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.stripNulls', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('407', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeFilterConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.filter.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('411', 'ReloadableServices', 'services.properties', 'Fail at startup if NameIDGenerationConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.nameidGeneration.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('417', 'ReloadableServices', 'services.properties', 'Fail at startup if CASServiceRegistry configuration is invalid', 'all', null, null, null, 'false', 'idp.service.cas.registry.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('373', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of error strings to identify as retryable failures', '4.1', null, null, null, '23000,23505', 'idp.persistentId.retryableErrors', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('364', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable', 'all', null, null, null, null, 'idp.persistentId.sourceAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('375', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides the name of the table in the database', '4.1', null, null, null, 'shibpid', 'idp.persistentId.tableName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('376', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localEntity', 'idp.persistentId.localEntityColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('377', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerEntity', 'idp.persistentId.peerEntityColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('378', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'principalName', 'idp.persistentId.principalNameColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('379', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localId', 'idp.persistentId.sourceIdColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('380', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'persistentId', 'idp.persistentId.persistentIdColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('381', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerProvidedId', 'idp.persistentId.peerProvidedIdColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('419', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for ManagedBeanConfiguration', 'all', null, null, null, 'shibboleth.ManagedBeanResources', 'idp.service.managedBean.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('422', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying Spring message property resources', 'all', null, null, null, 'shibboleth.MessageSourceResources', 'idp.message.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('560', 'OPDiscovery', 'oidc.properties', 'Implementation bean for discovery shouldn''t require alteration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.DefaultOpenIdConfigurationResolver', 'idp.oidc.discovery.resolver', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('574', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function called shibboleth.oidc.AllowedScopeStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedScope', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('575', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedAudience', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('570', 'OPDynamicClientRegistration', 'oidc.properties', 'Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy', 'idp.oidc.admin.registration.lookup.policy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('382', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'creationDate', 'idp.persistentId.createTimeColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('383', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'deactivationDate', 'idp.persistentId.deactivationTimeColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('573', 'OPClientResolution', 'oidc.properties', 'Name of bean used to define the resources to use in configuring this service', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ClientInformationResolverResources', 'idp.service.clientinfo.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('650', 'OIDC OP', 'oidc.properties', 'Storage for storing remote jwk sets.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.StorageService', 'idp.oidc.jwk.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('433', 'MetadataReload', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('434', 'MetadataReload', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.reload.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('366', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'A secret salt for the hash when using computed persistent IDs', 'all', null, null, null, null, 'idp.persistentId.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('428', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('430', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('424', 'Status', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Status', 'idp.status.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('425', 'Status', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.status.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('431', 'MetadataReload', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Reload', 'idp.reload.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('435', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('438', 'AACLI', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'ResolverTest', 'idp.resolvertest.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('437', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('497', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of subjectAltName extension types to look for', '4.1', null, null, 'Comma seperated list of integer values', null, 'idp.c14n.x500.subjectAltNameTypes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('439', 'AACLI', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.resolvertest.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('442', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('444', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('445', 'MetadataQuery', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'MetadataQuery', 'idp.mdquery.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('498', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attribute OIDs to search for in the subject DN', '4.1', null, null, 'Comma seperated list of integer values', '2,5,4,3', 'idp.c14n.x500.objectIDs', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('493', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.c14n.attribute.resolutionCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('651', 'OIDC OP', 'oidc.properties', 'Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.metadata.saml', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('655', 'OIDC OP', 'oidc.properties', 'Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultRequestLoginHintLookupFunction', 'idp.oidc.LoginHintLookupStrategy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('656', 'OIDC OP', 'oidc.properties', 'Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultSPSessionCreationStrategy', 'idp.oidc.SPSessionCreationStrategy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('19', 'SecurityConfiguration', 'idp.properties', 'Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.', 'all', null, null, 'Bean ID of DataSealerKeyStrategy', 'shibboleth.DataSealerKeyStrategy', 'idp.sealer.keyStrategy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('103', 'LogoutConfiguration', 'idp.properties', 'If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session', 'all', null, null, 'Bean ID of Predicate', 'false', 'idp.logout.promptUser', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('44', 'SecurityConfiguration', 'idp.properties', 'Overrides the X509KeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.X509KeyInfoGeneratorFactory', 'idp.security.x509KeyInfoFactory', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('64', 'SessionConfiguration', 'idp.properties', 'Bean name of a storage implementation/configuration to use for IdP sessions', 'all', null, null, 'Bean ID of StorageService (org.opensaml.storage)', 'shibboleth.ClientSessionStorageService', 'idp.session.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('312', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('446', 'MetadataQuery', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.mdquery.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('313', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('484', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('517', 'OIDC OP', 'oidc.properties', 'Set the Open ID Connect Issuer value', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.issuer', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('68', 'SessionConfiguration', 'idp.properties', 'A 2-argument predicate that compares a bound session''s address to a client address', 'all', null, null, 'BiPredicate', 'Direct string comparison', 'idp.session.consistentAddressCondition', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('518', 'OPToken', 'oidc.properties', 'Lifetime of ID token', '4.1', 'idp.oidc.OP', '3', null, 'PT1H', 'idp.oidc.idToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('524', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.encodedAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('529', 'OPAuthorization', 'oidc.properties', 'Bean ID of StorageService for revocation cache requires server-side storage', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.StorageService', 'idp.oidc.revocationCache.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('545', 'OPSecurity', 'oidc.properties', 'Allows override of default signing configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.SigningConfiguration', 'idp.oidc.signing.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('546', 'OPSecurity', 'oidc.properties', 'Allows override of default encryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.EncryptionConfiguration', 'idp.oidc.encryption.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('547', 'OPSecurity', 'oidc.properties', 'Allows override of default request decryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.requestObjectDecryptionConfiguration', 'idp.oidc.rodecrypt.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('519', 'OPToken', 'oidc.properties', 'Lifetime of access token', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oidc.accessToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('520', 'OPAuthorization', 'oidc.properties', 'Lifetime of authorization code', '4.1', 'idp.oidc.OP', '3', null, 'PT5M', 'idp.oidc.authorizeCode.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('521', 'OPToken', 'oidc.properties', 'Lifetime of refresh token', '4.1', 'idp.oidc.OP', '3', null, 'PT2H', 'idp.oidc.refreshToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('528', 'OPRevocation', 'oidc.properties', 'Lifetime of entries in revocation cache for authorize code', '4.1', 'idp.oidc.OP', '3', null, 'PT6H', 'idp.oidc.revocationCache.authorizeCode.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('535', 'OPToken', 'oidc.properties', 'Lifetime of access token issued to client for resource server', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oauth2.accessToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('544', 'OPSecurity', 'oidc.properties', 'JWK RSA decryption keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-encryption-rsa.jwk', 'idp.signing.oidc.rsa.enc.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('543', 'OPSecurity', 'oidc.properties', 'JWK EC signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-es.jwk', 'idp.signing.oidc.es.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('449', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('451', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('455', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('542', 'OPSecurity', 'oidc.properties', 'JWK RSA signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-rs.jwk', 'idp.signing.oidc.rs.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('452', 'MetricsConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Metrics', 'idp.metrics.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('457', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('462', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('464', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('458', 'HelloWorldConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Hello', 'idp.hello.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('459', 'HelloWorldConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByAdminUser', 'idp.hello.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('527', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to omit from UserInfo token', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.deniedUserInfoAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('526', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to always include in ID token regardless of response_type', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.alwaysIncludedAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('541', 'OPDynamicClientRegistration', 'oidc.properties', 'The acceptable client authentication methods when using dynamic registration', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.dynreg.tokenEndpointAuthMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('530', 'OPToken', 'oidc.properties', 'The acceptable client authentication methods', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.tokenEndpointAuthMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('531', 'OPToken', 'oidc.properties', 'OAuth grant types to allow', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'authorization_code,refresh_token', 'idp.oauth2.grantTypes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('553', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.oidc.OP', '3', null, '1000', 'idp.authn.OAuth2Client.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('565', 'OPDynamicClientRegistration', 'oidc.properties', 'Default access token lifetime if not specified', '4.1', 'idp.oidc.OP', '3', null, 'P1D', 'idp.oidc.admin.registration.defaultTokenLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('572', 'OPClientResolution', 'oidc.properties', 'When non-zero enables monitoring of resources for service reload', '4.1', 'idp.oidc.OP', '3', null, 'PT0S', 'idp.service.clientinfo.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('555', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.Conditions.TRUE', 'idp.authn.OAuth2Client.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('558', 'OPCustomFilterRegistration', 'oidc.properties', 'By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ResponseHeaderFilter', 'idp.oidc.ResponseHeaderFilter', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('35', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default EncryptionConfiguration', 'all', null, null, 'Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)', 'shibboleth.EncryptionConfiguration.CBC', 'idp.encryption.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('43', 'SecurityConfiguration', 'idp.properties', 'Overrides the BasicKeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.BasicKeyInfoGeneratorFactory', 'idp.security.basicKeyInfoFactory', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('39', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify TLS certificates', 'all', null, null, 'Bean ID of TrustEngine (org.opensaml.security.trust)', 'shibboleth.ChainingX509TrustEngine', 'idp.trust.certificates', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('550', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether all validators must succeed or just one', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.authn.OAuth2Client.requireAll', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('552', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution', '4.1', 'idp.oidc.OP', '3', 'use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.', 'false', 'idp.authn.OAuth2Client.retainAsPrivateCredential', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('563', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to enable user authentication for requests', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('466', 'AccountLockoutManagement', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.lockout.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('472', '?', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Storage', 'idp.storage.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('473', '?', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.storage.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('478', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'UnlockKeys', 'idp.unlock-keys.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('561', 'OPDynamicClientRegistration', 'oidc.properties', 'Audit logging label for this profile', '4.1', 'idp.oidc.OP', '3', null, 'IssueRegistrationAccessToken', 'idp.oidc.admin.registration.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('566', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to all requests', '4.1', 'idp.oidc.OP', '3', null, 'AccessByIPAddress', 'idp.oidc.admin.registration.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('584', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.DuoOIDC.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('610', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Factor', 'idp.duo.oidc.nonbrowser.header.factor', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('580', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.DuoOIDC', '1', null, '1000', 'idp.authn.DuoOIDC.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('587', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.DuoOIDC.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('479', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.unlock-keys.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('483', 'AttendedRestartConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.unlock-keys.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('490', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)', '4.1', null, null, null, null, 'idp.c14n.attribute.attributesToResolve', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('588', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.DuoOIDC.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('491', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue', '4.1', null, null, null, null, 'idp.c14n.attribute.attributeSourceIds', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('503', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml1sso', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('591', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.authn.DuoOIDC.subjectDecorator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('589', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('590', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('315', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('316', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('481', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.unlock-keys.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('482', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.unlock-keys.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('485', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('581', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('45', 'CSRF', 'idp.properties', 'Enables CSRF protection', '4', null, null, null, 'true', 'idp.csrf.enabled', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('522', 'OPToken', 'oidc.properties', 'Whether client is required to use PKCE', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.forcePKCE', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('615', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for the connection to be established', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('612', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Passcode', 'idp.duo.oidc.nonbrowser.header.passcode', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('642', 'Metadatagen', 'mdgen.properties', 'The width of the logo in pixels', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.width', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('635', 'TOTP', 'authn/authn.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.TOTP', '1', null, null, 'idp.authn.TOTP.subjectDecorator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('633', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('616', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for a connection to be returned from the connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionRequestTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('617', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum period inactivity between two consecutive data packets', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.socketTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('631', 'TOTP', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.TOTP.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('632', 'TOTP', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.TOTP.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('641', 'Metadatagen', 'mdgen.properties', 'The height of the logo in pixels.', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.height', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('634', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('628', 'TOTP', 'authn/authn.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.TOTP.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('620', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'To enable certificate revocation checking', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'false', 'idp.duo.oidc.nimbus.checkRevocation', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('625', 'TOTP', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('626', 'TOTP', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('53', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)', 'all', null, null, null, 'true', 'idp.errors.signed', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('504', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml1attrquery', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('505', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml1artifact', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('506', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml2sso', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('618', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max total simultaneous connections allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsTotal', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('619', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max simultaneous connections per route allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsPerRoute', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('624', 'TOTP', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.TOTP', '1', null, '1000', 'idp.authn.TOTP.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('640', 'Metadatagen', 'mdgen.properties', 'Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path (''/path/to/logo'') is use', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.logo.path', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('639', 'Metadatagen', 'mdgen.properties', 'Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.backchannel.cert', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('638', 'Metadatagen', 'mdgen.properties', 'Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.dnsname', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('647', 'OIDC OP', 'oidc.properties', 'The validity of client secret registered', '4.1', 'idp.oidc.OP', '3', 'no doc', 'P12M', 'idp.oidc.dynreg.defaultSecretExpiration', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('652', 'OIDC OP', 'oidc.properties', 'Upgrade interval to the remote JWKs', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT30M', 'idp.oidc.jwksuri.fetchInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('653', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT5M', 'idp.oidc.config.minRefreshDelay', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('654', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT4H', 'idp.oidc.config.maxRefreshDelay', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('507', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml2attrquery', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('508', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml2artifact', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('509', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.saml2slo', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('510', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.logout', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('511', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.cas', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('512', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Status', 'idp.service.logging.status', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('513', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ResolverTest', 'idp.service.logging.resolvertest', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('514', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Reload', 'idp.service.logging.serviceReload', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('515', 'AuditLoggingConfiguration', 'services.properties', 'Hash algorithm to apply to various hashed fields', '4.1', null, null, null, 'SHA-256', 'idp.audit.hashAlgorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('516', 'AuditLoggingConfiguration', 'services.properties', 'Salt to apply to hashed fields must be set to use those fields', '4.1', null, null, null, null, 'idp.audit.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('536', 'OPRevocation', 'oidc.properties', 'The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token', '4.1', 'idp.oidc.OP', '3', null, 'CHAIN', 'idp.oauth2.revocationMethod', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('538', 'OPDynamicClientRegistration', 'oidc.properties', 'The default scopes accepted in dynamic registration', '4.1', 'idp.oidc.OP', '3', null, 'openid profile email address phone offline_access', 'idp.oidc.dynreg.defaultScope', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('539', 'OPDynamicClientRegistration', 'oidc.properties', 'The default subject type if not set by client in request. Maybe set to pairwise or public.', '4.1', 'idp.oidc.OP', '3', null, 'public', 'idp.oidc.dynreg.defaultSubjectType', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('533', 'OPToken', 'oidc.properties', 'Format of access token. Supported values are JWT or nothing.', '4.1', 'idp.oidc.OP', '3.2', null, null, 'idp.oauth2.accessToken.type', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('567', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyLocation', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyLocationPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('568', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyIdPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('569', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a clientId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.clientIdPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('577', 'OPSubClaim', 'oidc.properties', 'The source attribute used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.sourceAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('578', 'OPSubClaim', 'oidc.properties', 'The digest algorithm used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, 'SHA', 'idp.oidc.subject.algorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('594', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'DuoOIDC API hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.apiHost', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('649', 'OIDC OP', 'oidc.properties', 'Bean to determine whether dynamic registration should validate the remote JWK set if it''s defined in the request', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.dynreg.validateRemoteJwks', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('1', 'Core', 'idp.properties', 'Auto-load all files matching conf/**/*.properties', '4', null, null, null, 'true', 'idp.searchForProperties', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('5', 'RelyingPartyConfiguration', 'idp.properties', 'Whether to allow use of the SAML artifact bindings when sending messages', 'all', null, null, null, 'true', 'idp.artifact.enabled', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('6', 'RelyingPartyConfiguration', 'idp.properties', 'Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)', 'all', null, null, null, 'true', 'idp.artifact.secureChannel', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('9', 'RelyingPartyConfiguration', 'idp.properties', 'Controls whether the outbound binding selection is ordered by the SP''s metadata or the IdP''s preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also', '4.1', null, null, null, 'true', 'idp.bindings.inMetadataOrder', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('13', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property', 'all', null, null, null, 'true', 'idp.cookie.httpOnly', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('595', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The OAuth 2.0 Client Identifier valid at the Authorization Server', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.clientId', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('596', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Redirection URI to which the 2FA response will be sent', '4.1', 'idp.authn.DuoOIDC', '1', 'ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback', null, 'idp.duo.oidc.redirectURL', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('592', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.DuoOIDC.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('597', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.redirecturl.allowedOrigins', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('599', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 health check endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/health_check', 'idp.duo.oidc.endpoint.health', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('600', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 token endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.endpoint.token', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('601', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 authorization endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/authorize', 'idp.duo.oidc.endpoint.authorize', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('604', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.jwt.verifier.issuerPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('605', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'preferred_username', 'idp.duo.oidc.jwt.verifier.preferredUsername', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('607', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.duo.oidc.apiHost}', 'idp.duo.oidc.nonbrowser.apiHost', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('611', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Device', 'idp.duo.oidc.nonbrowser.header.device', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('621', 'TOTP', 'authn/authn.properties', 'Name of request header to use for extracting non-browser submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'X-Shibboleth-TOTP', 'idp.authn.TOTP.headerName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('622', 'TOTP', 'authn/authn.properties', 'Name of HTML form field to use for locating browser-submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'tokencode', 'idp.authn.TOTP.fieldName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('623', 'TOTP', 'authn/authn.properties', 'Name of IdPAttribute to resolve to obtain token seeds for users', '4.1', 'idp.authn.TOTP', '1', null, 'tokenSeeds', 'idp.authn.TOTP.tokenSeedAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('636', 'TOTP', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.TOTP', '1', null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken', 'idp.authn.TOTP.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('645', 'Metadatagen', 'mdgen.properties', 'Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.description.', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('365', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Whether or not the previous property has access to unreleased attributes', 'all', null, null, null, 'true', 'idp.persistentId.useUnfilteredAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('150', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections in the background', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.pool.LDAP.validatePeriodically', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('142', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Expired Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordExpiration', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('614', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Pass client address to Duo in API calls to support logging', '4.1', 'idp.authn.DuoOIDC', '1', 'push display', 'true', 'idp.duo.oidc.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('140', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryWithBindDN', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('129', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'How to establish trust in the server''s TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'certificateTrust', 'idp.authn.LDAP.sslConfig', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('125', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether StartTLS should be used after connecting with LDAP alone.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.authn.LDAP.useStartTLS', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('149', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections when checking them out of the pool', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.pool.LDAP.validateOnCheckout', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('144', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.freeIPADirectory', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('143', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the ''adAuthenticator''. It is meant to be specified with one of the other authenticator types.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.activeDirectory', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('146', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether connection pools should be used for LDAP authentication and DN resolution', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.disablePooling', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('145', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.eDirectory', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('126', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for the TCP connection to occur.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.connectTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('157', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindPoolPassivator', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('128', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'ACTIVE_PASSIVE', 'idp.authn.LDAP.connectionStrategy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('127', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for an LDAP response message', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.responseTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('123', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'anonSearchAuthenticator', 'idp.authn.LDAP.authenticator', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('136', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDN', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('139', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be returned in the authentication response even when the user bind fails.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryOnFailure', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('133', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.baseDN', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('132', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'List of attributes to request during authentication', 'all', null, null, 'Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.returnAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('135', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.userFilter', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('134', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.subtreeSearch', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('62', 'StorageConfiguration', 'idp.properties', 'Whether storage errors during replay checks should be treated as a replay', 'all', null, null, null, 'true', 'idp.replayCache.strict', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('63', 'SessionConfiguration', 'idp.properties', 'Whether to enable the IdP''s session tracking feature', 'all', null, null, null, 'true', 'idp.session.enabled', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('67', 'SessionConfiguration', 'idp.properties', 'Whether to bind IdP sessions to IP addresses', 'all', null, null, null, 'true', 'idp.session.consistentAddress', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('78', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication', '4.1', null, null, null, 'true', 'idp.authn.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('80', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to populate information about the relying party into the tree for user interfaces during login and interceptors', 'all', null, null, null, 'true', 'idp.authn.rpui', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('94', 'ConsentConfiguration', 'idp.properties', 'Whether not remembering/storing consent is allowed', 'all', null, null, null, 'true', 'idp.consent.allowDoNotRemember', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('95', 'ConsentConfiguration', 'idp.properties', 'Whether consent to any attribute and to any relying party is allowed', 'all', null, null, null, 'true', 'idp.consent.allowGlobal', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('102', 'LogoutConfiguration', 'idp.properties', 'Whether to require signed logout messages in accordance with the SAML 2.0 standard', 'all', null, null, null, 'true', 'idp.logout.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('118', 'AuditLoggingConfiguration', 'services.properties', 'Set false if you want SAML bindings "spelled out" in audit log', 'all', null, null, null, 'true', 'idp.audit.shortenBindings', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('179', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.External', null, null, 'true', 'idp.authn.External.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('195', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUser', null, null, 'true', 'idp.authn.RemoteUser.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('196', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to check REMOTE_USER for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.checkRemoteUser', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('199', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to trim leading and trailing whitespace from the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('220', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('646', 'OIDC OP', 'oidc.properties', 'Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides', '4.1', 'idp.oidc.OP', '3', 'no doc', 'false', 'idp.oidc.encryptionOptional', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('239', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, 'true', 'idp.authn.SPNEGO.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('254', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.X509', null, null, 'true', 'idp.authn.X509.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('255', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to save the certificate into the Subject''s public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.saveCertificateToCredentialSet', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('269', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('283', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.IPAddress', null, null, 'true', 'idp.authn.IPAddress.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('297', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Function', null, null, 'true', 'idp.authn.Function.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('308', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Allow the factor to be defaulted to auto if no headers are received', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.auto', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('309', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('323', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Duo', null, null, 'true', 'idp.authn.Duo.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('342', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.SAML.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('343', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions', '4.1', null, null, null, 'true', 'idp.authn.MFA.validateLoginTransitions', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('357', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.MFA', null, null, 'true', 'idp.authn.MFA.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('374', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.', '4.1', null, null, null, 'true', 'idp.persistentId.verifyDatabase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('386', 'ReloadableServices', 'services.properties', 'Fail at startup if logging configuration is invalid', 'all', null, null, null, 'true', 'idp.service.logging.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('395', 'ReloadableServices', 'services.properties', 'Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost', 'all', null, null, null, 'true', 'idp.service.metadata.enableByReferenceFilters', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('409', 'ReloadableServices', 'services.properties', 'Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.filter.maskFailures', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('414', 'ReloadableServices', 'services.properties', 'Fail at startup if AccessControlConfiguration is invalid', 'all', null, null, null, 'true', 'idp.service.access.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('460', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('463', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('480', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.unlock-keys.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('486', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.simple.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('489', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.attribute.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('496', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.x500.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('551', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to remove the object holding the password from the request''s active state after validating it (to avoid it being preserved in the session any longer than needed)', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.removeAfterValidation', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('557', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('562', 'OPDynamicClientRegistration', 'oidc.properties', 'Enables support for non-browser-based authentication', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.oidc.admin.registration.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('583', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.authn.DuoOIDC.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('613', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Allow the factor to be defaulted in as "auto" if no headers are received', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.duo.oidc.nonbrowser.auto', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('627', 'TOTP', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.TOTP', '1', null, 'true', 'idp.authn.TOTP.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('648', 'OIDC OP', 'oidc.properties', 'Regardless of what signing algorithms are configured allow none for request object signing', '4.1', 'idp.oidc.OP', '3', 'no doc', 'true', 'idp.oidc.dynreg.allowNoneForRequestSigning', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('83', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set', '4', null, null, null, 'false', 'idp.authn.overrideRequestedAuthnContext', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('96', 'ConsentConfiguration', 'idp.properties', 'Whether per-attribute consent is allowed', 'all', null, null, null, 'false', 'idp.consent.allowPerAttribute', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('97', 'ConsentConfiguration', 'idp.properties', 'Whether attribute values and terms of use text are stored and compared for equality', 'all', null, null, null, 'false', 'idp.consent.compareValues', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('101', 'LogoutConfiguration', 'idp.properties', 'Whether to search metadata for user interface information associated with every service involved in logout propagation', 'all', null, null, null, 'false', 'idp.logout.elaboration', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('104', 'LogoutConfiguration', 'idp.properties', 'Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic', '4.1', null, null, null, 'false', 'idp.logout.preserveQuery', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('105', 'LogoutConfiguration', 'idp.properties', 'When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints', '4.2', null, null, null, 'false', 'idp.logout.assumeAsync', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('111', 'CasProtocolConfiguration', 'idp.properties', 'If true CAS services provisioned with SAML metadata are identified via entityID', 'all', null, null, null, 'false', 'idp.cas.relyingPartyIdFromMetadata', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('160', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', null, null, null, 'false', 'idp.authn.Krb5.refreshConfig', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('523', 'OPToken', 'oidc.properties', 'Whether client is allowed to use PKCE code challenge method plain', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.allowPKCEPlain', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('161', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to preserve the resulting Kerberos TGT in the Java Subject''s private credential set', '4.1', null, null, null, 'false', 'idp.authn.Krb5.preserveTicket', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('167', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('168', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('169', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('171', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('172', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('188', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('200', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to lowercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('201', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to uppercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('209', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('210', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('212', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('213', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('222', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to always try to run SPNEGO independent of the user''s auto-login setting', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.enforceRun', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('223', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.refreshKrbConfig', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('227', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('228', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('229', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('231', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('232', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('246', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('247', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('257', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('258', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('259', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('261', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('262', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('273', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('275', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('276', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('285', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('286', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('287', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('289', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('290', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('334', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.SAML.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('345', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('346', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('347', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('349', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('350', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('420', 'ReloadableServices', 'services.properties', 'Fail at startup if ManagedBeanConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.managedBean.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('426', 'Status', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('427', 'Status', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.status.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('429', 'Status', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('436', 'MetadataReload', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('440', 'AACLI', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('441', 'AACLI', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.resolvertest.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('443', 'AACLI', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('447', 'MetadataQuery', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('448', 'MetadataQuery', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.mdquery.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('450', 'MetadataQuery', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('453', 'MetricsConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('454', 'MetricsConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.metrics.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('456', 'MetricsConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('461', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.hello.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('467', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('468', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.lockout.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('470', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('474', '?', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('475', '?', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.storage.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('477', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('487', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('488', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('492', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service', '4.1', null, null, null, 'false', 'idp.c14n.attribute.resolveFromSubject', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('494', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('495', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('499', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('500', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('501', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('502', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('525', 'OPAuthorization', 'oidc.properties', 'Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.encodeConsentInTokens', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('532', 'OPToken', 'oidc.properties', 'Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.', '4.1', 'idp.oidc.OP', '3.2', null, 'false', 'idp.oauth2.enforceRefreshTokenRotation', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('534', 'OPToken', 'oidc.properties', 'Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oauth2.encryptionOptional', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('564', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to resolve attributes if authentication is enabled', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('571', 'OPClientResolution', 'oidc.properties', 'If true any failures during initialization of any resolvers result in IdP startup failure', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.service.clientinfo.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('582', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('585', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.DuoOIDC', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.DuoOIDC.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('586', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('593', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('629', 'TOTP', 'authn/authn.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.TOTP', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.TOTP.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('630', 'TOTP', 'authn/authn.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('637', 'TOTP', 'authn/authn.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.addDefaultPrincipals', 'BOOLEAN', null, null); \ No newline at end of file From d5fa9fb665381c39da79c44913d2e8c1397193c8 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 16 Aug 2022 15:18:40 -0700 Subject: [PATCH 08/63] SHIBUI-2270 Starting backend work Former-commit-id: e52d50249d4394f552352aaf3eba44af9678fd07 --- .../src/main/resources/db/changelog/temp.sql | 656 ++++++++++++++++++ 1 file changed, 656 insertions(+) create mode 100644 backend/src/main/resources/db/changelog/temp.sql diff --git a/backend/src/main/resources/db/changelog/temp.sql b/backend/src/main/resources/db/changelog/temp.sql new file mode 100644 index 000000000..927ab6522 --- /dev/null +++ b/backend/src/main/resources/db/changelog/temp.sql @@ -0,0 +1,656 @@ +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('17', 'SecurityConfiguration', 'idp.properties', 'Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified', 'all', null, null, null, null, 'idp.cookie.sameSite', 'SELECTION_LIST', 'None,Lax,Strict', null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('3', 'RelyingPartyConfiguration', 'idp.properties', 'The unique name of the IdP used as the iisuer in all SAML profiles', 'all', null, null, 'ex. https://unicon.net/idp/shibboleth', null, 'idp.entityID', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('7', 'RelyingPartyConfiguration', 'idp.properties', 'Identifies the endpoint in SAML metadata associated with artifacts issued by a server node', 'all', null, null, null, '2', 'idp.artifact.endpointIndex', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('16', 'SecurityConfiguration', 'idp.properties', 'Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)', 'all', null, null, null, '31536000', 'idp.cookie.maxAge', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('21', 'SecurityConfiguration', 'idp.properties', 'Time between checks for a new AES key version', 'all', null, null, null, 'PT15M', 'idp.sealer.updateInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('394', 'ReloadableServices', 'services.properties', 'Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads', 'all', null, null, null, '0', 'idp.service.metadata.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('537', 'OPDynamicClientRegistration', 'oidc.properties', 'Registration lifetime', '4.1', 'idp.oidc.OP', '3', null, 'PT24H', 'idp.oidc.dynreg.defaultRegistrationValidity', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('602', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Leeway allowed in token expiry calculations', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.clockSkew', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('603', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum amount (in either direction from now) of duration for which a token is valid after it is issued', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.iatWindow', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('606', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'How long the authentication is valid. Only applies to forced authentication requests.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.authLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('131', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustStore', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('10', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, 'file pathname', '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('4', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, null, '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('2', 'Core', 'idp.properties', 'Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.', 'all', null, null, 'Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties', null, 'idp.additionalProperties', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('23', 'SecurityConfiguration', 'idp.properties', 'Keystore resource containing AES encryption key usually a file path', 'all', null, null, 'resource path', null, 'idp.sealer.storeResource', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('12', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will be limited to TLS', 'all', null, null, null, 'false', 'idp.cookie.secure', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('71', 'SessionConfiguration', 'idp.properties', 'Whether to hide storage failures from users during session cache reads/writes', 'all', null, null, null, 'false', 'idp.session.maskStorageFailure', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('130', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load trust anchors from when using sslConfig = certificateTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustCertificates', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('11', 'Core', 'idp.properties', 'applies a (fixed) scope typically a domain-valued suffix to an input attribute''s values', 'all', null, null, null, null, 'idp.scope', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('14', 'SecurityConfiguration', 'idp.properties', 'Overrides the domain of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.domain', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('33', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SecurityConfiguration', 'all', null, null, 'Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)', 'shibboleth.DefaultSecurityConfiguration', 'idp.security.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('34', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SignatureSigningConfiguration', 'all', null, null, 'Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)', 'shibboleth.SigningConfiguration.SHA256', 'idp.signing.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('8', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.artifact.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('18', 'SecurityConfiguration', 'idp.properties', 'Predicate condition bean controlling whether SameSite filter runs', 'all', null, null, 'Bean ID of Predicate', 'shibboleth.Conditions.FALSE', 'idp.cookie.sameSiteCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('15', 'SecurityConfiguration', 'idp.properties', 'Overrides the path of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.path', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('20', 'SecurityConfiguration', 'idp.properties', 'Type of Java keystore used for IdP''s internal AES encryption key', 'all', null, null, null, 'JCEKS', 'idp.sealer.storeType', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('40', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped messages', 'all', null, null, null, 'PT3M', 'idp.policy.messageLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('41', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped assertions', 'all', null, null, null, 'PT3M', 'idp.policy.assertionLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('42', 'SecurityConfiguration', 'idp.properties', 'Default allowance for clock differences between systems', 'all', null, null, null, 'PT3M', 'idp.policy.clockSkew', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('57', 'StorageConfiguration', 'idp.properties', 'Interval of background thread sweeping server-side storage for expired records', 'all', null, null, null, 'PT10M', 'idp.storage.cleanupInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('69', 'SessionConfiguration', 'idp.properties', 'Inactivity timeout policy for IdP sessions (must be non-zero)', 'all', null, null, null, 'PT60M', 'idp.session.timeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('70', 'SessionConfiguration', 'idp.properties', 'Extra time after expiration before removing SP sessions in case a logout is invoked', 'all', null, null, null, '0', 'idp.session.slop', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('24', 'SecurityConfiguration', 'idp.properties', 'Resource that tracks the active AES encryption key version usually a file path', 'all', null, null, null, null, 'idp.sealer.versionResource', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('66', 'SessionConfiguration', 'idp.properties', 'Number of characters in IdP session identifiers', 'all', null, null, null, '32', 'idp.session.idSize', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('27', 'SecurityConfiguration', 'idp.properties', 'Resource containing private key for signing typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('50', 'Core', 'idp.properties', 'Location from which to load user-supplied webflows from', 'all', null, null, 'resource path', '%{idp.home}/flows', 'idp.webflows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('22', 'SecurityConfiguration', 'idp.properties', 'Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)', 'all', null, null, null, 'secret', 'idp.sealer.aliasBase', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('37', 'SecurityConfiguration', 'idp.properties', 'Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration', 'all', null, null, null, 'Default', 'idp.encryption.keyagreement.metadata.defaultUseKeyWrap', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('46', 'CSRF', 'idp.properties', 'Name of the HTTP parameter that stores the CSRF token', '4', null, null, null, 'csrf_token', 'idp.csrf.token.parameter', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('61', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for message replay checking (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.replayCache.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('38', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify signatures', 'all', null, null, 'Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)', 'shibboleth.ChainingSignatureTrustEngine', 'idp.trust.signatures', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('36', 'SecurityConfiguration', 'idp.properties', 'If true failure to locate an encryption key to use won''t result in request failure', 'all', null, null, null, 'false', 'idp.encryption.optional', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('52', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to expose detailed error causes in status information provided to outside parties', 'all', null, null, null, 'false', 'idp.errors.detailed', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('58', 'StorageConfiguration', 'idp.properties', 'Whether to use HTML Local Storage (if available) instead of cookies', 'all', null, null, null, 'false', 'idp.storage.htmlLocalStorage', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('47', 'Core', 'idp.properties', 'Auto-configures an HSTS response header', 'all', null, null, null, 'max-age=0', 'idp.hsts', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('49', 'Core', 'idp.properties', 'Auto-configures a Content Security Policy response header', 'all', null, null, null, 'frame-ancestors ''none''', 'idp.csp', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('25', 'SecurityConfiguration', 'idp.properties', 'Keystore password unlocking AES encryption keystore typically set during installation', 'all', null, null, null, null, 'idp.sealer.storePassword', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('54', 'ErrorHandlingConfiguration', 'idp.properties', 'The default view name to render for exceptions and events', 'all', null, null, null, 'error', 'idp.errors.defaultView', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('59', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default per-session instance of the client storage service', 'all', null, null, null, 'shib_idp_session_ss', 'idp.storage.clientSessionStorageName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('51', 'Core', 'idp.properties', 'Location from which to load user-modifiable Velocity view templates. This can be set to include "classpath*:/META-INF/net/shibboleth/idp/views" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor', 'all', null, null, 'Comma seperated list of values', '%{idp.home}/views', 'idp.views', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('48', 'Core', 'idp.properties', 'Auto-configures an X-Frame-Options response header', 'all', null, null, null, 'DENY', 'idp.frameoptions', 'SELECTION_LIST', 'DENY,SAMEORIGIN', null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('74', 'SessionConfiguration', 'idp.properties', 'Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting', 'all', null, null, null, 'PT2H', 'idp.session.defaultSPlifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('76', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default amount of time to allow reuse prior authentication flows', 'all', null, null, 'measured since first usage', 'PT60M', 'idp.authn.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('77', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default inactivity timeout to prevent reuse of prior authentication flows', 'all', null, null, 'measured since last usage', 'PT30M', 'idp.authn.defaultTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('86', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.attribute-release.userStorageKeyAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('98', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit', 'all', null, null, null, '10', 'idp.consent.maxStoredRecords', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('28', 'SecurityConfiguration', 'idp.properties', 'Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.cert', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('100', 'ConsentConfiguration', 'idp.properties', 'Time in milliseconds to expire consent storage records', '4.x', null, null, '(v4.0=P1Y,v4.1=infinite)', null, 'idp.consent.storageRecordLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('90', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.terms-of-use.userStorageKeyAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('91', 'ConsentConfiguration', 'idp.properties', 'Suffix of message property used as value of consent storage records when idp.consent.compareValues is true', 'all', null, null, null, '.text', 'idp.consent.terms-of-use.consentValueMessageCodeSuffix', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('31', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate private key for decryption generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.key.2', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('84', 'ConsentConfiguration', 'idp.properties', 'Name of storage service used to store users'' consent choices', 'all', null, null, null, 'shibboleth.ClientPersistentStorageService', 'idp.consent.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('85', 'ConsentConfiguration', 'idp.properties', 'Name of function used to return the String storage key representing a user defaults to the principal name', 'all', null, null, null, 'shibboleth.consent.PrincipalConsentStorageKey', 'idp.consent.attribute-release.userStorageKey', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('72', 'SessionConfiguration', 'idp.properties', 'Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)', 'all', null, null, null, 'false', 'idp.session.trackSPSessions', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('73', 'SessionConfiguration', 'idp.properties', 'Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)', 'all', null, null, null, 'false', 'idp.session.secondaryServiceIndex', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('55', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it''s not necessary to fully qualify the class).', 'all', null, null, 'Bean ID of Properties (java.util.Properties)', null, 'idp.errors.excludedExceptions', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('56', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)', 'all', null, null, 'Bean ID of Collection (java.util)', null, 'idp.errors.exceptionMappings', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('79', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to prioritize prior authentication results when an SP requests more than one possible matching method', 'all', null, null, null, 'false', 'idp.authn.favorSSO', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('81', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to fail requests if a user identity after authentication doesn''t match the identity in a pre-existing session.', 'all', null, null, null, 'false', 'idp.authn.identitySwitchIsError', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('32', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate public key certificate generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.cert.2', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('30', 'SecurityConfiguration', 'idp.properties', 'Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.cert', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('29', 'SecurityConfiguration', 'idp.properties', 'Resource containing a private key for decryption typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('75', 'AuthenticationConfiguration', 'authn/authn.properties', 'Required expression that identifies the login flows to globally enable', 'all', null, null, 'ex. Password, MA, DUO', null, 'idp.authn.flows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('60', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default persistent instance of the client storage service', 'all', null, null, null, 'shib_idp_persistent_ss', 'idp.storage.clientPersistentStorageName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('26', 'SecurityConfiguration', 'idp.properties', 'Key password unlocking AES encryption key typically set to the same as the previous property and set during installation', 'all', null, null, null, null, 'idp.sealer.keyPassword', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('65', 'SessionConfiguration', 'idp.properties', 'Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)', '4.2', null, null, null, 'shib_idp_session', 'idp.session.cookieName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('82', 'AuthenticationConfiguration', 'authn/authn.properties', 'Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose', '4.1', null, null, null, null, 'idp.authn.discoveryURL', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('99', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using larger/server-side storage, 0 = no limit', 'all', null, null, null, '0', 'idp.consent.expandedMaxStoredRecords', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('88', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.attribute-release.auditFormat', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('93', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.terms-of-use.auditFormat', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('121', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'GeneralImpersonationPolicy', 'idp.impersonate.generalPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('152', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to search with the validateFilter: defaults to the rootDSE', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.pool.LDAP.validateDN', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('122', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'SpecificImpersonationPolicy', 'idp.impersonate.specificPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('124', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection URI for LDAP directory', 'all', null, null, 'LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.ldapURL', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('114', 'FTICKSLoggingConfiguration', 'idp.properties', 'Digest algorithm used to obscure usernames', 'all', null, null, null, 'SHA-2', 'idp.fticks.algorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('116', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog host', 'all', null, null, null, 'localhost', 'idp.fticks.loghost', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('112', 'FTICKSLoggingConfiguration', 'idp.properties', 'Enables F-TICKS output and specifies the value of the federation-identifier field', 'all', null, null, null, null, 'idp.fticks.federation', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('137', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDNCredential', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('115', 'FTICKSLoggingConfiguration', 'idp.properties', 'A salt to apply when digesting usernames (if not specified, the username will not be included)', 'all', null, null, null, null, 'idp.fticks.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('138', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator', 'all', null, null, 'ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.dnFormat', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('109', 'CasProtocolConfiguration', 'idp.properties', 'Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed "simple" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)', 'all', null, null, null, 'shibboleth.StorageService', 'idp.cas.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('113', 'FTICKSLoggingConfiguration', 'idp.properties', 'Optional bean name of a Predicate to use to decide whether to run', '4.1', null, null, null, null, 'idp.fticks.condition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('110', 'CasProtocolConfiguration', 'idp.properties', 'CAS service registry implementation class', 'all', null, null, null, 'net.shibboleth.idp.cas.service.PatternServiceRegistry', 'idp.cas.serviceRegistryClass', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('107', 'Core', 'idp.properties', 'Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)', 'all', null, null, 'Bean ID of HttpClient to use for SOAP-based logout', 'SOAPClient.HttpClient', 'idp.soap.httpClient', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('106', 'LogoutConfiguration', 'idp.properties', 'Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user', '4.2', null, null, null, 'false', 'idp.logout.propagationHidden', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('119', 'Core', 'idp.properties', 'Set to true to fail on velocity syntax errors', 'all', null, null, null, 'false', 'idp.velocity.runtime.strictmode', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('162', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it', '4.1', null, null, null, null, 'idp.authn.Krb5.servicePrincipal', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('117', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog port', 'all', null, null, null, '514', 'idp.fticks.logport', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('120', 'Core', 'idp.properties', 'Path to use with External interceptor flow', 'all', null, null, null, 'contextRelative:intercept.jsp', 'idp.intercept.External.externalPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('108', 'Core', 'idp.properties', 'languages to use if no match can be found with the browser-supported languages', 'all', null, null, 'Comma seperated list of values ex. en, fr, de', null, 'idp.ui.fallbackLanguages', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('154', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between looking for idle connections to reduce the pool back to its minimum size', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.prunePeriod', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('151', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between validation if idp.pool.LDAP.validatePeriodically is true', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.validatePeriod', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('166', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.External', null, null, '1000', 'idp.authn.External.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('141', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Policy Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordPolicy', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('321', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('176', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('153', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Search filter to execute in order to validate a pooled connection', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', '(objectClass=*)', 'idp.pool.LDAP.validateFilter', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('191', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('192', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('184', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('185', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('187', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('181', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUser', null, 'regex expected', null, 'idp.authn.RemoteUser.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('202', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'A regular expression that must match the username', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('158', 'JAASAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited set of JAAS application configuration names to use', '4.1', null, null, null, 'ShibUserPassAuth', 'idp.authn.JAAS.loginConfigNames', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('164', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.External', null, null, 'contextRelative:external.jsp', 'idp.authn.External.externalAuthnPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('221', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Servlet-relative path to the SPNEGO external authentication implementation', '4.1', 'idp.authn.SPNEGO', null, 'URL path', '/Authn/SPNEGO', 'idp.authn.SPNEGO.externalAuthnPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('207', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.RemoteUserInternal', null, null, '1000', 'idp.authn.RemoteUserInternal.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('224', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.SPNEGO', null, 'regex expected', null, 'idp.authn.SPNEGO.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('211', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.RemoteUserInternal.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('206', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('214', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.RemoteUserInternal.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('216', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('217', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('230', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SPNEGO.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('208', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('215', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.RemoteUserInternal.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('540', 'OPMetadataPolicies', 'oidc.properties', 'Full path to the file containing default metadata policy used for dynamic client registration', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.dynreg.defaultMetadataPolicyFile', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('205', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'contextRelative:external.jsp', 'idp.authn.RemoteUserInternal.externalAuthnPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('225', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Name of cookie used to track auto-login state of client', '4.2', 'idp.authn.SPNEGO', null, null, '_idp_spnego_autologin', 'idp.authn.SPNEGO.cookieName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('303', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.integrationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('304', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.secretKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('197', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited lists of request attributes to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('226', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.SPNEGO', null, null, '1000', 'idp.authn.SPNEGO.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('218', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('236', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('250', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('251', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('242', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('234', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SPNEGO.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('248', 'X509AuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('249', 'X509AuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('263', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509Internal.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('243', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('244', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('399', 'ReloadableServices', 'services.properties', 'Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry', 'all', null, null, null, 'true', 'idp.service.attribute.registry.encodeType', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('403', 'ReloadableServices', 'services.properties', 'Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.resolver.maskFailures', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('405', 'ReloadableServices', 'services.properties', 'Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther', '4.2', null, null, null, 'true', 'idp.service.attribute.resolver.suppressDisplayInfo', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('264', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509Internal.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('198', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of request headers to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkHeaders', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('203', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to accept while blocking all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.allowedUsernames', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('204', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to deny while accepting all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.deniedUsernames', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('219', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.RemoteUserInternal.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('360', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:mace:shibboleth:1.0:nameIdentifier', 'idp.nameid.saml1.default', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('241', 'X509AuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.X509', null, null, '1000', 'idp.authn.X509.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('256', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.X509Internal.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('237', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step', '4.1', null, null, null, null, 'idp.authn.SAML.outboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('265', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('266', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('291', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.Function.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('292', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.Function.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('579', 'OPSubClaim', 'oidc.properties', 'Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('598', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.secretKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('608', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI integration key supplied by Duo', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.nonbrowser.integrationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('643', 'Metadatagen', 'mdgen.properties', 'A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.displayname.', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('279', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('280', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('293', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('294', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('319', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('320', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('353', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('314', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.Duo.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('311', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('336', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.SAML.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('358', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for generating transient IDs', 'all', null, null, 'Bean ID of a TransientIdGenerationStrategy', 'shibboleth.CryptoTransientIdGenerator', 'idp.transientId.generator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('333', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', null, null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SAML.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('348', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.MFA.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('327', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of Function to run at the late stages of Response decoding/processing', '4.1', null, null, null, null, 'idp.authn.SAML.inboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('328', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of AssertionValidator to run', '4.1', null, null, null, null, 'idp.authn.SAML.assertionValidator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('338', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('339', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('337', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SAML.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('351', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.MFA.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('352', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.MFA.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('330', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.SAML.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('296', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Function', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.Function.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('305', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Factor', 'idp.duo.nonbrowser.header.factor', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('306', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Device', 'idp.duo.nonbrowser.header.device', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('331', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('332', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('335', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.SAML.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('307', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Passcode', 'idp.duo.nonbrowser.header.passcode', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('299', 'DuoAuthnConfiguration', 'authn/duo.properties', 'A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, "Generate an akey".', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.applicationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('300', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.integrationKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('322', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Duo', null, null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.Duo.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('301', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.secretKey', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('325', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Statically-defined entityID of IdP to use for authentication', '4.1', null, null, null, null, 'idp.authn.SAML.proxyEntityID', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('359', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'idp.nameid.saml2.default', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('329', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.SAML.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('344', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.MFA', null, null, '1000', 'idp.authn.MFA.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('340', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('370', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services', 'all', null, null, null, 'shibboleth.ComputedIdExceptionMap', 'idp.persistentId.exceptionMap', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('388', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for RelyingPartyConfiguration', 'all', null, null, null, 'shibboleth.RelyingPartyResolverResources', 'idp.service.relyingparty.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('367', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'An encoded form of the persistentId.salt', 'all', null, null, null, null, 'idp.persistentId.encodedSalt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('389', 'ReloadableServices', 'services.properties', 'Fail at startup if RelyingPartyConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.relyingparty.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('362', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies a data source for storage-based management of persistent IDs', 'all', null, null, 'Bean ID of a JDBC DataSource', null, 'idp.persistentId.dataSource', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('361', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for sourcing persistent IDs', 'all', null, null, 'Bean ID of a PairwiseIdStore', 'shibboleth.ComputedPersistentIdGenerator', 'idp.persistentId.generator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('391', 'ReloadableServices', 'services.properties', 'See MetadataDrivenConfiguration SAML Attribute Name Format Usage', 'all', null, null, null, 'false', 'idp.service.relyingparty.ignoreUnmappedEntityAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('393', 'ReloadableServices', 'services.properties', 'Fail at startup if MetadataConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.metadata.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('368', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The hash algorithm used when using computed persistent IDs', 'all', null, null, null, 'SHA', 'idp.persistentId.algorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('423', 'ReloadableServices', 'services.properties', 'Seconds between reloads of message property resources', 'all', null, null, null, '300', 'idp.message.cacheSeconds', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('392', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for MetadataConfiguration', 'all', null, null, null, 'shibboleth.MetadataResolverResources', 'idp.service.metadata.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('396', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeRegistryConfiguration', 'all', null, null, null, 'shibboleth.AttributeRegistryResources', 'idp.service.attribute.registry.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('400', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeResolverConfiguration', 'all', null, null, null, 'shibboleth.AttributeResolverResources', 'idp.service.attribute.resolver.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('398', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.registry.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('406', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeFilterConfiguration', 'all', null, null, null, 'shibboleth.AttributeFilterResources', 'idp.service.attribute.filter.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('402', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.resolver.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('410', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for NameIDGenerationConfiguration', 'all', null, null, null, 'shibboleth.NameIdentifierGenerationResources', 'idp.service.nameidGeneration.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('413', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AccessControlConfiguration', 'all', null, null, null, 'shibboleth.AccessControlResource', 'idp.service.access.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('416', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for CASServiceRegistry configuration', 'all', null, null, null, 'shibboleth.CASServiceRegistryResources', 'idp.service.cas.registry.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('408', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.filter.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('412', 'ReloadableServices', 'services.properties', 'Time to notice changes to NameIDGenerationConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.nameidGeneration.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('415', 'ReloadableServices', 'services.properties', 'Time to notice changes to AccessControlConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.access.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('418', 'ReloadableServices', 'services.properties', 'Time to notice CASServiceRegistry configuration changes and reload service', 'all', null, null, null, '0', 'idp.service.cas.registry.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('421', 'ReloadableServices', 'services.properties', 'Time to notice ManagedBeanConfiguration changes and reload service', 'all', null, null, null, '0', 'idp.service.managedBean.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('369', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64', 'all', null, null, null, 'BASE64', 'idp.persistentId.encoding', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('397', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeRegistryConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.registry.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('401', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeResolverConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('404', 'ReloadableServices', 'services.properties', 'Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.stripNulls', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('407', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeFilterConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.filter.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('411', 'ReloadableServices', 'services.properties', 'Fail at startup if NameIDGenerationConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.nameidGeneration.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('417', 'ReloadableServices', 'services.properties', 'Fail at startup if CASServiceRegistry configuration is invalid', 'all', null, null, null, 'false', 'idp.service.cas.registry.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('373', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of error strings to identify as retryable failures', '4.1', null, null, null, '23000,23505', 'idp.persistentId.retryableErrors', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('364', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable', 'all', null, null, null, null, 'idp.persistentId.sourceAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('375', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides the name of the table in the database', '4.1', null, null, null, 'shibpid', 'idp.persistentId.tableName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('376', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localEntity', 'idp.persistentId.localEntityColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('377', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerEntity', 'idp.persistentId.peerEntityColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('378', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'principalName', 'idp.persistentId.principalNameColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('379', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localId', 'idp.persistentId.sourceIdColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('380', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'persistentId', 'idp.persistentId.persistentIdColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('381', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerProvidedId', 'idp.persistentId.peerProvidedIdColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('419', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for ManagedBeanConfiguration', 'all', null, null, null, 'shibboleth.ManagedBeanResources', 'idp.service.managedBean.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('422', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying Spring message property resources', 'all', null, null, null, 'shibboleth.MessageSourceResources', 'idp.message.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('560', 'OPDiscovery', 'oidc.properties', 'Implementation bean for discovery shouldn''t require alteration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.DefaultOpenIdConfigurationResolver', 'idp.oidc.discovery.resolver', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('574', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function called shibboleth.oidc.AllowedScopeStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedScope', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('575', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedAudience', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('570', 'OPDynamicClientRegistration', 'oidc.properties', 'Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy', 'idp.oidc.admin.registration.lookup.policy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('382', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'creationDate', 'idp.persistentId.createTimeColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('383', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'deactivationDate', 'idp.persistentId.deactivationTimeColumn', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('573', 'OPClientResolution', 'oidc.properties', 'Name of bean used to define the resources to use in configuring this service', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ClientInformationResolverResources', 'idp.service.clientinfo.resources', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('650', 'OIDC OP', 'oidc.properties', 'Storage for storing remote jwk sets.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.StorageService', 'idp.oidc.jwk.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('433', 'MetadataReload', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('434', 'MetadataReload', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.reload.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('366', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'A secret salt for the hash when using computed persistent IDs', 'all', null, null, null, null, 'idp.persistentId.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('428', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('430', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('424', 'Status', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Status', 'idp.status.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('425', 'Status', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.status.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('431', 'MetadataReload', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Reload', 'idp.reload.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('435', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('438', 'AACLI', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'ResolverTest', 'idp.resolvertest.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('437', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('497', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of subjectAltName extension types to look for', '4.1', null, null, 'Comma seperated list of integer values', null, 'idp.c14n.x500.subjectAltNameTypes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('439', 'AACLI', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.resolvertest.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('442', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('444', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('445', 'MetadataQuery', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'MetadataQuery', 'idp.mdquery.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('498', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attribute OIDs to search for in the subject DN', '4.1', null, null, 'Comma seperated list of integer values', '2,5,4,3', 'idp.c14n.x500.objectIDs', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('493', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.c14n.attribute.resolutionCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('651', 'OIDC OP', 'oidc.properties', 'Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.metadata.saml', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('655', 'OIDC OP', 'oidc.properties', 'Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultRequestLoginHintLookupFunction', 'idp.oidc.LoginHintLookupStrategy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('656', 'OIDC OP', 'oidc.properties', 'Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultSPSessionCreationStrategy', 'idp.oidc.SPSessionCreationStrategy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('19', 'SecurityConfiguration', 'idp.properties', 'Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.', 'all', null, null, 'Bean ID of DataSealerKeyStrategy', 'shibboleth.DataSealerKeyStrategy', 'idp.sealer.keyStrategy', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('103', 'LogoutConfiguration', 'idp.properties', 'If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session', 'all', null, null, 'Bean ID of Predicate', 'false', 'idp.logout.promptUser', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('44', 'SecurityConfiguration', 'idp.properties', 'Overrides the X509KeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.X509KeyInfoGeneratorFactory', 'idp.security.x509KeyInfoFactory', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('64', 'SessionConfiguration', 'idp.properties', 'Bean name of a storage implementation/configuration to use for IdP sessions', 'all', null, null, 'Bean ID of StorageService (org.opensaml.storage)', 'shibboleth.ClientSessionStorageService', 'idp.session.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('312', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('446', 'MetadataQuery', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.mdquery.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('313', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('484', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('517', 'OIDC OP', 'oidc.properties', 'Set the Open ID Connect Issuer value', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.issuer', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('68', 'SessionConfiguration', 'idp.properties', 'A 2-argument predicate that compares a bound session''s address to a client address', 'all', null, null, 'BiPredicate', 'Direct string comparison', 'idp.session.consistentAddressCondition', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('518', 'OPToken', 'oidc.properties', 'Lifetime of ID token', '4.1', 'idp.oidc.OP', '3', null, 'PT1H', 'idp.oidc.idToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('524', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.encodedAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('529', 'OPAuthorization', 'oidc.properties', 'Bean ID of StorageService for revocation cache requires server-side storage', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.StorageService', 'idp.oidc.revocationCache.StorageService', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('545', 'OPSecurity', 'oidc.properties', 'Allows override of default signing configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.SigningConfiguration', 'idp.oidc.signing.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('546', 'OPSecurity', 'oidc.properties', 'Allows override of default encryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.EncryptionConfiguration', 'idp.oidc.encryption.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('547', 'OPSecurity', 'oidc.properties', 'Allows override of default request decryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.requestObjectDecryptionConfiguration', 'idp.oidc.rodecrypt.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('519', 'OPToken', 'oidc.properties', 'Lifetime of access token', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oidc.accessToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('520', 'OPAuthorization', 'oidc.properties', 'Lifetime of authorization code', '4.1', 'idp.oidc.OP', '3', null, 'PT5M', 'idp.oidc.authorizeCode.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('521', 'OPToken', 'oidc.properties', 'Lifetime of refresh token', '4.1', 'idp.oidc.OP', '3', null, 'PT2H', 'idp.oidc.refreshToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('528', 'OPRevocation', 'oidc.properties', 'Lifetime of entries in revocation cache for authorize code', '4.1', 'idp.oidc.OP', '3', null, 'PT6H', 'idp.oidc.revocationCache.authorizeCode.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('535', 'OPToken', 'oidc.properties', 'Lifetime of access token issued to client for resource server', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oauth2.accessToken.defaultLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('544', 'OPSecurity', 'oidc.properties', 'JWK RSA decryption keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-encryption-rsa.jwk', 'idp.signing.oidc.rsa.enc.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('543', 'OPSecurity', 'oidc.properties', 'JWK EC signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-es.jwk', 'idp.signing.oidc.es.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('449', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('451', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('455', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('542', 'OPSecurity', 'oidc.properties', 'JWK RSA signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-rs.jwk', 'idp.signing.oidc.rs.key', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('452', 'MetricsConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Metrics', 'idp.metrics.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('457', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('462', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.defaultAuthenticationMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('464', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('458', 'HelloWorldConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Hello', 'idp.hello.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('459', 'HelloWorldConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByAdminUser', 'idp.hello.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('527', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to omit from UserInfo token', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.deniedUserInfoAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('526', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to always include in ID token regardless of response_type', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.alwaysIncludedAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('541', 'OPDynamicClientRegistration', 'oidc.properties', 'The acceptable client authentication methods when using dynamic registration', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.dynreg.tokenEndpointAuthMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('530', 'OPToken', 'oidc.properties', 'The acceptable client authentication methods', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.tokenEndpointAuthMethods', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('531', 'OPToken', 'oidc.properties', 'OAuth grant types to allow', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'authorization_code,refresh_token', 'idp.oauth2.grantTypes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('553', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.oidc.OP', '3', null, '1000', 'idp.authn.OAuth2Client.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('565', 'OPDynamicClientRegistration', 'oidc.properties', 'Default access token lifetime if not specified', '4.1', 'idp.oidc.OP', '3', null, 'P1D', 'idp.oidc.admin.registration.defaultTokenLifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('572', 'OPClientResolution', 'oidc.properties', 'When non-zero enables monitoring of resources for service reload', '4.1', 'idp.oidc.OP', '3', null, 'PT0S', 'idp.service.clientinfo.checkInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('555', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.Conditions.TRUE', 'idp.authn.OAuth2Client.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('558', 'OPCustomFilterRegistration', 'oidc.properties', 'By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ResponseHeaderFilter', 'idp.oidc.ResponseHeaderFilter', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('35', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default EncryptionConfiguration', 'all', null, null, 'Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)', 'shibboleth.EncryptionConfiguration.CBC', 'idp.encryption.config', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('43', 'SecurityConfiguration', 'idp.properties', 'Overrides the BasicKeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.BasicKeyInfoGeneratorFactory', 'idp.security.basicKeyInfoFactory', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('39', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify TLS certificates', 'all', null, null, 'Bean ID of TrustEngine (org.opensaml.security.trust)', 'shibboleth.ChainingX509TrustEngine', 'idp.trust.certificates', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('550', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether all validators must succeed or just one', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.authn.OAuth2Client.requireAll', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('552', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution', '4.1', 'idp.oidc.OP', '3', 'use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.', 'false', 'idp.authn.OAuth2Client.retainAsPrivateCredential', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('563', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to enable user authentication for requests', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('466', 'AccountLockoutManagement', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.lockout.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('472', '?', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Storage', 'idp.storage.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('473', '?', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.storage.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('478', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'UnlockKeys', 'idp.unlock-keys.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('561', 'OPDynamicClientRegistration', 'oidc.properties', 'Audit logging label for this profile', '4.1', 'idp.oidc.OP', '3', null, 'IssueRegistrationAccessToken', 'idp.oidc.admin.registration.logging', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('566', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to all requests', '4.1', 'idp.oidc.OP', '3', null, 'AccessByIPAddress', 'idp.oidc.admin.registration.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('584', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.DuoOIDC.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('610', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Factor', 'idp.duo.oidc.nonbrowser.header.factor', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('580', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.DuoOIDC', '1', null, '1000', 'idp.authn.DuoOIDC.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('587', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.DuoOIDC.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('479', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.unlock-keys.accessPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('483', 'AttendedRestartConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.unlock-keys.postAuthenticationFlows', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('490', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)', '4.1', null, null, null, null, 'idp.c14n.attribute.attributesToResolve', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('588', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.DuoOIDC.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('491', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue', '4.1', null, null, null, null, 'idp.c14n.attribute.attributeSourceIds', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('503', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml1sso', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('591', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.authn.DuoOIDC.subjectDecorator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('589', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('590', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('315', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('316', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('481', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.unlock-keys.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('482', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.unlock-keys.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('485', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('581', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('45', 'CSRF', 'idp.properties', 'Enables CSRF protection', '4', null, null, null, 'true', 'idp.csrf.enabled', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('522', 'OPToken', 'oidc.properties', 'Whether client is required to use PKCE', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.forcePKCE', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('615', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for the connection to be established', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('612', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Passcode', 'idp.duo.oidc.nonbrowser.header.passcode', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('642', 'Metadatagen', 'mdgen.properties', 'The width of the logo in pixels', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.width', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('635', 'TOTP', 'authn/authn.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.TOTP', '1', null, null, 'idp.authn.TOTP.subjectDecorator', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('633', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.reuseCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('616', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for a connection to be returned from the connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionRequestTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('617', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum period inactivity between two consecutive data packets', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.socketTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('631', 'TOTP', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.TOTP.lifetime', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('632', 'TOTP', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.TOTP.inactivityTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('641', 'Metadatagen', 'mdgen.properties', 'The height of the logo in pixels.', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.height', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('634', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.activationCondition', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('628', 'TOTP', 'authn/authn.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.TOTP.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('620', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'To enable certificate revocation checking', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'false', 'idp.duo.oidc.nimbus.checkRevocation', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('625', 'TOTP', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('626', 'TOTP', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('53', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)', 'all', null, null, null, 'true', 'idp.errors.signed', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('504', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml1attrquery', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('505', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml1artifact', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('506', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml2sso', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('618', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max total simultaneous connections allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsTotal', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('619', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max simultaneous connections per route allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsPerRoute', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('624', 'TOTP', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.TOTP', '1', null, '1000', 'idp.authn.TOTP.order', 'INTEGER', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('640', 'Metadatagen', 'mdgen.properties', 'Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path (''/path/to/logo'') is use', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.logo.path', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('639', 'Metadatagen', 'mdgen.properties', 'Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.backchannel.cert', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('638', 'Metadatagen', 'mdgen.properties', 'Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.dnsname', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('647', 'OIDC OP', 'oidc.properties', 'The validity of client secret registered', '4.1', 'idp.oidc.OP', '3', 'no doc', 'P12M', 'idp.oidc.dynreg.defaultSecretExpiration', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('652', 'OIDC OP', 'oidc.properties', 'Upgrade interval to the remote JWKs', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT30M', 'idp.oidc.jwksuri.fetchInterval', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('653', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT5M', 'idp.oidc.config.minRefreshDelay', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('654', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT4H', 'idp.oidc.config.maxRefreshDelay', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('507', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml2attrquery', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('508', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml2artifact', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('509', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.saml2slo', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('510', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.logout', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('511', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.cas', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('512', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Status', 'idp.service.logging.status', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('513', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ResolverTest', 'idp.service.logging.resolvertest', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('514', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Reload', 'idp.service.logging.serviceReload', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('515', 'AuditLoggingConfiguration', 'services.properties', 'Hash algorithm to apply to various hashed fields', '4.1', null, null, null, 'SHA-256', 'idp.audit.hashAlgorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('516', 'AuditLoggingConfiguration', 'services.properties', 'Salt to apply to hashed fields must be set to use those fields', '4.1', null, null, null, null, 'idp.audit.salt', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('536', 'OPRevocation', 'oidc.properties', 'The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token', '4.1', 'idp.oidc.OP', '3', null, 'CHAIN', 'idp.oauth2.revocationMethod', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('538', 'OPDynamicClientRegistration', 'oidc.properties', 'The default scopes accepted in dynamic registration', '4.1', 'idp.oidc.OP', '3', null, 'openid profile email address phone offline_access', 'idp.oidc.dynreg.defaultScope', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('539', 'OPDynamicClientRegistration', 'oidc.properties', 'The default subject type if not set by client in request. Maybe set to pairwise or public.', '4.1', 'idp.oidc.OP', '3', null, 'public', 'idp.oidc.dynreg.defaultSubjectType', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('533', 'OPToken', 'oidc.properties', 'Format of access token. Supported values are JWT or nothing.', '4.1', 'idp.oidc.OP', '3.2', null, null, 'idp.oauth2.accessToken.type', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('567', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyLocation', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyLocationPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('568', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyIdPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('569', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a clientId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.clientIdPolicy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('577', 'OPSubClaim', 'oidc.properties', 'The source attribute used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.sourceAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('578', 'OPSubClaim', 'oidc.properties', 'The digest algorithm used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, 'SHA', 'idp.oidc.subject.algorithm', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('594', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'DuoOIDC API hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.apiHost', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('649', 'OIDC OP', 'oidc.properties', 'Bean to determine whether dynamic registration should validate the remote JWK set if it''s defined in the request', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.dynreg.validateRemoteJwks', 'SPRING_BEAN_ID', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('1', 'Core', 'idp.properties', 'Auto-load all files matching conf/**/*.properties', '4', null, null, null, 'true', 'idp.searchForProperties', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('5', 'RelyingPartyConfiguration', 'idp.properties', 'Whether to allow use of the SAML artifact bindings when sending messages', 'all', null, null, null, 'true', 'idp.artifact.enabled', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('6', 'RelyingPartyConfiguration', 'idp.properties', 'Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)', 'all', null, null, null, 'true', 'idp.artifact.secureChannel', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('9', 'RelyingPartyConfiguration', 'idp.properties', 'Controls whether the outbound binding selection is ordered by the SP''s metadata or the IdP''s preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also', '4.1', null, null, null, 'true', 'idp.bindings.inMetadataOrder', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('13', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property', 'all', null, null, null, 'true', 'idp.cookie.httpOnly', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('595', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The OAuth 2.0 Client Identifier valid at the Authorization Server', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.clientId', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('596', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Redirection URI to which the 2FA response will be sent', '4.1', 'idp.authn.DuoOIDC', '1', 'ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback', null, 'idp.duo.oidc.redirectURL', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('592', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.DuoOIDC.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('597', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.redirecturl.allowedOrigins', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('599', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 health check endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/health_check', 'idp.duo.oidc.endpoint.health', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('600', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 token endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.endpoint.token', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('601', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 authorization endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/authorize', 'idp.duo.oidc.endpoint.authorize', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('604', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.jwt.verifier.issuerPath', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('605', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'preferred_username', 'idp.duo.oidc.jwt.verifier.preferredUsername', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('607', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.duo.oidc.apiHost}', 'idp.duo.oidc.nonbrowser.apiHost', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('611', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Device', 'idp.duo.oidc.nonbrowser.header.device', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('621', 'TOTP', 'authn/authn.properties', 'Name of request header to use for extracting non-browser submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'X-Shibboleth-TOTP', 'idp.authn.TOTP.headerName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('622', 'TOTP', 'authn/authn.properties', 'Name of HTML form field to use for locating browser-submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'tokencode', 'idp.authn.TOTP.fieldName', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('623', 'TOTP', 'authn/authn.properties', 'Name of IdPAttribute to resolve to obtain token seeds for users', '4.1', 'idp.authn.TOTP', '1', null, 'tokenSeeds', 'idp.authn.TOTP.tokenSeedAttribute', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('636', 'TOTP', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.TOTP', '1', null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken', 'idp.authn.TOTP.supportedPrincipals', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('645', 'Metadatagen', 'mdgen.properties', 'Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.description.', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('365', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Whether or not the previous property has access to unreleased attributes', 'all', null, null, null, 'true', 'idp.persistentId.useUnfilteredAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('150', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections in the background', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.pool.LDAP.validatePeriodically', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('142', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Expired Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordExpiration', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('614', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Pass client address to Duo in API calls to support logging', '4.1', 'idp.authn.DuoOIDC', '1', 'push display', 'true', 'idp.duo.oidc.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('140', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryWithBindDN', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('129', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'How to establish trust in the server''s TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'certificateTrust', 'idp.authn.LDAP.sslConfig', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('125', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether StartTLS should be used after connecting with LDAP alone.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.authn.LDAP.useStartTLS', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('149', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections when checking them out of the pool', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.pool.LDAP.validateOnCheckout', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('144', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.freeIPADirectory', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('143', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the ''adAuthenticator''. It is meant to be specified with one of the other authenticator types.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.activeDirectory', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('146', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether connection pools should be used for LDAP authentication and DN resolution', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.disablePooling', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('145', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.eDirectory', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('126', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for the TCP connection to occur.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.connectTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('157', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindPoolPassivator', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('128', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'ACTIVE_PASSIVE', 'idp.authn.LDAP.connectionStrategy', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('127', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for an LDAP response message', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.responseTimeout', 'DURATION', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('123', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'anonSearchAuthenticator', 'idp.authn.LDAP.authenticator', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('136', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDN', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('139', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be returned in the authentication response even when the user bind fails.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryOnFailure', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('133', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.baseDN', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('132', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'List of attributes to request during authentication', 'all', null, null, 'Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.returnAttributes', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('135', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.userFilter', 'STRING', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('134', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.subtreeSearch', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('62', 'StorageConfiguration', 'idp.properties', 'Whether storage errors during replay checks should be treated as a replay', 'all', null, null, null, 'true', 'idp.replayCache.strict', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('63', 'SessionConfiguration', 'idp.properties', 'Whether to enable the IdP''s session tracking feature', 'all', null, null, null, 'true', 'idp.session.enabled', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('67', 'SessionConfiguration', 'idp.properties', 'Whether to bind IdP sessions to IP addresses', 'all', null, null, null, 'true', 'idp.session.consistentAddress', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('78', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication', '4.1', null, null, null, 'true', 'idp.authn.proxyRestrictionsEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('80', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to populate information about the relying party into the tree for user interfaces during login and interceptors', 'all', null, null, null, 'true', 'idp.authn.rpui', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('94', 'ConsentConfiguration', 'idp.properties', 'Whether not remembering/storing consent is allowed', 'all', null, null, null, 'true', 'idp.consent.allowDoNotRemember', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('95', 'ConsentConfiguration', 'idp.properties', 'Whether consent to any attribute and to any relying party is allowed', 'all', null, null, null, 'true', 'idp.consent.allowGlobal', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('102', 'LogoutConfiguration', 'idp.properties', 'Whether to require signed logout messages in accordance with the SAML 2.0 standard', 'all', null, null, null, 'true', 'idp.logout.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('118', 'AuditLoggingConfiguration', 'services.properties', 'Set false if you want SAML bindings "spelled out" in audit log', 'all', null, null, null, 'true', 'idp.audit.shortenBindings', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('179', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.External', null, null, 'true', 'idp.authn.External.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('195', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUser', null, null, 'true', 'idp.authn.RemoteUser.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('196', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to check REMOTE_USER for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.checkRemoteUser', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('199', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to trim leading and trailing whitespace from the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('220', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('646', 'OIDC OP', 'oidc.properties', 'Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides', '4.1', 'idp.oidc.OP', '3', 'no doc', 'false', 'idp.oidc.encryptionOptional', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('239', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, 'true', 'idp.authn.SPNEGO.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('254', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.X509', null, null, 'true', 'idp.authn.X509.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('255', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to save the certificate into the Subject''s public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.saveCertificateToCredentialSet', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('269', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('283', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.IPAddress', null, null, 'true', 'idp.authn.IPAddress.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('297', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Function', null, null, 'true', 'idp.authn.Function.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('308', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Allow the factor to be defaulted to auto if no headers are received', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.auto', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('309', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('323', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Duo', null, null, 'true', 'idp.authn.Duo.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('342', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.SAML.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('343', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions', '4.1', null, null, null, 'true', 'idp.authn.MFA.validateLoginTransitions', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('357', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.MFA', null, null, 'true', 'idp.authn.MFA.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('374', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.', '4.1', null, null, null, 'true', 'idp.persistentId.verifyDatabase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('386', 'ReloadableServices', 'services.properties', 'Fail at startup if logging configuration is invalid', 'all', null, null, null, 'true', 'idp.service.logging.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('395', 'ReloadableServices', 'services.properties', 'Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost', 'all', null, null, null, 'true', 'idp.service.metadata.enableByReferenceFilters', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('409', 'ReloadableServices', 'services.properties', 'Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.filter.maskFailures', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('414', 'ReloadableServices', 'services.properties', 'Fail at startup if AccessControlConfiguration is invalid', 'all', null, null, null, 'true', 'idp.service.access.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('460', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('463', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('480', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.unlock-keys.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('486', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.simple.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('489', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.attribute.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('496', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.x500.trim', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('551', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to remove the object holding the password from the request''s active state after validating it (to avoid it being preserved in the session any longer than needed)', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.removeAfterValidation', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('557', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('562', 'OPDynamicClientRegistration', 'oidc.properties', 'Enables support for non-browser-based authentication', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.oidc.admin.registration.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('583', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.authn.DuoOIDC.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('613', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Allow the factor to be defaulted in as "auto" if no headers are received', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.duo.oidc.nonbrowser.auto', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('627', 'TOTP', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.TOTP', '1', null, 'true', 'idp.authn.TOTP.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('648', 'OIDC OP', 'oidc.properties', 'Regardless of what signing algorithms are configured allow none for request object signing', '4.1', 'idp.oidc.OP', '3', 'no doc', 'true', 'idp.oidc.dynreg.allowNoneForRequestSigning', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('83', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set', '4', null, null, null, 'false', 'idp.authn.overrideRequestedAuthnContext', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('96', 'ConsentConfiguration', 'idp.properties', 'Whether per-attribute consent is allowed', 'all', null, null, null, 'false', 'idp.consent.allowPerAttribute', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('97', 'ConsentConfiguration', 'idp.properties', 'Whether attribute values and terms of use text are stored and compared for equality', 'all', null, null, null, 'false', 'idp.consent.compareValues', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('101', 'LogoutConfiguration', 'idp.properties', 'Whether to search metadata for user interface information associated with every service involved in logout propagation', 'all', null, null, null, 'false', 'idp.logout.elaboration', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('104', 'LogoutConfiguration', 'idp.properties', 'Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic', '4.1', null, null, null, 'false', 'idp.logout.preserveQuery', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('105', 'LogoutConfiguration', 'idp.properties', 'When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints', '4.2', null, null, null, 'false', 'idp.logout.assumeAsync', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('111', 'CasProtocolConfiguration', 'idp.properties', 'If true CAS services provisioned with SAML metadata are identified via entityID', 'all', null, null, null, 'false', 'idp.cas.relyingPartyIdFromMetadata', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('160', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', null, null, null, 'false', 'idp.authn.Krb5.refreshConfig', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('523', 'OPToken', 'oidc.properties', 'Whether client is allowed to use PKCE code challenge method plain', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.allowPKCEPlain', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('161', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to preserve the resulting Kerberos TGT in the Java Subject''s private credential set', '4.1', null, null, null, 'false', 'idp.authn.Krb5.preserveTicket', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('167', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('168', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('169', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('171', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('172', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('188', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('200', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to lowercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('201', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to uppercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('209', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('210', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('212', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('213', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('222', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to always try to run SPNEGO independent of the user''s auto-login setting', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.enforceRun', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('223', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.refreshKrbConfig', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('227', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('228', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('229', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('231', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('232', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('246', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('247', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('257', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('258', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('259', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('261', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('262', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('273', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('275', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('276', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('285', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('286', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('287', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('289', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('290', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('334', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.SAML.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('345', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('346', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('347', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.forcedAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('349', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('350', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('420', 'ReloadableServices', 'services.properties', 'Fail at startup if ManagedBeanConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.managedBean.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('426', 'Status', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('427', 'Status', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.status.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('429', 'Status', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('436', 'MetadataReload', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('440', 'AACLI', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('441', 'AACLI', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.resolvertest.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('443', 'AACLI', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('447', 'MetadataQuery', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('448', 'MetadataQuery', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.mdquery.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('450', 'MetadataQuery', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('453', 'MetricsConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('454', 'MetricsConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.metrics.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('456', 'MetricsConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('461', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.hello.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('467', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('468', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.lockout.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('470', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('474', '?', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.authenticated', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('475', '?', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.storage.nonBrowserSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('477', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('487', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('488', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('492', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service', '4.1', null, null, null, 'false', 'idp.c14n.attribute.resolveFromSubject', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('494', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('495', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('499', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('500', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('501', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.lowercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('502', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.uppercase', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('525', 'OPAuthorization', 'oidc.properties', 'Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.encodeConsentInTokens', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('532', 'OPToken', 'oidc.properties', 'Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.', '4.1', 'idp.oidc.OP', '3.2', null, 'false', 'idp.oauth2.enforceRefreshTokenRotation', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('534', 'OPToken', 'oidc.properties', 'Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oauth2.encryptionOptional', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('564', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to resolve attributes if authentication is enabled', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.resolveAttributes', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('571', 'OPClientResolution', 'oidc.properties', 'If true any failures during initialization of any resolvers result in IdP startup failure', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.service.clientinfo.failFast', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('582', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.passiveAuthenticationSupported', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('585', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.DuoOIDC', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.DuoOIDC.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('586', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('593', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.addDefaultPrincipals', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('629', 'TOTP', 'authn/authn.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.TOTP', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.TOTP.proxyScopingEnforced', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('630', 'TOTP', 'authn/authn.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.discoveryRequired', 'BOOLEAN', null, null); +INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('637', 'TOTP', 'authn/authn.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.addDefaultPrincipals', 'BOOLEAN', null, null); \ No newline at end of file From b24b378f6dea8970f318600aef51fbc05a311f33 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 14:25:27 -0700 Subject: [PATCH 09/63] SHIBUI-2268 load properties to database from csv configuration on startup --- .../ui/service/ShibPropertiesBootstrap.groovy | 70 ++ .../CustomPropertiesConfiguration.java | 13 +- .../ui/domain/ShibConfigurationProperty.java | 12 +- .../ShibConfigurationRepository.java | 15 + ...EntityAttributesDefinitionServiceImpl.java | 4 +- .../ui/service/ShibConfigurationService.java | 12 + .../service/ShibConfigurationServiceImpl.java | 25 + backend/src/main/resources/application.yml | 15 +- .../resources/shib_configuration_prop.csv | 656 ++++++++++++++++++ 9 files changed, 813 insertions(+), 9 deletions(-) create mode 100644 backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java create mode 100644 backend/src/main/resources/shib_configuration_prop.csv diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy new file mode 100644 index 000000000..daf75b61e --- /dev/null +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy @@ -0,0 +1,70 @@ +package edu.internet2.tier.shibboleth.admin.ui.service + +import com.opencsv.CSVReader +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty +import groovy.util.logging.Slf4j +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.context.event.ApplicationStartedEvent +import org.springframework.context.event.EventListener +import org.springframework.core.io.ClassPathResource +import org.springframework.core.io.Resource +import org.springframework.stereotype.Component + +import javax.transaction.Transactional + +@Component +@Slf4j +class ShibPropertiesBootstrap { + @Autowired + private ShibConfigurationService service + + ShibPropertiesBootstrap(ShibConfigurationService service) { + this.service = service + } + + @Transactional + @EventListener + void bootstrapUsersAndRoles(ApplicationStartedEvent e) { + log.info("Ensuring base Shibboleth properties configuration has loaded") + + Resource resource = new ClassPathResource('shib_configuration_prop.csv') + final HashMap propertiesMap = new HashMap<>() + + // Read in the defaults in the configuration file + new CSVReader(new InputStreamReader(resource.inputStream)).each { fields -> + def (resource_id,category,config_file,description,idp_version,module,module_version,note,default_value,property_name,property_type,selection_items,property_value) = fields + ShibConfigurationProperty prop = new ShibConfigurationProperty().with { + it.resourceId = resource_id + it.category = category + it.configFile = config_file + it.description = description + it.idpVersion = idp_version + it.module = module + it.moduleVersion = module_version + it.note = note + it.defaultValue = default_value + it.description = description + it.propertyName = property_name + def pt = property_type + it.setPropertyType(pt) + it.selectionItems = selection_items + // we shouldn't have property values coming in from the config... + it + } + propertiesMap.put(prop.getPropertyName(), prop) + } + + // If we already have the property in the db, ignore the configuration setup for that property + service.getExistingPropertyNames().each { + propertiesMap.remove(it) + } + + // Save anything that's left + if (propertiesMap.size() > 0) { + log.info("Saving/loading [" + propertiesMap.size() + "] properties to the database") + service.addAll(propertiesMap.values()) + } + + log.info("COMPLETED: ensuring base Shibboleth properties configuration has loaded") + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index af8aef206..9a85e48a2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -2,21 +2,20 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.IRelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; - import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.ApplicationListener; import org.springframework.context.annotation.Configuration; +import javax.annotation.PostConstruct; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.annotation.PostConstruct; - @Configuration @ConfigurationProperties(prefix = "custom") public class CustomPropertiesConfiguration implements ApplicationListener { @@ -28,6 +27,8 @@ public class CustomPropertiesConfiguration implements ApplicationListener overridesFromConfigFile = new ArrayList<>(); + private List shibprops = new ArrayList<>(); + private void buildRelyingPartyOverrides() { // Start over with a clean map and get the CustomEntityAttributesDefinitions from the DB HashMap reloaded = new HashMap<>(); @@ -68,6 +69,7 @@ public void onApplicationEvent(CustomEntityAttributeDefinitionChangeEvent arg0) public void postConstruct() { // Make sure we have the right data buildRelyingPartyOverrides(); + updateShibPropsDatabase(); } public void setAttributes(List> attributes) { @@ -85,4 +87,7 @@ public void setCeadService(CustomEntityAttributesDefinitionService ceadService) public void setOverrides(List overridesFromConfigFile) { this.overridesFromConfigFile = overridesFromConfigFile; } -} + + private void updateShibPropsDatabase() { + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java index 945f9ff96..345592ae3 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java @@ -22,7 +22,7 @@ public class ShibConfigurationProperty { @Column(name = "config_file", nullable = false) String configFile; - @Column(name = "default_value", nullable = false) + @Column(name = "default_value") String defaultValue; @Column(name = "description") @@ -46,8 +46,16 @@ public class ShibConfigurationProperty { @Column(name = "property_type", nullable = false) PropertyType propertyType; - @Column(name = "property_value", nullable = false) + @Column(name = "property_value") String propertyValue; + + @Column(name = "selection_items") + String selectionItems; + + public void setPropertyType(String val) { + this.propertyType = PropertyType.valueOf(val); + } + } enum PropertyType { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java new file mode 100644 index 000000000..e5889b3cd --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java @@ -0,0 +1,15 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; + +import java.util.List; + +/** + * Repository to manage {@link ShibConfigurationProperty} instances. + */ +public interface ShibConfigurationRepository extends JpaRepository { + @Query(value = "select property_name from shib_configuration_prop", nativeQuery = true) + List getPropertyNames(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java index 6fe0a8c25..cd5893c42 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java @@ -19,7 +19,7 @@ public class CustomEntityAttributesDefinitionServiceImpl implements CustomEntity private ApplicationEventPublisher applicationEventPublisher; @Autowired - EntityManager entityManager; + EntityManager entityManager; // Why is this here - it isn't used @Autowired private CustomEntityAttributeDefinitionRepository repository; @@ -53,4 +53,4 @@ public List getAllDefinitions() { private void notifyListeners() { applicationEventPublisher.publishEvent(new CustomEntityAttributeDefinitionChangeEvent(this)); } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java new file mode 100644 index 000000000..504c60956 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -0,0 +1,12 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; + +import java.util.Collection; +import java.util.List; + +public interface ShibConfigurationService { + void addAll(Collection newProperties); + + List getExistingPropertyNames(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java new file mode 100644 index 000000000..d9d29c37f --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -0,0 +1,25 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.util.Collection; +import java.util.List; + +@Service +public class ShibConfigurationServiceImpl implements ShibConfigurationService { + @Autowired + private ShibConfigurationRepository repository; + + @Override + public void addAll(Collection newProperties) { + repository.saveAll(newProperties); + } + + @Override + public List getExistingPropertyNames() { + return repository.getPropertyNames(); + } +} \ No newline at end of file diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index bf1367934..09d922b1c 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -162,4 +162,17 @@ custom: displayType: boolean helpText: tooltip.ignore-request-signatures attributeName: http://shibboleth.net/ns/profiles/ignoreRequestSignatures - attributeFriendlyName: ignoreRequestSignatures \ No newline at end of file + attributeFriendlyName: ignoreRequestSignatures + shibprops: + - category: asd # required + configFile: kj # required + defaultValue: foo + description: blak + idpVersion: 4.1 # required + module: h + moduleVersion: 1 + note: nnn + propertyName: dddd # required + propertyType: dddd # required as one of: BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING + propertyValue: dddd + selectionItems: dddd,dddd # required if propertyType is SELECTION_LIST - comma seperated values \ No newline at end of file diff --git a/backend/src/main/resources/shib_configuration_prop.csv b/backend/src/main/resources/shib_configuration_prop.csv new file mode 100644 index 000000000..fd6b84a33 --- /dev/null +++ b/backend/src/main/resources/shib_configuration_prop.csv @@ -0,0 +1,656 @@ +474,?,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.storage.authenticated,BOOLEAN,, +472,?,admin/admin.properties,Audit log identifier for flow,4.1,,,,Storage,idp.storage.logging,STRING,, +476,?,admin/admin.properties,?,4.1,,,,,idp.storage.defaultAuthenticationMethods,STRING,, +473,?,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.storage.accessPolicy,STRING,, +475,?,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.storage.nonBrowserSupported,BOOLEAN,, +442,AACLI,admin/admin.properties,?,4.1,,,,,idp.resolvertest.defaultAuthenticationMethods,STRING,, +443,AACLI,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.resolvertest.resolveAttributes,BOOLEAN,, +439,AACLI,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.resolvertest.accessPolicy,STRING,, +438,AACLI,admin/admin.properties,Audit log identifier for flow,4.1,,,,ResolverTest,idp.resolvertest.logging,STRING,, +441,AACLI,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.resolvertest.nonBrowserSupported,BOOLEAN,, +444,AACLI,admin/admin.properties,?,4.1,,,,,idp.resolvertest.postAuthenticationFlows,STRING,, +440,AACLI,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.resolvertest.authenticated,BOOLEAN,, +466,AccountLockoutManagement,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.lockout.accessPolicy,STRING,, +467,AccountLockoutManagement,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.lockout.authenticated,BOOLEAN,, +470,AccountLockoutManagement,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.lockout.resolveAttributes,BOOLEAN,, +468,AccountLockoutManagement,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.lockout.nonBrowserSupported,BOOLEAN,, +469,AccountLockoutManagement,admin/admin.properties,?,4.1,,,,,idp.lockout.defaultAuthenticationMethods,STRING,, +471,AccountLockoutManagement,admin/admin.properties,?,4.1,,,,,idp.lockout.postAuthenticationFlows,STRING,, +465,AccountLockoutManagement,admin/admin.properties,Audit log identifier for flow,4.1,,,,Lockout,idp.lockout.logging,STRING,, +479,AttendedRestartConfiguration,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.unlock-keys.accessPolicy,STRING,, +480,AttendedRestartConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,true,idp.unlock-keys.authenticated,BOOLEAN,, +478,AttendedRestartConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,UnlockKeys,idp.unlock-keys.logging,STRING,, +477,AttendedRestartConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.storage.resolveAttributes,BOOLEAN,, +483,AttendedRestartConfiguration,admin/admin.properties,?,4.1,,,,,idp.unlock-keys.postAuthenticationFlows,STRING,, +481,AttendedRestartConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.unlock-keys.nonBrowserSupported,BOOLEAN,, +482,AttendedRestartConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.unlock-keys.resolveAttributes,BOOLEAN,, +491,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue,4.1,,,,,idp.c14n.attribute.attributeSourceIds,STRING,, +492,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service,4.1,,,,false,idp.c14n.attribute.resolveFromSubject,BOOLEAN,, +487,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.attribute.lowercase,BOOLEAN,, +493,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone,4.1,,,,shibboleth.Conditions.TRUE,idp.c14n.attribute.resolutionCondition,SPRING_BEAN_ID,, +488,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.attribute.uppercase,BOOLEAN,, +489,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.attribute.trim,BOOLEAN,, +490,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can),4.1,,,,,idp.c14n.attribute.attributesToResolve,STRING,, +512,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Status,idp.service.logging.status,STRING,, +511,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.cas,STRING,, +514,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Reload,idp.service.logging.serviceReload,STRING,, +515,AuditLoggingConfiguration,services.properties,Hash algorithm to apply to various hashed fields,4.1,,,,SHA-256,idp.audit.hashAlgorithm,STRING,, +510,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Logout,idp.service.logging.logout,STRING,, +516,AuditLoggingConfiguration,services.properties,Salt to apply to hashed fields must be set to use those fields,4.1,,,,,idp.audit.salt,STRING,, +509,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Logout,idp.service.logging.saml2slo,STRING,, +504,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,AttributeQuery,idp.service.logging.saml1attrquery,STRING,, +508,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ArtifactResolution,idp.service.logging.saml2artifact,STRING,, +507,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,AttributeQuery,idp.service.logging.saml2attrquery,STRING,, +506,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.saml2sso,STRING,, +118,AuditLoggingConfiguration,services.properties,"Set false if you want SAML bindings ""spelled out"" in audit log",all,,,,true,idp.audit.shortenBindings,BOOLEAN,, +503,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.saml1sso,STRING,, +513,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ResolverTest,idp.service.logging.resolvertest,STRING,, +505,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ArtifactResolution,idp.service.logging.saml1artifact,STRING,, +78,AuthenticationConfiguration,authn/authn.properties,Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication,4.1,,,,true,idp.authn.proxyRestrictionsEnforced,BOOLEAN,, +79,AuthenticationConfiguration,authn/authn.properties,Whether to prioritize prior authentication results when an SP requests more than one possible matching method,all,,,,false,idp.authn.favorSSO,BOOLEAN,, +82,AuthenticationConfiguration,authn/authn.properties,Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose,4.1,,,,,idp.authn.discoveryURL,STRING,, +80,AuthenticationConfiguration,authn/authn.properties,Whether to populate information about the relying party into the tree for user interfaces during login and interceptors,all,,,,true,idp.authn.rpui,BOOLEAN,, +81,AuthenticationConfiguration,authn/authn.properties,Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session.,all,,,,false,idp.authn.identitySwitchIsError,BOOLEAN,, +76,AuthenticationConfiguration,authn/authn.properties,Default amount of time to allow reuse prior authentication flows,all,,,measured since first usage,PT60M,idp.authn.defaultLifetime,DURATION,, +77,AuthenticationConfiguration,authn/authn.properties,Default inactivity timeout to prevent reuse of prior authentication flows,all,,,measured since last usage,PT30M,idp.authn.defaultTimeout,DURATION,, +75,AuthenticationConfiguration,authn/authn.properties,Required expression that identifies the login flows to globally enable,all,,,"ex. Password, MA, DUO",,idp.authn.flows,STRING,, +83,AuthenticationConfiguration,authn/authn.properties,Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set,4,,,,false,idp.authn.overrideRequestedAuthnContext,BOOLEAN,, +110,CasProtocolConfiguration,idp.properties,CAS service registry implementation class,all,,,,net.shibboleth.idp.cas.service.PatternServiceRegistry,idp.cas.serviceRegistryClass,STRING,, +109,CasProtocolConfiguration,idp.properties,"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed ""simple"" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)",all,,,,shibboleth.StorageService,idp.cas.StorageService,SPRING_BEAN_ID,, +111,CasProtocolConfiguration,idp.properties,If true CAS services provisioned with SAML metadata are identified via entityID,all,,,,false,idp.cas.relyingPartyIdFromMetadata,BOOLEAN,, +89,ConsentConfiguration,idp.properties,Name of function used to return the String storage key representing a user defaults to the principal name,all,,,,shibboleth.consent.PrincipalConsentStorageKey,idp.consent.terms-of-use.userStorageKey,SPRING_BEAN_ID,, +96,ConsentConfiguration,idp.properties,Whether per-attribute consent is allowed,all,,,,false,idp.consent.allowPerAttribute,BOOLEAN,, +97,ConsentConfiguration,idp.properties,Whether attribute values and terms of use text are stored and compared for equality,all,,,,false,idp.consent.compareValues,BOOLEAN,, +94,ConsentConfiguration,idp.properties,Whether not remembering/storing consent is allowed,all,,,,true,idp.consent.allowDoNotRemember,BOOLEAN,, +95,ConsentConfiguration,idp.properties,Whether consent to any attribute and to any relying party is allowed,all,,,,true,idp.consent.allowGlobal,BOOLEAN,, +86,ConsentConfiguration,idp.properties,Attribute whose value is the storage key representing a user,all,,,,uid,idp.consent.attribute-release.userStorageKeyAttribute,STRING,, +98,ConsentConfiguration,idp.properties,"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit",all,,,,10,idp.consent.maxStoredRecords,INTEGER,, +100,ConsentConfiguration,idp.properties,Time in milliseconds to expire consent storage records,4.x,,,"(v4.0=P1Y,v4.1=infinite)",,idp.consent.storageRecordLifetime,DURATION,, +90,ConsentConfiguration,idp.properties,Attribute whose value is the storage key representing a user,all,,,,uid,idp.consent.terms-of-use.userStorageKeyAttribute,STRING,, +91,ConsentConfiguration,idp.properties,Suffix of message property used as value of consent storage records when idp.consent.compareValues is true,all,,,,.text,idp.consent.terms-of-use.consentValueMessageCodeSuffix,STRING,, +84,ConsentConfiguration,idp.properties,Name of storage service used to store users' consent choices,all,,,,shibboleth.ClientPersistentStorageService,idp.consent.StorageService,SPRING_BEAN_ID,, +85,ConsentConfiguration,idp.properties,Name of function used to return the String storage key representing a user defaults to the principal name,all,,,,shibboleth.consent.PrincipalConsentStorageKey,idp.consent.attribute-release.userStorageKey,SPRING_BEAN_ID,, +99,ConsentConfiguration,idp.properties,"Maximum number of records stored when using larger/server-side storage, 0 = no limit",all,,,,0,idp.consent.expandedMaxStoredRecords,INTEGER,, +88,ConsentConfiguration,idp.properties,Default consent auditing formats,all,,,Logback logging pattern,%T|%SP|%e|%u|%CCI|%CCV|%CCA,idp.consent.attribute-release.auditFormat,STRING,, +93,ConsentConfiguration,idp.properties,Default consent auditing formats,all,,,Logback logging pattern,%T|%SP|%e|%u|%CCI|%CCV|%CCA,idp.consent.terms-of-use.auditFormat,STRING,, +92,ConsentConfiguration,idp.properties,Optional condition to apply to control activation of terms-of-use flow,4.1,,,,shibboleth.Conditions.TRUE,idp.consent.terms-of-use.activationCondition,SPRING_BEAN_ID,, +87,ConsentConfiguration,idp.properties,Optional condition to apply to control activation of attribute-release flow along with system default behavior,4.1,,,,shibboleth.Conditions.TRUE,idp.consent.attribute-release.activationCondition,SPRING_BEAN_ID,, +11,Core,idp.properties,applies a (fixed) scope typically a domain-valued suffix to an input attribute's values,all,,,,,idp.scope,STRING,, +2,Core,idp.properties,Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.,all,,,"Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties",,idp.additionalProperties,STRING,, +4,Core,idp.properties,Identifies the file to serve for requests to the IdP's well-known metadata location,all,,,,%{idp.home}/metadata/idp-metadata.xml,idp.entityID.metadataFile,STRING,, +47,Core,idp.properties,Auto-configures an HSTS response header,all,,,,max-age=0,idp.hsts,STRING,, +51,Core,idp.properties,"Location from which to load user-modifiable Velocity view templates. This can be set to include ""classpath*:/META-INF/net/shibboleth/idp/views"" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor",all,,,Comma seperated list of values,%{idp.home}/views,idp.views,STRING,, +107,Core,idp.properties,Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP),all,,,Bean ID of HttpClient to use for SOAP-based logout,SOAPClient.HttpClient,idp.soap.httpClient,SPRING_BEAN_ID,, +119,Core,idp.properties,Set to true to fail on velocity syntax errors,all,,,,false,idp.velocity.runtime.strictmode,BOOLEAN,, +122,Core,idp.properties,Policies to use with Impersonate interceptor flow,all,,,Policy ID,SpecificImpersonationPolicy,idp.impersonate.specificPolicy,STRING,, +50,Core,idp.properties,Location from which to load user-supplied webflows from,all,,,resource path,%{idp.home}/flows,idp.webflows,STRING,, +121,Core,idp.properties,Policies to use with Impersonate interceptor flow,all,,,Policy ID,GeneralImpersonationPolicy,idp.impersonate.generalPolicy,STRING,, +1,Core,idp.properties,Auto-load all files matching conf/**/*.properties,4,,,,true,idp.searchForProperties,BOOLEAN,, +10,Core,idp.properties,Identifies the file to serve for requests to the IdP's well-known metadata location,all,,,file pathname,%{idp.home}/metadata/idp-metadata.xml,idp.entityID.metadataFile,STRING,, +120,Core,idp.properties,Path to use with External interceptor flow,all,,,,contextRelative:intercept.jsp,idp.intercept.External.externalPath,STRING,, +108,Core,idp.properties,languages to use if no match can be found with the browser-supported languages,all,,,"Comma seperated list of values ex. en, fr, de",,idp.ui.fallbackLanguages,STRING,, +48,Core,idp.properties,Auto-configures an X-Frame-Options response header,all,,,,DENY,idp.frameoptions,SELECTION_LIST,"DENY,SAMEORIGIN", +49,Core,idp.properties,Auto-configures a Content Security Policy response header,all,,,,frame-ancestors 'none',idp.csp,STRING,, +45,CSRF,idp.properties,Enables CSRF protection,4,,,,true,idp.csrf.enabled,BOOLEAN,, +46,CSRF,idp.properties,Name of the HTTP parameter that stores the CSRF token,4,,,,csrf_token,idp.csrf.token.parameter,STRING,, +317,DuoAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.Duo,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.Duo.lifetime,DURATION,, +305,DuoAuthnConfiguration,authn/duo.properties,Name of HTTP request header for Duo AuthAPI factor,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,X-Shibboleth-Duo-Factor,idp.duo.nonbrowser.header.factor,STRING,, +311,DuoAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.Duo,,,false,idp.authn.Duo.nonBrowserSupported,BOOLEAN,, +314,DuoAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.Duo,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.Duo.proxyRestrictionsEnforced,BOOLEAN,, +320,DuoAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.Duo,,,shibboleth.Conditions.TRUE,idp.authn.Duo.activationCondition,SPRING_BEAN_ID,, +319,DuoAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.Duo,,,shibboleth.Conditions.TRUE,idp.authn.Duo.reuseCondition,SPRING_BEAN_ID,, +310,DuoAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.Duo,,,1000,idp.authn.Duo.order,INTEGER,, +302,DuoAuthnConfiguration,authn/duo.properties,Duo AuthAPI hostname assigned to the integration,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,${idp.duo.apiHost},idp.duo.nonbrowser.apiHost,STRING,, +298,DuoAuthnConfiguration,authn/duo.properties,DuoWeb API hostname assigned to the integration,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,,idp.duo.apiHost,STRING,, +318,DuoAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.Duo,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.Duo.inactivityTimeout,DURATION,, +313,DuoAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.Duo,,,false,idp.authn.Duo.forcedAuthenticationSupported,BOOLEAN,, +321,DuoAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer:/idp/profile/Authn/Duo/2FA/duo-callback,,idp.duo.oidc.redirectURL,STRING,, +608,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI integration key supplied by Duo,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.nonbrowser.integrationKey,STRING,, +598,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.secretKey,STRING,, +617,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum period inactivity between two consecutive data packets,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.socketTimeout,DURATION,, +616,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum length of time to wait for a connection to be returned from the connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.connectionRequestTimeout,DURATION,, +612,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI passcode,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Passcode,idp.duo.oidc.nonbrowser.header.passcode,STRING,, +615,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum length of time to wait for the connection to be established,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.connectionTimeout,DURATION,, +581,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.nonBrowserSupported,BOOLEAN,, +602,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Leeway allowed in token expiry calculations,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.clockSkew,DURATION,, +618,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Max total simultaneous connections allowed by the pooling connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,100,idp.duo.oidc.maxConnectionsTotal,INTEGER,, +590,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Bean ID ofPredicate determining whether flow is usable for request,4.1,idp.authn.DuoOIDC,1,,shibboleth.Conditions.TRUE,idp.authn.DuoOIDC.activationCondition,SPRING_BEAN_ID,, +589,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Bean ID ofPredicate controlling result reuse for SSO,4.1,idp.authn.DuoOIDC,1,,shibboleth.Conditions.TRUE,idp.authn.DuoOIDC.reuseCondition,SPRING_BEAN_ID,, +591,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Bean ID ofBiConsumer for subject customization",4.1,idp.authn.DuoOIDC,1,,,idp.authn.DuoOIDC.subjectDecorator,SPRING_BEAN_ID,, +619,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Max simultaneous connections per route allowed by the pooling connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,100,idp.duo.oidc.maxConnectionsPerRoute,INTEGER,, +588,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.defaultTimeout:PT30M},idp.authn.DuoOIDC.inactivityTimeout,DURATION,, +587,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Lifetime of results produced by this flow,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.defaultLifetime:PT1H},idp.authn.DuoOIDC.lifetime,DURATION,, +580,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.DuoOIDC,1,,1000,idp.authn.DuoOIDC.order,INTEGER,, +610,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI factor,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Factor,idp.duo.oidc.nonbrowser.header.factor,STRING,, +584,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow enforces upstream IdP-imposed restrictions on proxying,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.DuoOIDC.proxyRestrictionsEnforced,BOOLEAN,, +593,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.addDefaultPrincipals,BOOLEAN,, +594,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,DuoOIDC API hostname assigned to the integration,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.apiHost,STRING,, +582,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow allows for passive authentication,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.passiveAuthenticationSupported,BOOLEAN,, +585,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow considers itself to be proxying,4.1,idp.authn.DuoOIDC,1,and therefore enforces SP-signaled restrictions on proxying,false,idp.authn.DuoOIDC.proxyScopingEnforced,BOOLEAN,, +595,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The OAuth 2.0 Client Identifier valid at the Authorization Server,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.clientId,STRING,, +614,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Pass client address to Duo in API calls to support logging,4.1,idp.authn.DuoOIDC,1,push display,true,idp.duo.oidc.nonbrowser.clientAddressTrusted,BOOLEAN,, +592,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Comma-delimited list of protocol-specific Principalstrings associated with flow,4.1,idp.authn.DuoOIDC,1,,"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa",idp.authn.DuoOIDC.supportedPrincipals,STRING,, +597,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.redirecturl.allowedOrigins,STRING,, +599,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 health check endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/health_check,idp.duo.oidc.endpoint.health,STRING,, +600,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 token endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/token,idp.duo.oidc.endpoint.token,STRING,, +601,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 authorization endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/authorize,idp.duo.oidc.endpoint.authorize,STRING,, +604,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/token,idp.duo.oidc.jwt.verifier.issuerPath,STRING,, +605,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.,4.1,idp.authn.DuoOIDC,1,,preferred_username,idp.duo.oidc.jwt.verifier.preferredUsername,STRING,, +583,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow supports forced authentication,4.1,idp.authn.DuoOIDC,1,,true,idp.authn.DuoOIDC.forcedAuthenticationSupported,BOOLEAN,, +613,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Allow the factor to be defaulted in as ""auto"" if no headers are received",4.1,idp.authn.DuoOIDC,1,,true,idp.duo.oidc.nonbrowser.auto,BOOLEAN,, +607,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI hostname assigned to the integration,4.1,idp.authn.DuoOIDC,1,,%{idp.duo.oidc.apiHost},idp.duo.oidc.nonbrowser.apiHost,STRING,, +609,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI secret key supplied by Duo,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.nonbrowser.secretKey,STRING,, +611,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI device ID or name,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Device,idp.duo.oidc.nonbrowser.header.device,STRING,, +606,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,How long the authentication is valid. Only applies to forced authentication requests.,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.authLifetime,DURATION,, +620,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,To enable certificate revocation checking,4.1,idp.authn.DuoOIDC,1 (nimbus),,false,idp.duo.oidc.nimbus.checkRevocation,BOOLEAN,, +603,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum amount (in either direction from now) of duration for which a token is valid after it is issued,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.iatWindow,DURATION,, +586,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether to invoke IdP-discovery prior to running flow,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.discoveryRequired,BOOLEAN,, +55,ErrorHandlingConfiguration,idp.properties,"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class).",all,,,Bean ID of Properties (java.util.Properties),,idp.errors.excludedExceptions,SPRING_BEAN_ID,, +52,ErrorHandlingConfiguration,idp.properties,Whether to expose detailed error causes in status information provided to outside parties,all,,,,false,idp.errors.detailed,BOOLEAN,, +54,ErrorHandlingConfiguration,idp.properties,The default view name to render for exceptions and events,all,,,,error,idp.errors.defaultView,STRING,, +56,ErrorHandlingConfiguration,idp.properties,"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)",all,,,Bean ID of Collection (java.util),,idp.errors.exceptionMappings,SPRING_BEAN_ID,, +53,ErrorHandlingConfiguration,idp.properties,"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)",all,,,,true,idp.errors.signed,BOOLEAN,, +168,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.External,,,false,idp.authn.External.passiveAuthenticationSupported,BOOLEAN,, +170,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.External,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.External.proxyRestrictionsEnforced,BOOLEAN,, +176,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.External,,,shibboleth.Conditions.TRUE,idp.authn.External.activationCondition,SPRING_BEAN_ID,, +169,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.External,,,false,idp.authn.External.forcedAuthenticationSupported,BOOLEAN,, +173,ExternalAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.External,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.External.lifetime,DURATION,, +166,ExternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.External,,,1000,idp.authn.External.order,INTEGER,, +175,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.External,,,shibboleth.Conditions.TRUE,idp.authn.External.reuseCondition,SPRING_BEAN_ID,, +167,ExternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.External,,,false,idp.authn.External.nonBrowserSupported,BOOLEAN,, +178,ExternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.External,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.External.supportedPrincipals,STRING,, +164,ExternalAuthnConfiguration,authn/authn.properties,Spring Web Flow redirection expression for the protected resource,4.1,idp.authn.External,,,contextRelative:external.jsp,idp.authn.External.externalAuthnPath,STRING,, +179,ExternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.External,,,true,idp.authn.External.addDefaultPrincipals,BOOLEAN,, +165,ExternalAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.External,,regex expected,,idp.authn.External.matchExpression,STRING,, +172,ExternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.External,,,false,idp.authn.External.discoveryRequired,BOOLEAN,, +174,ExternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.External,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.External.inactivityTimeout,DURATION,, +171,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.External,,,false,idp.authn.External.proxyScopingEnforced,BOOLEAN,, +177,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer to use to decide whether to run,4.1,,,,,idp.fticks.condition,SPRING_BEAN_ID,, +114,FTICKSLoggingConfiguration,idp.properties,Digest algorithm used to obscure usernames,all,,,,SHA-2,idp.fticks.algorithm,STRING,, +115,FTICKSLoggingConfiguration,idp.properties,"A salt to apply when digesting usernames (if not specified, the username will not be included)",all,,,,,idp.fticks.salt,STRING,, +297,FunctionAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.Function,,,true,idp.authn.Function.addDefaultPrincipals,BOOLEAN,, +289,FunctionAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.Function,,,false,idp.authn.Function.proxyScopingEnforced,BOOLEAN,, +294,FunctionAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.Function,,,shibboleth.Conditions.TRUE,idp.authn.Function.activationCondition,SPRING_BEAN_ID,, +286,FunctionAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.Function,,,false,idp.authn.Function.passiveAuthenticationSupported,BOOLEAN,, +285,FunctionAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.Function,,,false,idp.authn.Function.nonBrowserSupported,BOOLEAN,, +295,FunctionAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.Function,,,shibboleth.Conditions.TRUE,idp.authn.Function.reuseCondition,SPRING_BEAN_ID,, +459,HelloWorldConfiguration,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByAdminUser,idp.hello.accessPolicy,STRING,, +461,HelloWorldConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.hello.nonBrowserSupported,BOOLEAN,, +458,HelloWorldConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,Hello,idp.hello.logging,STRING,, +462,HelloWorldConfiguration,admin/admin.properties,?,4.1,,,,,idp.hello.defaultAuthenticationMethods,STRING,, +463,HelloWorldConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,true,idp.hello.resolveAttributes,BOOLEAN,, +460,HelloWorldConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,true,idp.hello.authenticated,BOOLEAN,, +464,HelloWorldConfiguration,admin/admin.properties,?,4.1,,,,,idp.hello.postAuthenticationFlows,STRING,, +280,IPAddressAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.IPAddress,,,shibboleth.Conditions.TRUE,idp.authn.IPAddress.activationCondition,SPRING_BEAN_ID,, +278,IPAddressAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.IPAddress,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.IPAddress.inactivityTimeout,DURATION,, +283,IPAddressAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.IPAddress,,,true,idp.authn.IPAddress.addDefaultPrincipals,BOOLEAN,, +273,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.forcedAuthenticationSupported,BOOLEAN,, +275,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.proxyScopingEnforced,BOOLEAN,, +276,IPAddressAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.discoveryRequired,BOOLEAN,, +272,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.passiveAuthenticationSupported,BOOLEAN,, +270,IPAddressAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.IPAddress,,,1000,idp.authn.IPAddress.order,INTEGER,, +281,IPAddressAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.IPAddress,,,shibboleth.Conditions.TRUE,idp.authn.IPAddress.reuseCondition,SPRING_BEAN_ID,, +277,IPAddressAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.IPAddress,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.IPAddress.lifetime,DURATION,, +274,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.IPAddress,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.IPAddress.proxyRestrictionsEnforced,BOOLEAN,, +271,IPAddressAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.nonBrowserSupported,BOOLEAN,, +158,JAASAuthnConfiguration,authn/authn.properties,Comma-delimited set of JAAS application configuration names to use,4.1,,,,ShibUserPassAuth,idp.authn.JAAS.loginConfigNames,STRING,, +159,JAASAuthnConfiguration,authn/authn.properties,Location of JAAS configuration file,4.1,,,resource path,%{idp.home}/conf/authn/jaas.config,idp.authn.JAAS.loginConfig,STRING,, +161,KerberosAuthnConfiguration,authn/authn.properties,Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set,4.1,,,,false,idp.authn.Krb5.preserveTicket,BOOLEAN,, +163,KerberosAuthnConfiguration,authn/authn.properties,Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal,4.1,,,,,idp.authn.Krb5.keytab,STRING,, +160,KerberosAuthnConfiguration,authn/authn.properties,Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt,4.1,,,,false,idp.authn.Krb5.refreshConfig,BOOLEAN,, +162,KerberosAuthnConfiguration,authn/authn.properties,Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it,4.1,,,,,idp.authn.Krb5.servicePrincipal,STRING,, +144,LDAPAuthnConfiguration,authn/authn.properties,If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.freeIPADirectory,BOOLEAN,, +134,LDAPAuthnConfiguration,authn/authn.properties,Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.subtreeSearch,BOOLEAN,, +135,LDAPAuthnConfiguration,authn/authn.properties,LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.userFilter,STRING,, +132,LDAPAuthnConfiguration,authn/authn.properties,List of attributes to request during authentication,all,,,"Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.returnAttributes,STRING,, +133,LDAPAuthnConfiguration,authn/authn.properties,Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.baseDN,STRING,, +139,LDAPAuthnConfiguration,authn/authn.properties,Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.resolveEntryOnFailure,BOOLEAN,, +136,LDAPAuthnConfiguration,authn/authn.properties,DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindDN,STRING,, +123,LDAPAuthnConfiguration,authn/authn.properties,"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",anonSearchAuthenticator,idp.authn.LDAP.authenticator,STRING,, +127,LDAPAuthnConfiguration,authn/authn.properties,Time to wait for an LDAP response message,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.authn.LDAP.responseTimeout,DURATION,, +128,LDAPAuthnConfiguration,authn/authn.properties,"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",ACTIVE_PASSIVE,idp.authn.LDAP.connectionStrategy,STRING,, +157,LDAPAuthnConfiguration,authn/authn.properties,Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindPoolPassivator,STRING,, +126,LDAPAuthnConfiguration,authn/authn.properties,Time to wait for the TCP connection to occur.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.authn.LDAP.connectTimeout,DURATION,, +145,LDAPAuthnConfiguration,authn/authn.properties,If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.eDirectory,BOOLEAN,, +146,LDAPAuthnConfiguration,authn/authn.properties,Whether connection pools should be used for LDAP authentication and DN resolution,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.disablePooling,BOOLEAN,, +143,LDAPAuthnConfiguration,authn/authn.properties,If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.activeDirectory,BOOLEAN,, +149,LDAPAuthnConfiguration,authn/authn.properties,Whether to validate connections when checking them out of the pool,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.pool.LDAP.validateOnCheckout,BOOLEAN,, +125,LDAPAuthnConfiguration,authn/authn.properties,Whether StartTLS should be used after connecting with LDAP alone.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",true,idp.authn.LDAP.useStartTLS,BOOLEAN,, +129,LDAPAuthnConfiguration,authn/authn.properties,"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",certificateTrust,idp.authn.LDAP.sslConfig,STRING,, +140,LDAPAuthnConfiguration,authn/authn.properties,Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.resolveEntryWithBindDN,BOOLEAN,, +142,LDAPAuthnConfiguration,authn/authn.properties,Whether to use the Password Expired Control.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.usePasswordExpiration,BOOLEAN,, +150,LDAPAuthnConfiguration,authn/authn.properties,Whether to validate connections in the background,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",true,idp.pool.LDAP.validatePeriodically,BOOLEAN,, +130,LDAPAuthnConfiguration,authn/authn.properties,A resource to load trust anchors from when using sslConfig = certificateTrust,all,,,"resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.trustCertificates,STRING,, +131,LDAPAuthnConfiguration,authn/authn.properties,A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust,all,,,"resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.trustStore,STRING,, +152,LDAPAuthnConfiguration,authn/authn.properties,DN to search with the validateFilter: defaults to the rootDSE,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.pool.LDAP.validateDN,STRING,, +124,LDAPAuthnConfiguration,authn/authn.properties,Connection URI for LDAP directory,all,,,"LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.ldapURL,STRING,, +137,LDAPAuthnConfiguration,authn/authn.properties,Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindDNCredential,STRING,, +138,LDAPAuthnConfiguration,authn/authn.properties,A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator,all,,,"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.dnFormat,STRING,, +154,LDAPAuthnConfiguration,authn/authn.properties,Duration between looking for idle connections to reduce the pool back to its minimum size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT5M,idp.pool.LDAP.prunePeriod,DURATION,, +151,LDAPAuthnConfiguration,authn/authn.properties,Duration between validation if idp.pool.LDAP.validatePeriodically is true,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT5M,idp.pool.LDAP.validatePeriod,DURATION,, +141,LDAPAuthnConfiguration,authn/authn.properties,Whether to use the Password Policy Control.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.usePasswordPolicy,BOOLEAN,, +155,LDAPAuthnConfiguration,authn/authn.properties,Duration connections must be idle to be eligible for pruning,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT10M,idp.pool.LDAP.idleTime,DURATION,, +148,LDAPAuthnConfiguration,authn/authn.properties,Maximum LDAP connection pool size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",10,idp.pool.LDAP.maxSize,INTEGER,, +147,LDAPAuthnConfiguration,authn/authn.properties,Minimum LDAP connection pool size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",3,idp.pool.LDAP.minSize,INTEGER,, +156,LDAPAuthnConfiguration,authn/authn.properties,Duration to wait for a free connection in the pool,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.pool.LDAP.blockWaitTime,DURATION,, +153,LDAPAuthnConfiguration,authn/authn.properties,Search filter to execute in order to validate a pooled connection,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",(objectClass=*),idp.pool.LDAP.validateFilter,STRING,, +104,LogoutConfiguration,idp.properties,Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic,4.1,,,,false,idp.logout.preserveQuery,BOOLEAN,, +101,LogoutConfiguration,idp.properties,Whether to search metadata for user interface information associated with every service involved in logout propagation,all,,,,false,idp.logout.elaboration,BOOLEAN,, +105,LogoutConfiguration,idp.properties,When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints,4.2,,,,false,idp.logout.assumeAsync,BOOLEAN,, +106,LogoutConfiguration,idp.properties,"Applies the ""display:none"" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user",4.2,,,,false,idp.logout.propagationHidden,BOOLEAN,, +102,LogoutConfiguration,idp.properties,Whether to require signed logout messages in accordance with the SAML 2.0 standard,all,,,,true,idp.logout.authenticated,BOOLEAN,, +103,LogoutConfiguration,idp.properties,If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session,all,,,Bean ID of Predicate,false,idp.logout.promptUser,SPRING_BEAN_ID,, +642,Metadatagen,mdgen.properties,The width of the logo in pixels,4.1,idp.metadatagen,1,,80,idp.metadata.idpsso.mdui.logo.width,INTEGER,, +638,Metadatagen,mdgen.properties,Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier,4.1,idp.metadatagen,1,,,idp.metadata.dnsname,STRING,, +639,Metadatagen,mdgen.properties,Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.,4.1,idp.metadatagen,1,,,idp.metadata.backchannel.cert,STRING,, +640,Metadatagen,mdgen.properties,Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is use,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.logo.path,STRING,, +643,Metadatagen,mdgen.properties,A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.displayname.,STRING,, +641,Metadatagen,mdgen.properties,The height of the logo in pixels.,4.1,idp.metadatagen,1,,80,idp.metadata.idpsso.mdui.logo.height,INTEGER,, +645,Metadatagen,mdgen.properties,Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.description.,STRING,, +450,MetadataQuery,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.mdquery.resolveAttributes,BOOLEAN,, +451,MetadataQuery,admin/admin.properties,?,4.1,,,,,idp.mdquery.postAuthenticationFlows,STRING,, +445,MetadataQuery,admin/admin.properties,Audit log identifier for flow,4.1,,,,MetadataQuery,idp.mdquery.logging,STRING,, +446,MetadataQuery,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.mdquery.accessPolicy,STRING,, +449,MetadataQuery,admin/admin.properties,?,4.1,,,,,idp.mdquery.defaultAuthenticationMethods,STRING,, +448,MetadataQuery,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.mdquery.nonBrowserSupported,BOOLEAN,, +447,MetadataQuery,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.mdquery.authenticated,BOOLEAN,, +437,MetadataReload,admin/admin.properties,?,4.1,,,,,idp.reload.postAuthenticationFlows,STRING,, +436,MetadataReload,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.reload.resolveAttributes,BOOLEAN,, +432,MetadataReload,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.reload.accessPolicy,STRING,, +433,MetadataReload,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.reload.authenticated,BOOLEAN,, +434,MetadataReload,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.reload.nonBrowserSupported,BOOLEAN,, +431,MetadataReload,admin/admin.properties,Audit log identifier for flow,4.1,,,,Reload,idp.reload.logging,STRING,, +435,MetadataReload,admin/admin.properties,?,4.1,,,,,idp.reload.defaultAuthenticationMethods,STRING,, +454,MetricsConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.metrics.nonBrowserSupported,BOOLEAN,, +456,MetricsConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.metrics.resolveAttributes,BOOLEAN,, +455,MetricsConfiguration,admin/admin.properties,?,4.1,,,,,idp.metrics.defaultAuthenticationMethods,STRING,, +452,MetricsConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,Metrics,idp.metrics.logging,STRING,, +457,MetricsConfiguration,admin/admin.properties,?,4.1,,,,,idp.metrics.postAuthenticationFlows,STRING,, +453,MetricsConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.metrics.authenticated,BOOLEAN,, +344,MultiFactorAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.MFA,,,1000,idp.authn.MFA.order,INTEGER,, +343,MultiFactorAuthnConfiguration,authn/authn.properties,Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions,4.1,,,,true,idp.authn.MFA.validateLoginTransitions,BOOLEAN,, +355,MultiFactorAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.MFA,,,shibboleth.Conditions.TRUE,idp.authn.MFA.activationCondition,SPRING_BEAN_ID,, +345,MultiFactorAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.MFA,,,false,idp.authn.MFA.nonBrowserSupported,BOOLEAN,, +351,MultiFactorAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.MFA,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.MFA.lifetime,DURATION,, +353,MultiFactorAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.MFA,,,shibboleth.Conditions.TRUE,idp.authn.MFA.reuseCondition,SPRING_BEAN_ID,, +352,MultiFactorAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.MFA,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.MFA.inactivityTimeout,DURATION,, +347,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.MFA,,,false,idp.authn.MFA.forcedAuthenticationSupported,BOOLEAN,, +357,MultiFactorAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.MFA,,,true,idp.authn.MFA.addDefaultPrincipals,BOOLEAN,, +346,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.MFA,,,false,idp.authn.MFA.passiveAuthenticationSupported,BOOLEAN,, +356,MultiFactorAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.MFA,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.MFA.supportedPrincipals,STRING,, +350,MultiFactorAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.MFA,,,false,idp.authn.MFA.discoveryRequired,BOOLEAN,, +349,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.MFA,,,false,idp.authn.MFA.proxyScopingEnforced,BOOLEAN,, +501,NameIDConsumptionConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.saml.lowercase,BOOLEAN,, +502,NameIDConsumptionConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.saml.uppercase,BOOLEAN,, +358,NameIDGenerationConfiguration,saml-nameid.properties,Identifies the strategy plugin for generating transient IDs,all,,,Bean ID of a TransientIdGenerationStrategy,shibboleth.CryptoTransientIdGenerator,idp.transientId.generator,SPRING_BEAN_ID,, +359,NameIDGenerationConfiguration,saml-nameid.properties,Default Format to generate if nothing else is indicated,all,,,,urn:oasis:names:tc:SAML:2.0:nameid-format:transient,idp.nameid.saml2.default,STRING,, +360,NameIDGenerationConfiguration,saml-nameid.properties,Default Format to generate if nothing else is indicated,all,,,,urn:mace:shibboleth:1.0:nameIdentifier,idp.nameid.saml1.default,STRING,, +553,OAuth2ClientAuthnConfiguration,oidc.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.oidc.OP,3,,1000,idp.authn.OAuth2Client.order,INTEGER,, +557,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.oidc.OP,3,,true,idp.authn.OAuth2Client.addDefaultPrincipals,BOOLEAN,, +551,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed),4.1,idp.oidc.OP,3,,true,idp.authn.OAuth2Client.removeAfterValidation,BOOLEAN,, +552,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution,4.1,idp.oidc.OP,3,use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.,false,idp.authn.OAuth2Client.retainAsPrivateCredential,BOOLEAN,, +550,OAuth2ClientAuthnConfiguration,oidc.properties,Whether all validators must succeed or just one,4.1,idp.oidc.OP,3,,false,idp.authn.OAuth2Client.requireAll,BOOLEAN,, +554,OAuth2ClientAuthnConfiguration,oidc.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.oidc.OP,3,,shibboleth.Conditions.TRUE,idp.authn.OAuth2Client.activationCondition,SPRING_BEAN_ID,, +556,OAuth2ClientAuthnConfiguration,oidc.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.oidc.OP,3,,,idp.authn.OAuth2Client.supportedPrincipals,STRING,, +555,OAuth2ClientAuthnConfiguration,oidc.properties,Bean ID of BiConsumer> called shibboleth.oidc.AllowedAudienceStrategy",4.1,idp.oidc.OP,3,,,idp.oauth2.defaultAllowedAudience,SPRING_BEAN_ID,, +574,OPClientCredentialsGrant,oidc.properties,"bean of type Function called shibboleth.oidc.AllowedScopeStrategy",4.1,idp.oidc.OP,3,,,idp.oauth2.defaultAllowedScope,SPRING_BEAN_ID,, +572,OPClientResolution,oidc.properties,When non-zero enables monitoring of resources for service reload,4.1,idp.oidc.OP,3,,PT0S,idp.service.clientinfo.checkInterval,DURATION,, +571,OPClientResolution,oidc.properties,If true any failures during initialization of any resolvers result in IdP startup failure,4.1,idp.oidc.OP,3,,false,idp.service.clientinfo.failFast,BOOLEAN,, +573,OPClientResolution,oidc.properties,Name of bean used to define the resources to use in configuring this service,4.1,idp.oidc.OP,3,,shibboleth.ClientInformationResolverResources,idp.service.clientinfo.resources,SPRING_BEAN_ID,, +558,OPCustomFilterRegistration,oidc.properties,"By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints",4.1,idp.oidc.OP,3,,shibboleth.ResponseHeaderFilter,idp.oidc.ResponseHeaderFilter,SPRING_BEAN_ID,, +559,OPDiscovery,oidc.properties,Location of discovery template to use,4.1,idp.oidc.OP,3,,%{idp.home}/static/openid-configuration.json,idp.oidc.discovery.template,STRING,, +560,OPDiscovery,oidc.properties,Implementation bean for discovery shouldn't require alteration,4.1,idp.oidc.OP,3,,shibboleth.oidc.DefaultOpenIdConfigurationResolver,idp.oidc.discovery.resolver,SPRING_BEAN_ID,, +564,OPDynamicClientRegistration,oidc.properties,Whether to resolve attributes if authentication is enabled,4.1,idp.oidc.OP,3,,false,idp.oidc.admin.registration.resolveAttributes,BOOLEAN,, +566,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to all requests,4.1,idp.oidc.OP,3,,AccessByIPAddress,idp.oidc.admin.registration.accessPolicy,STRING,, +570,OPDynamicClientRegistration,oidc.properties,"Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.",4.1,idp.oidc.OP,3,,shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy,idp.oidc.admin.registration.lookup.policy,SPRING_BEAN_ID,, +562,OPDynamicClientRegistration,oidc.properties,Enables support for non-browser-based authentication,4.1,idp.oidc.OP,3,,true,idp.oidc.admin.registration.nonBrowserSupported,BOOLEAN,, +537,OPDynamicClientRegistration,oidc.properties,Registration lifetime,4.1,idp.oidc.OP,3,,PT24H,idp.oidc.dynreg.defaultRegistrationValidity,DURATION,, +569,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a clientId,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.clientIdPolicy,STRING,, +568,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a policyId,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.policyIdPolicy,STRING,, +567,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a policyLocation,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.policyLocationPolicy,STRING,, +563,OPDynamicClientRegistration,oidc.properties,Whether to enable user authentication for requests,4.1,idp.oidc.OP,3,,false,idp.oidc.admin.registration.authenticated,BOOLEAN,, +541,OPDynamicClientRegistration,oidc.properties,The acceptable client authentication methods when using dynamic registration,4.1,idp.oidc.OP,3,Comma seperated list of values,"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt",idp.oidc.dynreg.tokenEndpointAuthMethods,STRING,, +539,OPDynamicClientRegistration,oidc.properties,The default subject type if not set by client in request. Maybe set to pairwise or public.,4.1,idp.oidc.OP,3,,public,idp.oidc.dynreg.defaultSubjectType,STRING,, +565,OPDynamicClientRegistration,oidc.properties,Default access token lifetime if not specified,4.1,idp.oidc.OP,3,,P1D,idp.oidc.admin.registration.defaultTokenLifetime,DURATION,, +538,OPDynamicClientRegistration,oidc.properties,The default scopes accepted in dynamic registration,4.1,idp.oidc.OP,3,,openid profile email address phone offline_access,idp.oidc.dynreg.defaultScope,STRING,, +561,OPDynamicClientRegistration,oidc.properties,Audit logging label for this profile,4.1,idp.oidc.OP,3,,IssueRegistrationAccessToken,idp.oidc.admin.registration.logging,STRING,, +540,OPMetadataPolicies,oidc.properties,Full path to the file containing default metadata policy used for dynamic client registration,4.1,idp.oidc.OP,3,,,idp.oidc.dynreg.defaultMetadataPolicyFile,STRING,, +536,OPRevocation,oidc.properties,The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token,4.1,idp.oidc.OP,3,,CHAIN,idp.oauth2.revocationMethod,STRING,, +528,OPRevocation,oidc.properties,Lifetime of entries in revocation cache for authorize code,4.1,idp.oidc.OP,3,,PT6H,idp.oidc.revocationCache.authorizeCode.lifetime,DURATION,, +543,OPSecurity,oidc.properties,JWK EC signing keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-signing-es.jwk,idp.signing.oidc.es.key,STRING,, +547,OPSecurity,oidc.properties,Allows override of default request decryption configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.requestObjectDecryptionConfiguration,idp.oidc.rodecrypt.config,SPRING_BEAN_ID,, +544,OPSecurity,oidc.properties,JWK RSA decryption keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-encryption-rsa.jwk,idp.signing.oidc.rsa.enc.key,STRING,, +546,OPSecurity,oidc.properties,Allows override of default encryption configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.EncryptionConfiguration,idp.oidc.encryption.config,SPRING_BEAN_ID,, +545,OPSecurity,oidc.properties,Allows override of default signing configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.SigningConfiguration,idp.oidc.signing.config,SPRING_BEAN_ID,, +542,OPSecurity,oidc.properties,JWK RSA signing keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-signing-rs.jwk,idp.signing.oidc.rs.key,STRING,, +548,OPSecurity,oidc.properties,Allows override of default request signature validation configuration,4.1,idp.oidc.OP,3,one of these has the wrong name,shibboleth.oidc.requestObjectSignatureValidationConfiguration,idp.oidc.rovalid.config,SPRING_BEAN_ID,, +549,OPSecurity,oidc.properties,Allows override of default JWT token validation configuration,4.1,idp.oidc.OP,3,one of these has the wrong name,shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration,idp.oidc.rovalid.config,SPRING_BEAN_ID,, +577,OPSubClaim,oidc.properties,The source attribute used in generating the sub claim,4.1,idp.oidc.OP,3,,,idp.oidc.subject.sourceAttribute,STRING,, +578,OPSubClaim,oidc.properties,The digest algorithm used in generating the sub claim,4.1,idp.oidc.OP,3,,SHA,idp.oidc.subject.algorithm,STRING,, +579,OPSubClaim,oidc.properties,Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository,4.1,idp.oidc.OP,3,,,idp.oidc.subject.salt,STRING,, +535,OPToken,oidc.properties,Lifetime of access token issued to client for resource server,4.1,idp.oidc.OP,3,,PT10M,idp.oauth2.accessToken.defaultLifetime,DURATION,, +521,OPToken,oidc.properties,Lifetime of refresh token,4.1,idp.oidc.OP,3,,PT2H,idp.oidc.refreshToken.defaultLifetime,DURATION,, +530,OPToken,oidc.properties,The acceptable client authentication methods,4.1,idp.oidc.OP,3,Comma seperated list of values,"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt",idp.oidc.tokenEndpointAuthMethods,STRING,, +531,OPToken,oidc.properties,OAuth grant types to allow,4.1,idp.oidc.OP,3,Comma seperated list of values,"authorization_code,refresh_token",idp.oauth2.grantTypes,STRING,, +519,OPToken,oidc.properties,Lifetime of access token,4.1,idp.oidc.OP,3,,PT10M,idp.oidc.accessToken.defaultLifetime,DURATION,, +523,OPToken,oidc.properties,Whether client is allowed to use PKCE code challenge method plain,4.1,idp.oidc.OP,3,,false,idp.oidc.allowPKCEPlain,BOOLEAN,, +522,OPToken,oidc.properties,Whether client is required to use PKCE,4.1,idp.oidc.OP,3,,false,idp.oidc.forcePKCE,BOOLEAN,, +518,OPToken,oidc.properties,Lifetime of ID token,4.1,idp.oidc.OP,3,,PT1H,idp.oidc.idToken.defaultLifetime,DURATION,, +533,OPToken,oidc.properties,Format of access token. Supported values are JWT or nothing.,4.1,idp.oidc.OP,3.2,,,idp.oauth2.accessToken.type,STRING,, +534,OPToken,oidc.properties,Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token,4.1,idp.oidc.OP,3,,false,idp.oauth2.encryptionOptional,BOOLEAN,, +532,OPToken,oidc.properties,Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.,4.1,idp.oidc.OP,3.2,,false,idp.oauth2.enforceRefreshTokenRotation,BOOLEAN,, +371,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Query timeout for database access,4.1,,,,PT5S,idp.persistentId.queryTimeout,DURATION,, +373,PersistentNameIDGenerationConfiguration,saml-nameid.properties,List of error strings to identify as retryable failures,4.1,,,,"23000,23505",idp.persistentId.retryableErrors,STRING,, +369,PersistentNameIDGenerationConfiguration,saml-nameid.properties,The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64,all,,,,BASE64,idp.persistentId.encoding,STRING,, +370,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services,all,,,,shibboleth.ComputedIdExceptionMap,idp.persistentId.exceptionMap,SPRING_BEAN_ID,, +367,PersistentNameIDGenerationConfiguration,saml-nameid.properties,An encoded form of the persistentId.salt,all,,,,,idp.persistentId.encodedSalt,STRING,, +362,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies a data source for storage-based management of persistent IDs,all,,,Bean ID of a JDBC DataSource,,idp.persistentId.dataSource,SPRING_BEAN_ID,, +361,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies the strategy plugin for sourcing persistent IDs,all,,,Bean ID of a PairwiseIdStore,shibboleth.ComputedPersistentIdGenerator,idp.persistentId.generator,SPRING_BEAN_ID,, +368,PersistentNameIDGenerationConfiguration,saml-nameid.properties,The hash algorithm used when using computed persistent IDs,all,,,,SHA,idp.persistentId.algorithm,STRING,, +366,PersistentNameIDGenerationConfiguration,saml-nameid.properties,A secret salt for the hash when using computed persistent IDs,all,,,,,idp.persistentId.salt,STRING,, +383,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,deactivationDate,idp.persistentId.deactivationTimeColumn,STRING,, +382,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,creationDate,idp.persistentId.createTimeColumn,STRING,, +374,PersistentNameIDGenerationConfiguration,saml-nameid.properties,When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.,4.1,,,,true,idp.persistentId.verifyDatabase,BOOLEAN,, +365,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Whether or not the previous property has access to unreleased attributes,all,,,,true,idp.persistentId.useUnfilteredAttributes,BOOLEAN,, +381,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,peerProvidedId,idp.persistentId.peerProvidedIdColumn,STRING,, +380,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,persistentId,idp.persistentId.persistentIdColumn,STRING,, +379,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,localId,idp.persistentId.sourceIdColumn,STRING,, +378,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,principalName,idp.persistentId.principalNameColumn,STRING,, +377,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,peerEntity,idp.persistentId.peerEntityColumn,STRING,, +376,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,localEntity,idp.persistentId.localEntityColumn,STRING,, +375,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides the name of the table in the database,4.1,,,,shibpid,idp.persistentId.tableName,STRING,, +364,PersistentNameIDGenerationConfiguration,saml-nameid.properties,List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable,all,,,,,idp.persistentId.sourceAttribute,STRING,, +363,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies a strategy plugin to use to generate the first persistent identifier for each subject,all,,,used to migrate from the computed to stored strategies: can be null,shibboleth.ComputedPersistentIdGenerator,idp.persistentId.computed,SPRING_BEAN_ID,, +372,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Number of retries in the event database locking bugs cause retryable failures,4.1,,,,3,idp.persistentId.transactionRetries,INTEGER,, +412,ReloadableServices,services.properties,Time to notice changes to NameIDGenerationConfiguration and reload service,all,,,,0,idp.service.nameidGeneration.checkInterval,DURATION,, +422,ReloadableServices,services.properties,Name of Spring bean identifying Spring message property resources,all,,,,shibboleth.MessageSourceResources,idp.message.resources,SPRING_BEAN_ID,, +419,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for ManagedBeanConfiguration,all,,,,shibboleth.ManagedBeanResources,idp.service.managedBean.resources,SPRING_BEAN_ID,, +417,ReloadableServices,services.properties,Fail at startup if CASServiceRegistry configuration is invalid,all,,,,false,idp.service.cas.registry.failFast,BOOLEAN,, +411,ReloadableServices,services.properties,Fail at startup if NameIDGenerationConfiguration is invalid,all,,,,false,idp.service.nameidGeneration.failFast,BOOLEAN,, +407,ReloadableServices,services.properties,Fail at startup if AttributeFilterConfiguration is invalid,all,,,,false,idp.service.attribute.filter.failFast,BOOLEAN,, +404,ReloadableServices,services.properties,"Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis",all,,,,false,idp.service.attribute.resolver.stripNulls,BOOLEAN,, +401,ReloadableServices,services.properties,Fail at startup if AttributeResolverConfiguration is invalid,all,,,,false,idp.service.attribute.resolver.failFast,BOOLEAN,, +397,ReloadableServices,services.properties,Fail at startup if AttributeRegistryConfiguration is invalid,all,,,,false,idp.service.attribute.registry.failFast,BOOLEAN,, +421,ReloadableServices,services.properties,Time to notice ManagedBeanConfiguration changes and reload service,all,,,,0,idp.service.managedBean.checkInterval,DURATION,, +418,ReloadableServices,services.properties,Time to notice CASServiceRegistry configuration changes and reload service,all,,,,0,idp.service.cas.registry.checkInterval,DURATION,, +415,ReloadableServices,services.properties,Time to notice changes to AccessControlConfiguration and reload service,all,,,,0,idp.service.access.checkInterval,DURATION,, +408,ReloadableServices,services.properties,Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads,all,,,,0,idp.service.attribute.filter.checkInterval,DURATION,, +416,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for CASServiceRegistry configuration,all,,,,shibboleth.CASServiceRegistryResources,idp.service.cas.registry.resources,SPRING_BEAN_ID,, +413,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AccessControlConfiguration,all,,,,shibboleth.AccessControlResource,idp.service.access.resources,SPRING_BEAN_ID,, +410,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for NameIDGenerationConfiguration,all,,,,shibboleth.NameIdentifierGenerationResources,idp.service.nameidGeneration.resources,SPRING_BEAN_ID,, +402,ReloadableServices,services.properties,Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads,all,,,,0,idp.service.attribute.resolver.checkInterval,DURATION,, +406,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeFilterConfiguration,all,,,,shibboleth.AttributeFilterResources,idp.service.attribute.filter.resources,SPRING_BEAN_ID,, +398,ReloadableServices,services.properties,Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads,all,,,,0,idp.service.attribute.registry.checkInterval,DURATION,, +400,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeResolverConfiguration,all,,,,shibboleth.AttributeResolverResources,idp.service.attribute.resolver.resources,SPRING_BEAN_ID,, +396,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeRegistryConfiguration,all,,,,shibboleth.AttributeRegistryResources,idp.service.attribute.registry.resources,SPRING_BEAN_ID,, +392,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for MetadataConfiguration,all,,,,shibboleth.MetadataResolverResources,idp.service.metadata.resources,SPRING_BEAN_ID,, +423,ReloadableServices,services.properties,Seconds between reloads of message property resources,all,,,,300,idp.message.cacheSeconds,INTEGER,, +393,ReloadableServices,services.properties,Fail at startup if MetadataConfiguration is invalid,all,,,,false,idp.service.metadata.failFast,BOOLEAN,, +391,ReloadableServices,services.properties,See MetadataDrivenConfiguration SAML Attribute Name Format Usage,all,,,,false,idp.service.relyingparty.ignoreUnmappedEntityAttributes,BOOLEAN,, +389,ReloadableServices,services.properties,Fail at startup if RelyingPartyConfiguration is invalid,all,,,,false,idp.service.relyingparty.failFast,BOOLEAN,, +388,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for RelyingPartyConfiguration,all,,,,shibboleth.RelyingPartyResolverResources,idp.service.relyingparty.resources,SPRING_BEAN_ID,, +385,ReloadableServices,services.properties,Logging configuration resource to use (the reloadable service ID is shibboleth.LoggingService),all,,,resource path,%{idp.home}/conf/logback.xml,idp.service.logging.resource,STRING,, +390,ReloadableServices,services.properties,Time to notice changes to RelyingPartyConfiguration and reload service. A value of 0 indicates that the relying party configuration never reloads,all,,,,0,idp.service.relyingparty.checkInterval,DURATION,, +387,ReloadableServices,services.properties,Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads,all,,,,0,idp.service.logging.checkInterval,DURATION,, +394,ReloadableServices,services.properties,Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads,all,,,,0,idp.service.metadata.checkInterval,DURATION,, +384,ReloadableServices,services.properties,Set default fail-fast behavior of all services unless overridden by service,all,,,,false,idp.service.failFast,BOOLEAN,, +414,ReloadableServices,services.properties,Fail at startup if AccessControlConfiguration is invalid,all,,,,true,idp.service.access.failFast,BOOLEAN,, +409,ReloadableServices,services.properties,Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event,all,,,,true,idp.service.attribute.filter.maskFailures,BOOLEAN,, +395,ReloadableServices,services.properties,Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost,all,,,,true,idp.service.metadata.enableByReferenceFilters,BOOLEAN,, +386,ReloadableServices,services.properties,Fail at startup if logging configuration is invalid,all,,,,true,idp.service.logging.failFast,BOOLEAN,, +420,ReloadableServices,services.properties,Fail at startup if ManagedBeanConfiguration is invalid,all,,,,false,idp.service.managedBean.failFast,BOOLEAN,, +405,ReloadableServices,services.properties,Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther,4.2,,,,true,idp.service.attribute.resolver.suppressDisplayInfo,BOOLEAN,, +403,ReloadableServices,services.properties,Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event,all,,,,true,idp.service.attribute.resolver.maskFailures,BOOLEAN,, +399,ReloadableServices,services.properties,Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry,all,,,,true,idp.service.attribute.registry.encodeType,BOOLEAN,, +6,RelyingPartyConfiguration,idp.properties,Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped),all,,,,true,idp.artifact.secureChannel,BOOLEAN,, +9,RelyingPartyConfiguration,idp.properties,"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also",4.1,,,,true,idp.bindings.inMetadataOrder,BOOLEAN,, +3,RelyingPartyConfiguration,idp.properties,The unique name of the IdP used as the iisuer in all SAML profiles,all,,,ex. https://unicon.net/idp/shibboleth,,idp.entityID,STRING,, +7,RelyingPartyConfiguration,idp.properties,Identifies the endpoint in SAML metadata associated with artifacts issued by a server node,all,,,,2,idp.artifact.endpointIndex,INTEGER,, +5,RelyingPartyConfiguration,idp.properties,Whether to allow use of the SAML artifact bindings when sending messages,all,,,,true,idp.artifact.enabled,BOOLEAN,, +186,RemoteUserAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.RemoteUser,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.RemoteUser.proxyRestrictionsEnforced,BOOLEAN,, +191,RemoteUserAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.RemoteUser,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUser.reuseCondition,SPRING_BEAN_ID,, +188,RemoteUserAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.discoveryRequired,BOOLEAN,, +183,RemoteUserAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.nonBrowserSupported,BOOLEAN,, +184,RemoteUserAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.passiveAuthenticationSupported,BOOLEAN,, +193,RemoteUserAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.RemoteUser,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUser.activationCondition,SPRING_BEAN_ID,, +195,RemoteUserAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.RemoteUser,,,true,idp.authn.RemoteUser.addDefaultPrincipals,BOOLEAN,, +189,RemoteUserAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.RemoteUser,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.RemoteUser.lifetime,DURATION,, +208,RemoteUserInternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.nonBrowserSupported,BOOLEAN,, +219,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.RemoteUserInternal,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.RemoteUserInternal.supportedPrincipals,STRING,, +210,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.forcedAuthenticationSupported,BOOLEAN,, +204,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of usernames to deny while accepting all others,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.deniedUsernames,STRING,, +209,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.passiveAuthenticationSupported,BOOLEAN,, +203,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of usernames to accept while blocking all others,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.allowedUsernames,STRING,, +202,RemoteUserInternalAuthnConfiguration,authn/authn.properties,A regular expression that must match the username,4.1,idp.authn.RemoteUserInternal,,regex expected,,idp.authn.RemoteUserInternal.matchExpression,STRING,, +198,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of request headers to check for a username,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.checkHeaders,STRING,, +207,RemoteUserInternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.RemoteUserInternal,,,1000,idp.authn.RemoteUserInternal.order,INTEGER,, +211,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.RemoteUserInternal.proxyRestrictionsEnforced,BOOLEAN,, +220,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.addDefaultPrincipals,BOOLEAN,, +199,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to trim leading and trailing whitespace from the username before validating it,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.trim,BOOLEAN,, +201,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to uppercase the username before validating it,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.uppercase,BOOLEAN,, +196,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to check REMOTE_USER for a username,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.checkRemoteUser,BOOLEAN,, +206,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.RemoteUserInternal,,regex expected,,idp.authn.RemoteUserInternal.matchExpression,STRING,, +214,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.RemoteUserInternal.lifetime,DURATION,, +216,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.RemoteUserInternal,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUserInternal.reuseCondition,SPRING_BEAN_ID,, +217,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.RemoteUserInternal,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUserInternal.activationCondition,SPRING_BEAN_ID,, +215,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.RemoteUserInternal.inactivityTimeout,DURATION,, +205,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Spring Web Flow redirection expression for the protected resource,4.1,idp.authn.RemoteUserInternal,,,contextRelative:external.jsp,idp.authn.RemoteUserInternal.externalAuthnPath,STRING,, +213,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.discoveryRequired,BOOLEAN,, +197,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited lists of request attributes to check for a username,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.checkAttributes,STRING,, +212,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.proxyScopingEnforced,BOOLEAN,, +218,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.SAML.activationCondition,SPRING_BEAN_ID,, +338,SAMLAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.SAML.reuseCondition,SPRING_BEAN_ID,, +328,SAMLAuthnConfiguration,authn/authn.properties,Optional bean ID of AssertionValidator to run,4.1,,,,,idp.authn.SAML.assertionValidator,SPRING_BEAN_ID,, +327,SAMLAuthnConfiguration,authn/authn.properties,"Optional bean ID of Function to run at the late stages of Response decoding/processing",4.1,,,,,idp.authn.SAML.inboundMessageHandlerFunction,SPRING_BEAN_ID,, +329,SAMLAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,,,,1000,idp.authn.SAML.order,INTEGER,, +333,SAMLAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.SAML.proxyRestrictionsEnforced,BOOLEAN,, +336,SAMLAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.SAML.lifetime,DURATION,, +340,SAMLAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step",4.1,,,,,idp.authn.SAML.outboundMessageHandlerFunction,SPRING_BEAN_ID,, +325,SAMLAuthnConfiguration,authn/authn.properties,Statically-defined entityID of IdP to use for authentication,4.1,,,,,idp.authn.SAML.proxyEntityID,STRING,, +334,SAMLAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,,,,false,idp.authn.SAML.proxyScopingEnforced,BOOLEAN,, +17,SecurityConfiguration,idp.properties,Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified,all,,,,,idp.cookie.sameSite,SELECTION_LIST,"None,Lax,Strict", +16,SecurityConfiguration,idp.properties,Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days),all,,,,31536000,idp.cookie.maxAge,INTEGER,, +21,SecurityConfiguration,idp.properties,Time between checks for a new AES key version,all,,,,PT15M,idp.sealer.updateInterval,DURATION,, +23,SecurityConfiguration,idp.properties,Keystore resource containing AES encryption key usually a file path,all,,,resource path,,idp.sealer.storeResource,STRING,, +12,SecurityConfiguration,idp.properties,If true all cookies issued by the IdP (not including the container) will be limited to TLS,all,,,,false,idp.cookie.secure,BOOLEAN,, +14,SecurityConfiguration,idp.properties,Overrides the domain of any cookies issued by the IdP (not including the container),all,,,,,idp.cookie.domain,STRING,, +33,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default SecurityConfiguration,all,,,Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration),shibboleth.DefaultSecurityConfiguration,idp.security.config,SPRING_BEAN_ID,, +34,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default SignatureSigningConfiguration,all,,,Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec),shibboleth.SigningConfiguration.SHA256,idp.signing.config,SPRING_BEAN_ID,, +18,SecurityConfiguration,idp.properties,Predicate condition bean controlling whether SameSite filter runs,all,,,Bean ID of Predicate,shibboleth.Conditions.FALSE,idp.cookie.sameSiteCondition,SPRING_BEAN_ID,, +15,SecurityConfiguration,idp.properties,Overrides the path of any cookies issued by the IdP (not including the container),all,,,,,idp.cookie.path,STRING,, +20,SecurityConfiguration,idp.properties,Type of Java keystore used for IdP's internal AES encryption key,all,,,,JCEKS,idp.sealer.storeType,STRING,, +40,SecurityConfiguration,idp.properties,Default freshness window for accepting timestamped messages,all,,,,PT3M,idp.policy.messageLifetime,DURATION,, +41,SecurityConfiguration,idp.properties,Default freshness window for accepting timestamped assertions,all,,,,PT3M,idp.policy.assertionLifetime,DURATION,, +42,SecurityConfiguration,idp.properties,Default allowance for clock differences between systems,all,,,,PT3M,idp.policy.clockSkew,DURATION,, +24,SecurityConfiguration,idp.properties,Resource that tracks the active AES encryption key version usually a file path,all,,,,,idp.sealer.versionResource,STRING,, +27,SecurityConfiguration,idp.properties,Resource containing private key for signing typically a file in the credentials directory,all,,,,,idp.signing.key,STRING,, +22,SecurityConfiguration,idp.properties,Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number),all,,,,secret,idp.sealer.aliasBase,STRING,, +37,SecurityConfiguration,idp.properties,Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration,all,,,,Default,idp.encryption.keyagreement.metadata.defaultUseKeyWrap,STRING,, +38,SecurityConfiguration,idp.properties,Name of Spring bean for the trust engine used to verify signatures,all,,,Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support),shibboleth.ChainingSignatureTrustEngine,idp.trust.signatures,SPRING_BEAN_ID,, +36,SecurityConfiguration,idp.properties,If true failure to locate an encryption key to use won't result in request failure,all,,,,false,idp.encryption.optional,BOOLEAN,, +25,SecurityConfiguration,idp.properties,Keystore password unlocking AES encryption keystore typically set during installation,all,,,,,idp.sealer.storePassword,STRING,, +28,SecurityConfiguration,idp.properties,Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory,all,,,,,idp.signing.cert,STRING,, +31,SecurityConfiguration,idp.properties,Resource containing an alternate private key for decryption generally unused except while changing decryption keys,all,,,,,idp.encryption.key.2,STRING,, +32,SecurityConfiguration,idp.properties,Resource containing an alternate public key certificate generally unused except while changing decryption keys,all,,,,,idp.encryption.cert.2,STRING,, +30,SecurityConfiguration,idp.properties,Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory,all,,,resource path,,idp.encryption.cert,STRING,, +29,SecurityConfiguration,idp.properties,Resource containing a private key for decryption typically a file in the credentials directory,all,,,resource path,,idp.encryption.key,STRING,, +26,SecurityConfiguration,idp.properties,Key password unlocking AES encryption key typically set to the same as the previous property and set during installation,all,,,,,idp.sealer.keyPassword,STRING,, +19,SecurityConfiguration,idp.properties,Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.,all,,,Bean ID of DataSealerKeyStrategy,shibboleth.DataSealerKeyStrategy,idp.sealer.keyStrategy,SPRING_BEAN_ID,, +44,SecurityConfiguration,idp.properties,Overrides the X509KeyInfoGeneratorFactory used by default,4.1,,,Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager),shibboleth.X509KeyInfoGeneratorFactory,idp.security.x509KeyInfoFactory,SPRING_BEAN_ID,, +35,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default EncryptionConfiguration,all,,,Bean ID of EncryptionConfiguration (org.opensaml.xmlsec),shibboleth.EncryptionConfiguration.CBC,idp.encryption.config,SPRING_BEAN_ID,, +43,SecurityConfiguration,idp.properties,Overrides the BasicKeyInfoGeneratorFactory used by default,4.1,,,Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager),shibboleth.BasicKeyInfoGeneratorFactory,idp.security.basicKeyInfoFactory,SPRING_BEAN_ID,, +39,SecurityConfiguration,idp.properties,Name of Spring bean for the trust engine used to verify TLS certificates,all,,,Bean ID of TrustEngine (org.opensaml.security.trust),shibboleth.ChainingX509TrustEngine,idp.trust.certificates,SPRING_BEAN_ID,, +13,SecurityConfiguration,idp.properties,If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property,all,,,,true,idp.cookie.httpOnly,BOOLEAN,, +65,SessionConfiguration,idp.properties,Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions),4.2,,,,shib_idp_session,idp.session.cookieName,STRING,, +67,SessionConfiguration,idp.properties,Whether to bind IdP sessions to IP addresses,all,,,,true,idp.session.consistentAddress,BOOLEAN,, +63,SessionConfiguration,idp.properties,Whether to enable the IdP's session tracking feature,all,,,,true,idp.session.enabled,BOOLEAN,, +74,SessionConfiguration,idp.properties,"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting",all,,,,PT2H,idp.session.defaultSPlifetime,DURATION,, +71,SessionConfiguration,idp.properties,Whether to hide storage failures from users during session cache reads/writes,all,,,,false,idp.session.maskStorageFailure,BOOLEAN,, +66,SessionConfiguration,idp.properties,Number of characters in IdP session identifiers,all,,,,32,idp.session.idSize,INTEGER,, +69,SessionConfiguration,idp.properties,Inactivity timeout policy for IdP sessions (must be non-zero),all,,,,PT60M,idp.session.timeout,DURATION,, +70,SessionConfiguration,idp.properties,Extra time after expiration before removing SP sessions in case a logout is invoked,all,,,,0,idp.session.slop,DURATION,, +64,SessionConfiguration,idp.properties,Bean name of a storage implementation/configuration to use for IdP sessions,all,,,Bean ID of StorageService (org.opensaml.storage),shibboleth.ClientSessionStorageService,idp.session.StorageService,SPRING_BEAN_ID,, +73,SessionConfiguration,idp.properties,"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)",all,,,,false,idp.session.secondaryServiceIndex,BOOLEAN,, +72,SessionConfiguration,idp.properties,Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage),all,,,,false,idp.session.trackSPSessions,BOOLEAN,, +68,SessionConfiguration,idp.properties,A 2-argument predicate that compares a bound session's address to a client address,all,,,"BiPredicate",Direct string comparison,idp.session.consistentAddressCondition,STRING,, +485,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.simple.uppercase,BOOLEAN,, +486,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.simple.trim,BOOLEAN,, +484,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.simple.lowercase,BOOLEAN,, +222,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to always try to run SPNEGO independent of the user's auto-login setting,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.enforceRun,BOOLEAN,, +221,SPNEGOAuthnConfiguration,authn/authn.properties,Servlet-relative path to the SPNEGO external authentication implementation,4.1,idp.authn.SPNEGO,,URL path,/Authn/SPNEGO,idp.authn.SPNEGO.externalAuthnPath,STRING,, +224,SPNEGOAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.SPNEGO,,regex expected,,idp.authn.SPNEGO.matchExpression,STRING,, +238,SPNEGOAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.SPNEGO,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, saml1/urn:ietf:rfc:1510",idp.authn.SPNEGO.supportedPrincipals,STRING,, +230,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.SPNEGO,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.SPNEGO.proxyRestrictionsEnforced,BOOLEAN,, +225,SPNEGOAuthnConfiguration,authn/authn.properties,Name of cookie used to track auto-login state of client,4.2,idp.authn.SPNEGO,,,_idp_spnego_autologin,idp.authn.SPNEGO.cookieName,STRING,, +226,SPNEGOAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.SPNEGO,,,1000,idp.authn.SPNEGO.order,INTEGER,, +237,SPNEGOAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.SPNEGO,,,shibboleth.Conditions.TRUE,idp.authn.SPNEGO.reuseCondition,SPRING_BEAN_ID,, +236,SPNEGOAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.SPNEGO,,,shibboleth.Conditions.TRUE,idp.authn.SPNEGO.activationCondition,SPRING_BEAN_ID,, +234,SPNEGOAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.SPNEGO,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.SPNEGO.inactivityTimeout,DURATION,, +239,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.SPNEGO,,,true,idp.authn.SPNEGO.addDefaultPrincipals,BOOLEAN,, +233,SPNEGOAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.SPNEGO,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.SPNEGO.lifetime,DURATION,, +223,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.refreshKrbConfig,BOOLEAN,, +227,SPNEGOAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.nonBrowserSupported,BOOLEAN,, +228,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.passiveAuthenticationSupported,BOOLEAN,, +229,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.forcedAuthenticationSupported,BOOLEAN,, +231,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.proxyScopingEnforced,BOOLEAN,, +232,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.discoveryRequired,BOOLEAN,, +430,Status,admin/admin.properties,?,4.1,,,,,idp.status.postAuthenticationFlows,STRING,, +428,Status,admin/admin.properties,?,4.1,,,,,idp.status.defaultAuthenticationMethods,STRING,, +426,Status,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.status.authenticated,BOOLEAN,, +425,Status,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.status.accessPolicy,STRING,, +429,Status,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.status.resolveAttributes,BOOLEAN,, +427,Status,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.status.nonBrowserSupported,BOOLEAN,, +424,Status,admin/admin.properties,Audit log identifier for flow,4.1,,,,Status,idp.status.logging,STRING,, +57,StorageConfiguration,idp.properties,Interval of background thread sweeping server-side storage for expired records,all,,,,PT10M,idp.storage.cleanupInterval,DURATION,, +8,StorageConfiguration,idp.properties,Storage back-end to use for short-lived SAML Artifact mappings (must be server-side),all,,,Bean ID of a StorageService (org.opensaml.storage),shibboleth.StorageService,idp.artifact.StorageService,SPRING_BEAN_ID,, +60,StorageConfiguration,idp.properties,Name of cookie or HTML storage key used by the default persistent instance of the client storage service,all,,,,shib_idp_persistent_ss,idp.storage.clientPersistentStorageName,STRING,, +61,StorageConfiguration,idp.properties,Storage back-end to use for message replay checking (must be server-side),all,,,Bean ID of a StorageService (org.opensaml.storage),shibboleth.StorageService,idp.replayCache.StorageService,SPRING_BEAN_ID,, +58,StorageConfiguration,idp.properties,Whether to use HTML Local Storage (if available) instead of cookies,all,,,,false,idp.storage.htmlLocalStorage,BOOLEAN,, +59,StorageConfiguration,idp.properties,Name of cookie or HTML storage key used by the default per-session instance of the client storage service,all,,,,shib_idp_session_ss,idp.storage.clientSessionStorageName,STRING,, +62,StorageConfiguration,idp.properties,Whether storage errors during replay checks should be treated as a replay,all,,,,true,idp.replayCache.strict,BOOLEAN,, +622,TOTP,authn/authn.properties,Name of HTML form field to use for locating browser-submitted token codes,4.1,idp.authn.TOTP,1,,tokencode,idp.authn.TOTP.fieldName,STRING,, +627,TOTP,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.TOTP,1,,true,idp.authn.TOTP.forcedAuthenticationSupported,BOOLEAN,, +636,TOTP,authn/authn.properties,Comma-delimited list of protocol-specific Principalstrings associated with flow,4.1,idp.authn.TOTP,1,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken",idp.authn.TOTP.supportedPrincipals,STRING,, +623,TOTP,authn/authn.properties,Name of IdPAttribute to resolve to obtain token seeds for users,4.1,idp.authn.TOTP,1,,tokenSeeds,idp.authn.TOTP.tokenSeedAttribute,STRING,, +621,TOTP,authn/authn.properties,Name of request header to use for extracting non-browser submitted token codes,4.1,idp.authn.TOTP,1,,X-Shibboleth-TOTP,idp.authn.TOTP.headerName,STRING,, +624,TOTP,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.TOTP,1,,1000,idp.authn.TOTP.order,INTEGER,, +626,TOTP,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.passiveAuthenticationSupported,BOOLEAN,, +625,TOTP,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.nonBrowserSupported,BOOLEAN,, +628,TOTP,authn/authn.properties,Whether the flow enforces upstream IdP-imposed restrictions on proxying,4.1,idp.authn.TOTP,1,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.TOTP.proxyRestrictionsEnforced,BOOLEAN,, +634,TOTP,authn/authn.properties,Bean ID ofPredicate determining whether flow is usable for request,4.1,idp.authn.TOTP,1,,shibboleth.Conditions.TRUE,idp.authn.TOTP.activationCondition,SPRING_BEAN_ID,, +632,TOTP,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.TOTP,1,,%{idp.authn.defaultTimeout:PT30M},idp.authn.TOTP.inactivityTimeout,DURATION,, +631,TOTP,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.TOTP,1,,%{idp.authn.defaultLifetime:PT1H},idp.authn.TOTP.lifetime,DURATION,, +633,TOTP,authn/authn.properties,Bean ID ofPredicate controlling result reuse for SSO,4.1,idp.authn.TOTP,1,,shibboleth.Conditions.TRUE,idp.authn.TOTP.reuseCondition,SPRING_BEAN_ID,, +635,TOTP,authn/authn.properties,"Bean ID ofBiConsumer for subject customization",4.1,idp.authn.TOTP,1,,,idp.authn.TOTP.subjectDecorator,SPRING_BEAN_ID,, +629,TOTP,authn/authn.properties,Whether the flow considers itself to be proxying,4.1,idp.authn.TOTP,1,and therefore enforces SP-signaled restrictions on proxying,false,idp.authn.TOTP.proxyScopingEnforced,BOOLEAN,, +630,TOTP,authn/authn.properties,Whether to invoke IdP-discovery prior to running flow,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.discoveryRequired,BOOLEAN,, +637,TOTP,authn/authn.properties,Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.addDefaultPrincipals,BOOLEAN,, +496,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.x500.trim,BOOLEAN,, +498,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attribute OIDs to search for in the subject DN,4.1,,,Comma seperated list of integer values,"2,5,4,3",idp.c14n.x500.objectIDs,STRING,, +495,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.x500.uppercase,BOOLEAN,, +494,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.x500.lowercase,BOOLEAN,, +497,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of subjectAltName extension types to look for,4.1,,,Comma seperated list of integer values,,idp.c14n.x500.subjectAltNameTypes,STRING,, +241,X509AuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.X509,,,1000,idp.authn.X509.order,INTEGER,, +245,X509AuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.X509,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.X509.proxyRestrictionsEnforced,BOOLEAN,, +252,X509AuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.X509,,,shibboleth.Conditions.TRUE,idp.authn.X509.activationCondition,SPRING_BEAN_ID,, +250,X509AuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.X509,,,shibboleth.Conditions.TRUE,idp.authn.X509.reuseCondition,SPRING_BEAN_ID,, +253,X509AuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.X509,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246",idp.authn.X509.supportedPrincipals,STRING,, +247,X509AuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.X509,,,false,idp.authn.X509.discoveryRequired,BOOLEAN,, +246,X509AuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.X509,,,false,idp.authn.X509.proxyScopingEnforced,BOOLEAN,, +254,X509AuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.X509,,,true,idp.authn.X509.addDefaultPrincipals,BOOLEAN,, +244,X509AuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.X509,,,false,idp.authn.X509.forcedAuthenticationSupported,BOOLEAN,, +243,X509AuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.X509,,,false,idp.authn.X509.passiveAuthenticationSupported,BOOLEAN,, +261,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,,,,false,idp.authn.X509Internal.proxyScopingEnforced,BOOLEAN,, +259,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,,,,false,idp.authn.X509Internal.forcedAuthenticationSupported,BOOLEAN,, +258,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,,,,false,idp.authn.X509Internal.passiveAuthenticationSupported,BOOLEAN,, +257,X509InternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,,,,false,idp.authn.X509Internal.nonBrowserSupported,BOOLEAN,, +255,X509InternalAuthnConfiguration,authn/authn.properties,Whether to save the certificate into the Subject's public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.,4.1,,,,true,idp.authn.X509Internal.saveCertificateToCredentialSet,BOOLEAN,, +269,X509InternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,,,,true,idp.authn.X509Internal.addDefaultPrincipals,BOOLEAN,, +260,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.X509Internal.proxyRestrictionsEnforced,BOOLEAN,, +256,X509InternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,,,,1000,idp.authn.X509Internal.order,INTEGER,, +264,X509InternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.X509Internal.inactivityTimeout,DURATION,, +267,X509InternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.X509Internal.activationCondition,SPRING_BEAN_ID,, +265,X509InternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.X509Internal.reuseCondition,SPRING_BEAN_ID,, +262,X509InternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,,,,false,idp.authn.X509Internal.discoveryRequired,BOOLEAN,, \ No newline at end of file From 4683ce195f2a75872bdac7384f20a31c6d797064 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 14:25:27 -0700 Subject: [PATCH 10/63] SHIBUI-2268 load properties to database from csv configuration on startup Former-commit-id: b24b378f6dea8970f318600aef51fbc05a311f33 --- .../ui/service/ShibPropertiesBootstrap.groovy | 70 ++ .../CustomPropertiesConfiguration.java | 13 +- .../ui/domain/ShibConfigurationProperty.java | 12 +- .../ShibConfigurationRepository.java | 15 + ...EntityAttributesDefinitionServiceImpl.java | 4 +- .../ui/service/ShibConfigurationService.java | 12 + .../service/ShibConfigurationServiceImpl.java | 25 + backend/src/main/resources/application.yml | 15 +- .../resources/shib_configuration_prop.csv | 656 ++++++++++++++++++ 9 files changed, 813 insertions(+), 9 deletions(-) create mode 100644 backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java create mode 100644 backend/src/main/resources/shib_configuration_prop.csv diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy new file mode 100644 index 000000000..daf75b61e --- /dev/null +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy @@ -0,0 +1,70 @@ +package edu.internet2.tier.shibboleth.admin.ui.service + +import com.opencsv.CSVReader +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty +import groovy.util.logging.Slf4j +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.boot.context.event.ApplicationStartedEvent +import org.springframework.context.event.EventListener +import org.springframework.core.io.ClassPathResource +import org.springframework.core.io.Resource +import org.springframework.stereotype.Component + +import javax.transaction.Transactional + +@Component +@Slf4j +class ShibPropertiesBootstrap { + @Autowired + private ShibConfigurationService service + + ShibPropertiesBootstrap(ShibConfigurationService service) { + this.service = service + } + + @Transactional + @EventListener + void bootstrapUsersAndRoles(ApplicationStartedEvent e) { + log.info("Ensuring base Shibboleth properties configuration has loaded") + + Resource resource = new ClassPathResource('shib_configuration_prop.csv') + final HashMap propertiesMap = new HashMap<>() + + // Read in the defaults in the configuration file + new CSVReader(new InputStreamReader(resource.inputStream)).each { fields -> + def (resource_id,category,config_file,description,idp_version,module,module_version,note,default_value,property_name,property_type,selection_items,property_value) = fields + ShibConfigurationProperty prop = new ShibConfigurationProperty().with { + it.resourceId = resource_id + it.category = category + it.configFile = config_file + it.description = description + it.idpVersion = idp_version + it.module = module + it.moduleVersion = module_version + it.note = note + it.defaultValue = default_value + it.description = description + it.propertyName = property_name + def pt = property_type + it.setPropertyType(pt) + it.selectionItems = selection_items + // we shouldn't have property values coming in from the config... + it + } + propertiesMap.put(prop.getPropertyName(), prop) + } + + // If we already have the property in the db, ignore the configuration setup for that property + service.getExistingPropertyNames().each { + propertiesMap.remove(it) + } + + // Save anything that's left + if (propertiesMap.size() > 0) { + log.info("Saving/loading [" + propertiesMap.size() + "] properties to the database") + service.addAll(propertiesMap.values()) + } + + log.info("COMPLETED: ensuring base Shibboleth properties configuration has loaded") + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index af8aef206..9a85e48a2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -2,21 +2,20 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.IRelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; - import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.ApplicationListener; import org.springframework.context.annotation.Configuration; +import javax.annotation.PostConstruct; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import javax.annotation.PostConstruct; - @Configuration @ConfigurationProperties(prefix = "custom") public class CustomPropertiesConfiguration implements ApplicationListener { @@ -28,6 +27,8 @@ public class CustomPropertiesConfiguration implements ApplicationListener overridesFromConfigFile = new ArrayList<>(); + private List shibprops = new ArrayList<>(); + private void buildRelyingPartyOverrides() { // Start over with a clean map and get the CustomEntityAttributesDefinitions from the DB HashMap reloaded = new HashMap<>(); @@ -68,6 +69,7 @@ public void onApplicationEvent(CustomEntityAttributeDefinitionChangeEvent arg0) public void postConstruct() { // Make sure we have the right data buildRelyingPartyOverrides(); + updateShibPropsDatabase(); } public void setAttributes(List> attributes) { @@ -85,4 +87,7 @@ public void setCeadService(CustomEntityAttributesDefinitionService ceadService) public void setOverrides(List overridesFromConfigFile) { this.overridesFromConfigFile = overridesFromConfigFile; } -} + + private void updateShibPropsDatabase() { + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java index 945f9ff96..345592ae3 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java @@ -22,7 +22,7 @@ public class ShibConfigurationProperty { @Column(name = "config_file", nullable = false) String configFile; - @Column(name = "default_value", nullable = false) + @Column(name = "default_value") String defaultValue; @Column(name = "description") @@ -46,8 +46,16 @@ public class ShibConfigurationProperty { @Column(name = "property_type", nullable = false) PropertyType propertyType; - @Column(name = "property_value", nullable = false) + @Column(name = "property_value") String propertyValue; + + @Column(name = "selection_items") + String selectionItems; + + public void setPropertyType(String val) { + this.propertyType = PropertyType.valueOf(val); + } + } enum PropertyType { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java new file mode 100644 index 000000000..e5889b3cd --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java @@ -0,0 +1,15 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import org.springframework.data.jpa.repository.JpaRepository; +import org.springframework.data.jpa.repository.Query; + +import java.util.List; + +/** + * Repository to manage {@link ShibConfigurationProperty} instances. + */ +public interface ShibConfigurationRepository extends JpaRepository { + @Query(value = "select property_name from shib_configuration_prop", nativeQuery = true) + List getPropertyNames(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java index 6fe0a8c25..cd5893c42 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java @@ -19,7 +19,7 @@ public class CustomEntityAttributesDefinitionServiceImpl implements CustomEntity private ApplicationEventPublisher applicationEventPublisher; @Autowired - EntityManager entityManager; + EntityManager entityManager; // Why is this here - it isn't used @Autowired private CustomEntityAttributeDefinitionRepository repository; @@ -53,4 +53,4 @@ public List getAllDefinitions() { private void notifyListeners() { applicationEventPublisher.publishEvent(new CustomEntityAttributeDefinitionChangeEvent(this)); } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java new file mode 100644 index 000000000..504c60956 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -0,0 +1,12 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; + +import java.util.Collection; +import java.util.List; + +public interface ShibConfigurationService { + void addAll(Collection newProperties); + + List getExistingPropertyNames(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java new file mode 100644 index 000000000..d9d29c37f --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -0,0 +1,25 @@ +package edu.internet2.tier.shibboleth.admin.ui.service; + +import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import java.util.Collection; +import java.util.List; + +@Service +public class ShibConfigurationServiceImpl implements ShibConfigurationService { + @Autowired + private ShibConfigurationRepository repository; + + @Override + public void addAll(Collection newProperties) { + repository.saveAll(newProperties); + } + + @Override + public List getExistingPropertyNames() { + return repository.getPropertyNames(); + } +} \ No newline at end of file diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index bf1367934..09d922b1c 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -162,4 +162,17 @@ custom: displayType: boolean helpText: tooltip.ignore-request-signatures attributeName: http://shibboleth.net/ns/profiles/ignoreRequestSignatures - attributeFriendlyName: ignoreRequestSignatures \ No newline at end of file + attributeFriendlyName: ignoreRequestSignatures + shibprops: + - category: asd # required + configFile: kj # required + defaultValue: foo + description: blak + idpVersion: 4.1 # required + module: h + moduleVersion: 1 + note: nnn + propertyName: dddd # required + propertyType: dddd # required as one of: BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING + propertyValue: dddd + selectionItems: dddd,dddd # required if propertyType is SELECTION_LIST - comma seperated values \ No newline at end of file diff --git a/backend/src/main/resources/shib_configuration_prop.csv b/backend/src/main/resources/shib_configuration_prop.csv new file mode 100644 index 000000000..fd6b84a33 --- /dev/null +++ b/backend/src/main/resources/shib_configuration_prop.csv @@ -0,0 +1,656 @@ +474,?,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.storage.authenticated,BOOLEAN,, +472,?,admin/admin.properties,Audit log identifier for flow,4.1,,,,Storage,idp.storage.logging,STRING,, +476,?,admin/admin.properties,?,4.1,,,,,idp.storage.defaultAuthenticationMethods,STRING,, +473,?,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.storage.accessPolicy,STRING,, +475,?,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.storage.nonBrowserSupported,BOOLEAN,, +442,AACLI,admin/admin.properties,?,4.1,,,,,idp.resolvertest.defaultAuthenticationMethods,STRING,, +443,AACLI,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.resolvertest.resolveAttributes,BOOLEAN,, +439,AACLI,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.resolvertest.accessPolicy,STRING,, +438,AACLI,admin/admin.properties,Audit log identifier for flow,4.1,,,,ResolverTest,idp.resolvertest.logging,STRING,, +441,AACLI,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.resolvertest.nonBrowserSupported,BOOLEAN,, +444,AACLI,admin/admin.properties,?,4.1,,,,,idp.resolvertest.postAuthenticationFlows,STRING,, +440,AACLI,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.resolvertest.authenticated,BOOLEAN,, +466,AccountLockoutManagement,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.lockout.accessPolicy,STRING,, +467,AccountLockoutManagement,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.lockout.authenticated,BOOLEAN,, +470,AccountLockoutManagement,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.lockout.resolveAttributes,BOOLEAN,, +468,AccountLockoutManagement,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.lockout.nonBrowserSupported,BOOLEAN,, +469,AccountLockoutManagement,admin/admin.properties,?,4.1,,,,,idp.lockout.defaultAuthenticationMethods,STRING,, +471,AccountLockoutManagement,admin/admin.properties,?,4.1,,,,,idp.lockout.postAuthenticationFlows,STRING,, +465,AccountLockoutManagement,admin/admin.properties,Audit log identifier for flow,4.1,,,,Lockout,idp.lockout.logging,STRING,, +479,AttendedRestartConfiguration,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessDenied,idp.unlock-keys.accessPolicy,STRING,, +480,AttendedRestartConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,true,idp.unlock-keys.authenticated,BOOLEAN,, +478,AttendedRestartConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,UnlockKeys,idp.unlock-keys.logging,STRING,, +477,AttendedRestartConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.storage.resolveAttributes,BOOLEAN,, +483,AttendedRestartConfiguration,admin/admin.properties,?,4.1,,,,,idp.unlock-keys.postAuthenticationFlows,STRING,, +481,AttendedRestartConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.unlock-keys.nonBrowserSupported,BOOLEAN,, +482,AttendedRestartConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.unlock-keys.resolveAttributes,BOOLEAN,, +491,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue,4.1,,,,,idp.c14n.attribute.attributeSourceIds,STRING,, +492,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service,4.1,,,,false,idp.c14n.attribute.resolveFromSubject,BOOLEAN,, +487,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.attribute.lowercase,BOOLEAN,, +493,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone,4.1,,,,shibboleth.Conditions.TRUE,idp.c14n.attribute.resolutionCondition,SPRING_BEAN_ID,, +488,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.attribute.uppercase,BOOLEAN,, +489,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.attribute.trim,BOOLEAN,, +490,AttributePostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can),4.1,,,,,idp.c14n.attribute.attributesToResolve,STRING,, +512,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Status,idp.service.logging.status,STRING,, +511,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.cas,STRING,, +514,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Reload,idp.service.logging.serviceReload,STRING,, +515,AuditLoggingConfiguration,services.properties,Hash algorithm to apply to various hashed fields,4.1,,,,SHA-256,idp.audit.hashAlgorithm,STRING,, +510,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Logout,idp.service.logging.logout,STRING,, +516,AuditLoggingConfiguration,services.properties,Salt to apply to hashed fields must be set to use those fields,4.1,,,,,idp.audit.salt,STRING,, +509,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,Logout,idp.service.logging.saml2slo,STRING,, +504,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,AttributeQuery,idp.service.logging.saml1attrquery,STRING,, +508,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ArtifactResolution,idp.service.logging.saml2artifact,STRING,, +507,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,AttributeQuery,idp.service.logging.saml2attrquery,STRING,, +506,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.saml2sso,STRING,, +118,AuditLoggingConfiguration,services.properties,"Set false if you want SAML bindings ""spelled out"" in audit log",all,,,,true,idp.audit.shortenBindings,BOOLEAN,, +503,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,SSO,idp.service.logging.saml1sso,STRING,, +513,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ResolverTest,idp.service.logging.resolvertest,STRING,, +505,AuditLoggingConfiguration,services.properties,Suffix added to audit logging category when various profiles/flows are audited,all,,,you can use this to route different kinds of audit records to different destinations based on general function,ArtifactResolution,idp.service.logging.saml1artifact,STRING,, +78,AuthenticationConfiguration,authn/authn.properties,Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication,4.1,,,,true,idp.authn.proxyRestrictionsEnforced,BOOLEAN,, +79,AuthenticationConfiguration,authn/authn.properties,Whether to prioritize prior authentication results when an SP requests more than one possible matching method,all,,,,false,idp.authn.favorSSO,BOOLEAN,, +82,AuthenticationConfiguration,authn/authn.properties,Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose,4.1,,,,,idp.authn.discoveryURL,STRING,, +80,AuthenticationConfiguration,authn/authn.properties,Whether to populate information about the relying party into the tree for user interfaces during login and interceptors,all,,,,true,idp.authn.rpui,BOOLEAN,, +81,AuthenticationConfiguration,authn/authn.properties,Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session.,all,,,,false,idp.authn.identitySwitchIsError,BOOLEAN,, +76,AuthenticationConfiguration,authn/authn.properties,Default amount of time to allow reuse prior authentication flows,all,,,measured since first usage,PT60M,idp.authn.defaultLifetime,DURATION,, +77,AuthenticationConfiguration,authn/authn.properties,Default inactivity timeout to prevent reuse of prior authentication flows,all,,,measured since last usage,PT30M,idp.authn.defaultTimeout,DURATION,, +75,AuthenticationConfiguration,authn/authn.properties,Required expression that identifies the login flows to globally enable,all,,,"ex. Password, MA, DUO",,idp.authn.flows,STRING,, +83,AuthenticationConfiguration,authn/authn.properties,Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set,4,,,,false,idp.authn.overrideRequestedAuthnContext,BOOLEAN,, +110,CasProtocolConfiguration,idp.properties,CAS service registry implementation class,all,,,,net.shibboleth.idp.cas.service.PatternServiceRegistry,idp.cas.serviceRegistryClass,STRING,, +109,CasProtocolConfiguration,idp.properties,"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed ""simple"" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)",all,,,,shibboleth.StorageService,idp.cas.StorageService,SPRING_BEAN_ID,, +111,CasProtocolConfiguration,idp.properties,If true CAS services provisioned with SAML metadata are identified via entityID,all,,,,false,idp.cas.relyingPartyIdFromMetadata,BOOLEAN,, +89,ConsentConfiguration,idp.properties,Name of function used to return the String storage key representing a user defaults to the principal name,all,,,,shibboleth.consent.PrincipalConsentStorageKey,idp.consent.terms-of-use.userStorageKey,SPRING_BEAN_ID,, +96,ConsentConfiguration,idp.properties,Whether per-attribute consent is allowed,all,,,,false,idp.consent.allowPerAttribute,BOOLEAN,, +97,ConsentConfiguration,idp.properties,Whether attribute values and terms of use text are stored and compared for equality,all,,,,false,idp.consent.compareValues,BOOLEAN,, +94,ConsentConfiguration,idp.properties,Whether not remembering/storing consent is allowed,all,,,,true,idp.consent.allowDoNotRemember,BOOLEAN,, +95,ConsentConfiguration,idp.properties,Whether consent to any attribute and to any relying party is allowed,all,,,,true,idp.consent.allowGlobal,BOOLEAN,, +86,ConsentConfiguration,idp.properties,Attribute whose value is the storage key representing a user,all,,,,uid,idp.consent.attribute-release.userStorageKeyAttribute,STRING,, +98,ConsentConfiguration,idp.properties,"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit",all,,,,10,idp.consent.maxStoredRecords,INTEGER,, +100,ConsentConfiguration,idp.properties,Time in milliseconds to expire consent storage records,4.x,,,"(v4.0=P1Y,v4.1=infinite)",,idp.consent.storageRecordLifetime,DURATION,, +90,ConsentConfiguration,idp.properties,Attribute whose value is the storage key representing a user,all,,,,uid,idp.consent.terms-of-use.userStorageKeyAttribute,STRING,, +91,ConsentConfiguration,idp.properties,Suffix of message property used as value of consent storage records when idp.consent.compareValues is true,all,,,,.text,idp.consent.terms-of-use.consentValueMessageCodeSuffix,STRING,, +84,ConsentConfiguration,idp.properties,Name of storage service used to store users' consent choices,all,,,,shibboleth.ClientPersistentStorageService,idp.consent.StorageService,SPRING_BEAN_ID,, +85,ConsentConfiguration,idp.properties,Name of function used to return the String storage key representing a user defaults to the principal name,all,,,,shibboleth.consent.PrincipalConsentStorageKey,idp.consent.attribute-release.userStorageKey,SPRING_BEAN_ID,, +99,ConsentConfiguration,idp.properties,"Maximum number of records stored when using larger/server-side storage, 0 = no limit",all,,,,0,idp.consent.expandedMaxStoredRecords,INTEGER,, +88,ConsentConfiguration,idp.properties,Default consent auditing formats,all,,,Logback logging pattern,%T|%SP|%e|%u|%CCI|%CCV|%CCA,idp.consent.attribute-release.auditFormat,STRING,, +93,ConsentConfiguration,idp.properties,Default consent auditing formats,all,,,Logback logging pattern,%T|%SP|%e|%u|%CCI|%CCV|%CCA,idp.consent.terms-of-use.auditFormat,STRING,, +92,ConsentConfiguration,idp.properties,Optional condition to apply to control activation of terms-of-use flow,4.1,,,,shibboleth.Conditions.TRUE,idp.consent.terms-of-use.activationCondition,SPRING_BEAN_ID,, +87,ConsentConfiguration,idp.properties,Optional condition to apply to control activation of attribute-release flow along with system default behavior,4.1,,,,shibboleth.Conditions.TRUE,idp.consent.attribute-release.activationCondition,SPRING_BEAN_ID,, +11,Core,idp.properties,applies a (fixed) scope typically a domain-valued suffix to an input attribute's values,all,,,,,idp.scope,STRING,, +2,Core,idp.properties,Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.,all,,,"Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties",,idp.additionalProperties,STRING,, +4,Core,idp.properties,Identifies the file to serve for requests to the IdP's well-known metadata location,all,,,,%{idp.home}/metadata/idp-metadata.xml,idp.entityID.metadataFile,STRING,, +47,Core,idp.properties,Auto-configures an HSTS response header,all,,,,max-age=0,idp.hsts,STRING,, +51,Core,idp.properties,"Location from which to load user-modifiable Velocity view templates. This can be set to include ""classpath*:/META-INF/net/shibboleth/idp/views"" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor",all,,,Comma seperated list of values,%{idp.home}/views,idp.views,STRING,, +107,Core,idp.properties,Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP),all,,,Bean ID of HttpClient to use for SOAP-based logout,SOAPClient.HttpClient,idp.soap.httpClient,SPRING_BEAN_ID,, +119,Core,idp.properties,Set to true to fail on velocity syntax errors,all,,,,false,idp.velocity.runtime.strictmode,BOOLEAN,, +122,Core,idp.properties,Policies to use with Impersonate interceptor flow,all,,,Policy ID,SpecificImpersonationPolicy,idp.impersonate.specificPolicy,STRING,, +50,Core,idp.properties,Location from which to load user-supplied webflows from,all,,,resource path,%{idp.home}/flows,idp.webflows,STRING,, +121,Core,idp.properties,Policies to use with Impersonate interceptor flow,all,,,Policy ID,GeneralImpersonationPolicy,idp.impersonate.generalPolicy,STRING,, +1,Core,idp.properties,Auto-load all files matching conf/**/*.properties,4,,,,true,idp.searchForProperties,BOOLEAN,, +10,Core,idp.properties,Identifies the file to serve for requests to the IdP's well-known metadata location,all,,,file pathname,%{idp.home}/metadata/idp-metadata.xml,idp.entityID.metadataFile,STRING,, +120,Core,idp.properties,Path to use with External interceptor flow,all,,,,contextRelative:intercept.jsp,idp.intercept.External.externalPath,STRING,, +108,Core,idp.properties,languages to use if no match can be found with the browser-supported languages,all,,,"Comma seperated list of values ex. en, fr, de",,idp.ui.fallbackLanguages,STRING,, +48,Core,idp.properties,Auto-configures an X-Frame-Options response header,all,,,,DENY,idp.frameoptions,SELECTION_LIST,"DENY,SAMEORIGIN", +49,Core,idp.properties,Auto-configures a Content Security Policy response header,all,,,,frame-ancestors 'none',idp.csp,STRING,, +45,CSRF,idp.properties,Enables CSRF protection,4,,,,true,idp.csrf.enabled,BOOLEAN,, +46,CSRF,idp.properties,Name of the HTTP parameter that stores the CSRF token,4,,,,csrf_token,idp.csrf.token.parameter,STRING,, +317,DuoAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.Duo,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.Duo.lifetime,DURATION,, +305,DuoAuthnConfiguration,authn/duo.properties,Name of HTTP request header for Duo AuthAPI factor,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,X-Shibboleth-Duo-Factor,idp.duo.nonbrowser.header.factor,STRING,, +311,DuoAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.Duo,,,false,idp.authn.Duo.nonBrowserSupported,BOOLEAN,, +314,DuoAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.Duo,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.Duo.proxyRestrictionsEnforced,BOOLEAN,, +320,DuoAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.Duo,,,shibboleth.Conditions.TRUE,idp.authn.Duo.activationCondition,SPRING_BEAN_ID,, +319,DuoAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.Duo,,,shibboleth.Conditions.TRUE,idp.authn.Duo.reuseCondition,SPRING_BEAN_ID,, +310,DuoAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.Duo,,,1000,idp.authn.Duo.order,INTEGER,, +302,DuoAuthnConfiguration,authn/duo.properties,Duo AuthAPI hostname assigned to the integration,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,${idp.duo.apiHost},idp.duo.nonbrowser.apiHost,STRING,, +298,DuoAuthnConfiguration,authn/duo.properties,DuoWeb API hostname assigned to the integration,4.1,idp.authn.Duo,,this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key,,idp.duo.apiHost,STRING,, +318,DuoAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.Duo,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.Duo.inactivityTimeout,DURATION,, +313,DuoAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.Duo,,,false,idp.authn.Duo.forcedAuthenticationSupported,BOOLEAN,, +321,DuoAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer:/idp/profile/Authn/Duo/2FA/duo-callback,,idp.duo.oidc.redirectURL,STRING,, +608,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI integration key supplied by Duo,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.nonbrowser.integrationKey,STRING,, +598,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.secretKey,STRING,, +617,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum period inactivity between two consecutive data packets,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.socketTimeout,DURATION,, +616,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum length of time to wait for a connection to be returned from the connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.connectionRequestTimeout,DURATION,, +612,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI passcode,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Passcode,idp.duo.oidc.nonbrowser.header.passcode,STRING,, +615,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum length of time to wait for the connection to be established,4.1,idp.authn.DuoOIDC,1 (nimbus),,PT1M,idp.duo.oidc.connectionTimeout,DURATION,, +581,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.nonBrowserSupported,BOOLEAN,, +602,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Leeway allowed in token expiry calculations,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.clockSkew,DURATION,, +618,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Max total simultaneous connections allowed by the pooling connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,100,idp.duo.oidc.maxConnectionsTotal,INTEGER,, +590,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Bean ID ofPredicate determining whether flow is usable for request,4.1,idp.authn.DuoOIDC,1,,shibboleth.Conditions.TRUE,idp.authn.DuoOIDC.activationCondition,SPRING_BEAN_ID,, +589,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Bean ID ofPredicate controlling result reuse for SSO,4.1,idp.authn.DuoOIDC,1,,shibboleth.Conditions.TRUE,idp.authn.DuoOIDC.reuseCondition,SPRING_BEAN_ID,, +591,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Bean ID ofBiConsumer for subject customization",4.1,idp.authn.DuoOIDC,1,,,idp.authn.DuoOIDC.subjectDecorator,SPRING_BEAN_ID,, +619,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Max simultaneous connections per route allowed by the pooling connection manager,4.1,idp.authn.DuoOIDC,1 (nimbus),,100,idp.duo.oidc.maxConnectionsPerRoute,INTEGER,, +588,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.defaultTimeout:PT30M},idp.authn.DuoOIDC.inactivityTimeout,DURATION,, +587,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Lifetime of results produced by this flow,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.defaultLifetime:PT1H},idp.authn.DuoOIDC.lifetime,DURATION,, +580,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.DuoOIDC,1,,1000,idp.authn.DuoOIDC.order,INTEGER,, +610,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI factor,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Factor,idp.duo.oidc.nonbrowser.header.factor,STRING,, +584,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow enforces upstream IdP-imposed restrictions on proxying,4.1,idp.authn.DuoOIDC,1,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.DuoOIDC.proxyRestrictionsEnforced,BOOLEAN,, +593,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.addDefaultPrincipals,BOOLEAN,, +594,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,DuoOIDC API hostname assigned to the integration,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.apiHost,STRING,, +582,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow allows for passive authentication,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.passiveAuthenticationSupported,BOOLEAN,, +585,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow considers itself to be proxying,4.1,idp.authn.DuoOIDC,1,and therefore enforces SP-signaled restrictions on proxying,false,idp.authn.DuoOIDC.proxyScopingEnforced,BOOLEAN,, +595,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The OAuth 2.0 Client Identifier valid at the Authorization Server,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.clientId,STRING,, +614,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Pass client address to Duo in API calls to support logging,4.1,idp.authn.DuoOIDC,1,push display,true,idp.duo.oidc.nonbrowser.clientAddressTrusted,BOOLEAN,, +592,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Comma-delimited list of protocol-specific Principalstrings associated with flow,4.1,idp.authn.DuoOIDC,1,,"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa",idp.authn.DuoOIDC.supportedPrincipals,STRING,, +597,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.redirecturl.allowedOrigins,STRING,, +599,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 health check endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/health_check,idp.duo.oidc.endpoint.health,STRING,, +600,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 token endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/token,idp.duo.oidc.endpoint.token,STRING,, +601,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo's OAuth 2.0 authorization endpoint,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/authorize,idp.duo.oidc.endpoint.authorize,STRING,, +604,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+,4.1,idp.authn.DuoOIDC,1,,/oauth/v1/token,idp.duo.oidc.jwt.verifier.issuerPath,STRING,, +605,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.,4.1,idp.authn.DuoOIDC,1,,preferred_username,idp.duo.oidc.jwt.verifier.preferredUsername,STRING,, +583,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether the flow supports forced authentication,4.1,idp.authn.DuoOIDC,1,,true,idp.authn.DuoOIDC.forcedAuthenticationSupported,BOOLEAN,, +613,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,"Allow the factor to be defaulted in as ""auto"" if no headers are received",4.1,idp.authn.DuoOIDC,1,,true,idp.duo.oidc.nonbrowser.auto,BOOLEAN,, +607,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI hostname assigned to the integration,4.1,idp.authn.DuoOIDC,1,,%{idp.duo.oidc.apiHost},idp.duo.oidc.nonbrowser.apiHost,STRING,, +609,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Duo AuthAPI secret key supplied by Duo,4.1,idp.authn.DuoOIDC,1,,,idp.duo.oidc.nonbrowser.secretKey,STRING,, +611,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Name of HTTP request header for Duo AuthAPI device ID or name,4.1,idp.authn.DuoOIDC,1,,X-Shibboleth-Duo-Device,idp.duo.oidc.nonbrowser.header.device,STRING,, +606,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,How long the authentication is valid. Only applies to forced authentication requests.,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.authLifetime,DURATION,, +620,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,To enable certificate revocation checking,4.1,idp.authn.DuoOIDC,1 (nimbus),,false,idp.duo.oidc.nimbus.checkRevocation,BOOLEAN,, +603,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Maximum amount (in either direction from now) of duration for which a token is valid after it is issued,4.1,idp.authn.DuoOIDC,1,,PT60S,idp.duo.oidc.jwt.verifier.iatWindow,DURATION,, +586,DuoOIDCAuthnConfiguration,authn/duo-oidc.properties,Whether to invoke IdP-discovery prior to running flow,4.1,idp.authn.DuoOIDC,1,,false,idp.authn.DuoOIDC.discoveryRequired,BOOLEAN,, +55,ErrorHandlingConfiguration,idp.properties,"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class).",all,,,Bean ID of Properties (java.util.Properties),,idp.errors.excludedExceptions,SPRING_BEAN_ID,, +52,ErrorHandlingConfiguration,idp.properties,Whether to expose detailed error causes in status information provided to outside parties,all,,,,false,idp.errors.detailed,BOOLEAN,, +54,ErrorHandlingConfiguration,idp.properties,The default view name to render for exceptions and events,all,,,,error,idp.errors.defaultView,STRING,, +56,ErrorHandlingConfiguration,idp.properties,"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)",all,,,Bean ID of Collection (java.util),,idp.errors.exceptionMappings,SPRING_BEAN_ID,, +53,ErrorHandlingConfiguration,idp.properties,"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)",all,,,,true,idp.errors.signed,BOOLEAN,, +168,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.External,,,false,idp.authn.External.passiveAuthenticationSupported,BOOLEAN,, +170,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.External,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.External.proxyRestrictionsEnforced,BOOLEAN,, +176,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.External,,,shibboleth.Conditions.TRUE,idp.authn.External.activationCondition,SPRING_BEAN_ID,, +169,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.External,,,false,idp.authn.External.forcedAuthenticationSupported,BOOLEAN,, +173,ExternalAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.External,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.External.lifetime,DURATION,, +166,ExternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.External,,,1000,idp.authn.External.order,INTEGER,, +175,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.External,,,shibboleth.Conditions.TRUE,idp.authn.External.reuseCondition,SPRING_BEAN_ID,, +167,ExternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.External,,,false,idp.authn.External.nonBrowserSupported,BOOLEAN,, +178,ExternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.External,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.External.supportedPrincipals,STRING,, +164,ExternalAuthnConfiguration,authn/authn.properties,Spring Web Flow redirection expression for the protected resource,4.1,idp.authn.External,,,contextRelative:external.jsp,idp.authn.External.externalAuthnPath,STRING,, +179,ExternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.External,,,true,idp.authn.External.addDefaultPrincipals,BOOLEAN,, +165,ExternalAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.External,,regex expected,,idp.authn.External.matchExpression,STRING,, +172,ExternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.External,,,false,idp.authn.External.discoveryRequired,BOOLEAN,, +174,ExternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.External,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.External.inactivityTimeout,DURATION,, +171,ExternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.External,,,false,idp.authn.External.proxyScopingEnforced,BOOLEAN,, +177,ExternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer to use to decide whether to run,4.1,,,,,idp.fticks.condition,SPRING_BEAN_ID,, +114,FTICKSLoggingConfiguration,idp.properties,Digest algorithm used to obscure usernames,all,,,,SHA-2,idp.fticks.algorithm,STRING,, +115,FTICKSLoggingConfiguration,idp.properties,"A salt to apply when digesting usernames (if not specified, the username will not be included)",all,,,,,idp.fticks.salt,STRING,, +297,FunctionAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.Function,,,true,idp.authn.Function.addDefaultPrincipals,BOOLEAN,, +289,FunctionAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.Function,,,false,idp.authn.Function.proxyScopingEnforced,BOOLEAN,, +294,FunctionAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.Function,,,shibboleth.Conditions.TRUE,idp.authn.Function.activationCondition,SPRING_BEAN_ID,, +286,FunctionAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.Function,,,false,idp.authn.Function.passiveAuthenticationSupported,BOOLEAN,, +285,FunctionAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.Function,,,false,idp.authn.Function.nonBrowserSupported,BOOLEAN,, +295,FunctionAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.Function,,,shibboleth.Conditions.TRUE,idp.authn.Function.reuseCondition,SPRING_BEAN_ID,, +459,HelloWorldConfiguration,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByAdminUser,idp.hello.accessPolicy,STRING,, +461,HelloWorldConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.hello.nonBrowserSupported,BOOLEAN,, +458,HelloWorldConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,Hello,idp.hello.logging,STRING,, +462,HelloWorldConfiguration,admin/admin.properties,?,4.1,,,,,idp.hello.defaultAuthenticationMethods,STRING,, +463,HelloWorldConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,true,idp.hello.resolveAttributes,BOOLEAN,, +460,HelloWorldConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,true,idp.hello.authenticated,BOOLEAN,, +464,HelloWorldConfiguration,admin/admin.properties,?,4.1,,,,,idp.hello.postAuthenticationFlows,STRING,, +280,IPAddressAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.IPAddress,,,shibboleth.Conditions.TRUE,idp.authn.IPAddress.activationCondition,SPRING_BEAN_ID,, +278,IPAddressAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.IPAddress,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.IPAddress.inactivityTimeout,DURATION,, +283,IPAddressAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.IPAddress,,,true,idp.authn.IPAddress.addDefaultPrincipals,BOOLEAN,, +273,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.forcedAuthenticationSupported,BOOLEAN,, +275,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.proxyScopingEnforced,BOOLEAN,, +276,IPAddressAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.discoveryRequired,BOOLEAN,, +272,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.passiveAuthenticationSupported,BOOLEAN,, +270,IPAddressAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.IPAddress,,,1000,idp.authn.IPAddress.order,INTEGER,, +281,IPAddressAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.IPAddress,,,shibboleth.Conditions.TRUE,idp.authn.IPAddress.reuseCondition,SPRING_BEAN_ID,, +277,IPAddressAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.IPAddress,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.IPAddress.lifetime,DURATION,, +274,IPAddressAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.IPAddress,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.IPAddress.proxyRestrictionsEnforced,BOOLEAN,, +271,IPAddressAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.IPAddress,,,false,idp.authn.IPAddress.nonBrowserSupported,BOOLEAN,, +158,JAASAuthnConfiguration,authn/authn.properties,Comma-delimited set of JAAS application configuration names to use,4.1,,,,ShibUserPassAuth,idp.authn.JAAS.loginConfigNames,STRING,, +159,JAASAuthnConfiguration,authn/authn.properties,Location of JAAS configuration file,4.1,,,resource path,%{idp.home}/conf/authn/jaas.config,idp.authn.JAAS.loginConfig,STRING,, +161,KerberosAuthnConfiguration,authn/authn.properties,Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set,4.1,,,,false,idp.authn.Krb5.preserveTicket,BOOLEAN,, +163,KerberosAuthnConfiguration,authn/authn.properties,Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal,4.1,,,,,idp.authn.Krb5.keytab,STRING,, +160,KerberosAuthnConfiguration,authn/authn.properties,Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt,4.1,,,,false,idp.authn.Krb5.refreshConfig,BOOLEAN,, +162,KerberosAuthnConfiguration,authn/authn.properties,Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it,4.1,,,,,idp.authn.Krb5.servicePrincipal,STRING,, +144,LDAPAuthnConfiguration,authn/authn.properties,If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.freeIPADirectory,BOOLEAN,, +134,LDAPAuthnConfiguration,authn/authn.properties,Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.subtreeSearch,BOOLEAN,, +135,LDAPAuthnConfiguration,authn/authn.properties,LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.userFilter,STRING,, +132,LDAPAuthnConfiguration,authn/authn.properties,List of attributes to request during authentication,all,,,"Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.returnAttributes,STRING,, +133,LDAPAuthnConfiguration,authn/authn.properties,Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.baseDN,STRING,, +139,LDAPAuthnConfiguration,authn/authn.properties,Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.resolveEntryOnFailure,BOOLEAN,, +136,LDAPAuthnConfiguration,authn/authn.properties,DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindDN,STRING,, +123,LDAPAuthnConfiguration,authn/authn.properties,"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",anonSearchAuthenticator,idp.authn.LDAP.authenticator,STRING,, +127,LDAPAuthnConfiguration,authn/authn.properties,Time to wait for an LDAP response message,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.authn.LDAP.responseTimeout,DURATION,, +128,LDAPAuthnConfiguration,authn/authn.properties,"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",ACTIVE_PASSIVE,idp.authn.LDAP.connectionStrategy,STRING,, +157,LDAPAuthnConfiguration,authn/authn.properties,Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindPoolPassivator,STRING,, +126,LDAPAuthnConfiguration,authn/authn.properties,Time to wait for the TCP connection to occur.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.authn.LDAP.connectTimeout,DURATION,, +145,LDAPAuthnConfiguration,authn/authn.properties,If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.eDirectory,BOOLEAN,, +146,LDAPAuthnConfiguration,authn/authn.properties,Whether connection pools should be used for LDAP authentication and DN resolution,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.disablePooling,BOOLEAN,, +143,LDAPAuthnConfiguration,authn/authn.properties,If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.activeDirectory,BOOLEAN,, +149,LDAPAuthnConfiguration,authn/authn.properties,Whether to validate connections when checking them out of the pool,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.pool.LDAP.validateOnCheckout,BOOLEAN,, +125,LDAPAuthnConfiguration,authn/authn.properties,Whether StartTLS should be used after connecting with LDAP alone.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",true,idp.authn.LDAP.useStartTLS,BOOLEAN,, +129,LDAPAuthnConfiguration,authn/authn.properties,"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust",all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",certificateTrust,idp.authn.LDAP.sslConfig,STRING,, +140,LDAPAuthnConfiguration,authn/authn.properties,Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.resolveEntryWithBindDN,BOOLEAN,, +142,LDAPAuthnConfiguration,authn/authn.properties,Whether to use the Password Expired Control.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.usePasswordExpiration,BOOLEAN,, +150,LDAPAuthnConfiguration,authn/authn.properties,Whether to validate connections in the background,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",true,idp.pool.LDAP.validatePeriodically,BOOLEAN,, +130,LDAPAuthnConfiguration,authn/authn.properties,A resource to load trust anchors from when using sslConfig = certificateTrust,all,,,"resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.trustCertificates,STRING,, +131,LDAPAuthnConfiguration,authn/authn.properties,A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust,all,,,"resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.trustStore,STRING,, +152,LDAPAuthnConfiguration,authn/authn.properties,DN to search with the validateFilter: defaults to the rootDSE,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.pool.LDAP.validateDN,STRING,, +124,LDAPAuthnConfiguration,authn/authn.properties,Connection URI for LDAP directory,all,,,"LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.ldapURL,STRING,, +137,LDAPAuthnConfiguration,authn/authn.properties,Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.bindDNCredential,STRING,, +138,LDAPAuthnConfiguration,authn/authn.properties,A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator,all,,,"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",,idp.authn.LDAP.dnFormat,STRING,, +154,LDAPAuthnConfiguration,authn/authn.properties,Duration between looking for idle connections to reduce the pool back to its minimum size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT5M,idp.pool.LDAP.prunePeriod,DURATION,, +151,LDAPAuthnConfiguration,authn/authn.properties,Duration between validation if idp.pool.LDAP.validatePeriodically is true,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT5M,idp.pool.LDAP.validatePeriod,DURATION,, +141,LDAPAuthnConfiguration,authn/authn.properties,Whether to use the Password Policy Control.,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",false,idp.authn.LDAP.usePasswordPolicy,BOOLEAN,, +155,LDAPAuthnConfiguration,authn/authn.properties,Duration connections must be idle to be eligible for pruning,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT10M,idp.pool.LDAP.idleTime,DURATION,, +148,LDAPAuthnConfiguration,authn/authn.properties,Maximum LDAP connection pool size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",10,idp.pool.LDAP.maxSize,INTEGER,, +147,LDAPAuthnConfiguration,authn/authn.properties,Minimum LDAP connection pool size,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",3,idp.pool.LDAP.minSize,INTEGER,, +156,LDAPAuthnConfiguration,authn/authn.properties,Duration to wait for a free connection in the pool,all,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",PT3S,idp.pool.LDAP.blockWaitTime,DURATION,, +153,LDAPAuthnConfiguration,authn/authn.properties,Search filter to execute in order to validate a pooled connection,4.0.1,,,"The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties",(objectClass=*),idp.pool.LDAP.validateFilter,STRING,, +104,LogoutConfiguration,idp.properties,Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic,4.1,,,,false,idp.logout.preserveQuery,BOOLEAN,, +101,LogoutConfiguration,idp.properties,Whether to search metadata for user interface information associated with every service involved in logout propagation,all,,,,false,idp.logout.elaboration,BOOLEAN,, +105,LogoutConfiguration,idp.properties,When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints,4.2,,,,false,idp.logout.assumeAsync,BOOLEAN,, +106,LogoutConfiguration,idp.properties,"Applies the ""display:none"" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user",4.2,,,,false,idp.logout.propagationHidden,BOOLEAN,, +102,LogoutConfiguration,idp.properties,Whether to require signed logout messages in accordance with the SAML 2.0 standard,all,,,,true,idp.logout.authenticated,BOOLEAN,, +103,LogoutConfiguration,idp.properties,If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session,all,,,Bean ID of Predicate,false,idp.logout.promptUser,SPRING_BEAN_ID,, +642,Metadatagen,mdgen.properties,The width of the logo in pixels,4.1,idp.metadatagen,1,,80,idp.metadata.idpsso.mdui.logo.width,INTEGER,, +638,Metadatagen,mdgen.properties,Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier,4.1,idp.metadatagen,1,,,idp.metadata.dnsname,STRING,, +639,Metadatagen,mdgen.properties,Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.,4.1,idp.metadatagen,1,,,idp.metadata.backchannel.cert,STRING,, +640,Metadatagen,mdgen.properties,Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is use,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.logo.path,STRING,, +643,Metadatagen,mdgen.properties,A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.displayname.,STRING,, +641,Metadatagen,mdgen.properties,The height of the logo in pixels.,4.1,idp.metadatagen,1,,80,idp.metadata.idpsso.mdui.logo.height,INTEGER,, +645,Metadatagen,mdgen.properties,Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language,4.1,idp.metadatagen,1,,,idp.metadata.idpsso.mdui.description.,STRING,, +450,MetadataQuery,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.mdquery.resolveAttributes,BOOLEAN,, +451,MetadataQuery,admin/admin.properties,?,4.1,,,,,idp.mdquery.postAuthenticationFlows,STRING,, +445,MetadataQuery,admin/admin.properties,Audit log identifier for flow,4.1,,,,MetadataQuery,idp.mdquery.logging,STRING,, +446,MetadataQuery,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.mdquery.accessPolicy,STRING,, +449,MetadataQuery,admin/admin.properties,?,4.1,,,,,idp.mdquery.defaultAuthenticationMethods,STRING,, +448,MetadataQuery,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.mdquery.nonBrowserSupported,BOOLEAN,, +447,MetadataQuery,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.mdquery.authenticated,BOOLEAN,, +437,MetadataReload,admin/admin.properties,?,4.1,,,,,idp.reload.postAuthenticationFlows,STRING,, +436,MetadataReload,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.reload.resolveAttributes,BOOLEAN,, +432,MetadataReload,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.reload.accessPolicy,STRING,, +433,MetadataReload,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.reload.authenticated,BOOLEAN,, +434,MetadataReload,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.reload.nonBrowserSupported,BOOLEAN,, +431,MetadataReload,admin/admin.properties,Audit log identifier for flow,4.1,,,,Reload,idp.reload.logging,STRING,, +435,MetadataReload,admin/admin.properties,?,4.1,,,,,idp.reload.defaultAuthenticationMethods,STRING,, +454,MetricsConfiguration,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.metrics.nonBrowserSupported,BOOLEAN,, +456,MetricsConfiguration,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.metrics.resolveAttributes,BOOLEAN,, +455,MetricsConfiguration,admin/admin.properties,?,4.1,,,,,idp.metrics.defaultAuthenticationMethods,STRING,, +452,MetricsConfiguration,admin/admin.properties,Audit log identifier for flow,4.1,,,,Metrics,idp.metrics.logging,STRING,, +457,MetricsConfiguration,admin/admin.properties,?,4.1,,,,,idp.metrics.postAuthenticationFlows,STRING,, +453,MetricsConfiguration,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.metrics.authenticated,BOOLEAN,, +344,MultiFactorAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.MFA,,,1000,idp.authn.MFA.order,INTEGER,, +343,MultiFactorAuthnConfiguration,authn/authn.properties,Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions,4.1,,,,true,idp.authn.MFA.validateLoginTransitions,BOOLEAN,, +355,MultiFactorAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.MFA,,,shibboleth.Conditions.TRUE,idp.authn.MFA.activationCondition,SPRING_BEAN_ID,, +345,MultiFactorAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.MFA,,,false,idp.authn.MFA.nonBrowserSupported,BOOLEAN,, +351,MultiFactorAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.MFA,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.MFA.lifetime,DURATION,, +353,MultiFactorAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.MFA,,,shibboleth.Conditions.TRUE,idp.authn.MFA.reuseCondition,SPRING_BEAN_ID,, +352,MultiFactorAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.MFA,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.MFA.inactivityTimeout,DURATION,, +347,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.MFA,,,false,idp.authn.MFA.forcedAuthenticationSupported,BOOLEAN,, +357,MultiFactorAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.MFA,,,true,idp.authn.MFA.addDefaultPrincipals,BOOLEAN,, +346,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.MFA,,,false,idp.authn.MFA.passiveAuthenticationSupported,BOOLEAN,, +356,MultiFactorAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.MFA,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.MFA.supportedPrincipals,STRING,, +350,MultiFactorAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.MFA,,,false,idp.authn.MFA.discoveryRequired,BOOLEAN,, +349,MultiFactorAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.MFA,,,false,idp.authn.MFA.proxyScopingEnforced,BOOLEAN,, +501,NameIDConsumptionConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.saml.lowercase,BOOLEAN,, +502,NameIDConsumptionConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.saml.uppercase,BOOLEAN,, +358,NameIDGenerationConfiguration,saml-nameid.properties,Identifies the strategy plugin for generating transient IDs,all,,,Bean ID of a TransientIdGenerationStrategy,shibboleth.CryptoTransientIdGenerator,idp.transientId.generator,SPRING_BEAN_ID,, +359,NameIDGenerationConfiguration,saml-nameid.properties,Default Format to generate if nothing else is indicated,all,,,,urn:oasis:names:tc:SAML:2.0:nameid-format:transient,idp.nameid.saml2.default,STRING,, +360,NameIDGenerationConfiguration,saml-nameid.properties,Default Format to generate if nothing else is indicated,all,,,,urn:mace:shibboleth:1.0:nameIdentifier,idp.nameid.saml1.default,STRING,, +553,OAuth2ClientAuthnConfiguration,oidc.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.oidc.OP,3,,1000,idp.authn.OAuth2Client.order,INTEGER,, +557,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.oidc.OP,3,,true,idp.authn.OAuth2Client.addDefaultPrincipals,BOOLEAN,, +551,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed),4.1,idp.oidc.OP,3,,true,idp.authn.OAuth2Client.removeAfterValidation,BOOLEAN,, +552,OAuth2ClientAuthnConfiguration,oidc.properties,Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution,4.1,idp.oidc.OP,3,use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.,false,idp.authn.OAuth2Client.retainAsPrivateCredential,BOOLEAN,, +550,OAuth2ClientAuthnConfiguration,oidc.properties,Whether all validators must succeed or just one,4.1,idp.oidc.OP,3,,false,idp.authn.OAuth2Client.requireAll,BOOLEAN,, +554,OAuth2ClientAuthnConfiguration,oidc.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.oidc.OP,3,,shibboleth.Conditions.TRUE,idp.authn.OAuth2Client.activationCondition,SPRING_BEAN_ID,, +556,OAuth2ClientAuthnConfiguration,oidc.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.oidc.OP,3,,,idp.authn.OAuth2Client.supportedPrincipals,STRING,, +555,OAuth2ClientAuthnConfiguration,oidc.properties,Bean ID of BiConsumer> called shibboleth.oidc.AllowedAudienceStrategy",4.1,idp.oidc.OP,3,,,idp.oauth2.defaultAllowedAudience,SPRING_BEAN_ID,, +574,OPClientCredentialsGrant,oidc.properties,"bean of type Function called shibboleth.oidc.AllowedScopeStrategy",4.1,idp.oidc.OP,3,,,idp.oauth2.defaultAllowedScope,SPRING_BEAN_ID,, +572,OPClientResolution,oidc.properties,When non-zero enables monitoring of resources for service reload,4.1,idp.oidc.OP,3,,PT0S,idp.service.clientinfo.checkInterval,DURATION,, +571,OPClientResolution,oidc.properties,If true any failures during initialization of any resolvers result in IdP startup failure,4.1,idp.oidc.OP,3,,false,idp.service.clientinfo.failFast,BOOLEAN,, +573,OPClientResolution,oidc.properties,Name of bean used to define the resources to use in configuring this service,4.1,idp.oidc.OP,3,,shibboleth.ClientInformationResolverResources,idp.service.clientinfo.resources,SPRING_BEAN_ID,, +558,OPCustomFilterRegistration,oidc.properties,"By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints",4.1,idp.oidc.OP,3,,shibboleth.ResponseHeaderFilter,idp.oidc.ResponseHeaderFilter,SPRING_BEAN_ID,, +559,OPDiscovery,oidc.properties,Location of discovery template to use,4.1,idp.oidc.OP,3,,%{idp.home}/static/openid-configuration.json,idp.oidc.discovery.template,STRING,, +560,OPDiscovery,oidc.properties,Implementation bean for discovery shouldn't require alteration,4.1,idp.oidc.OP,3,,shibboleth.oidc.DefaultOpenIdConfigurationResolver,idp.oidc.discovery.resolver,SPRING_BEAN_ID,, +564,OPDynamicClientRegistration,oidc.properties,Whether to resolve attributes if authentication is enabled,4.1,idp.oidc.OP,3,,false,idp.oidc.admin.registration.resolveAttributes,BOOLEAN,, +566,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to all requests,4.1,idp.oidc.OP,3,,AccessByIPAddress,idp.oidc.admin.registration.accessPolicy,STRING,, +570,OPDynamicClientRegistration,oidc.properties,"Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.",4.1,idp.oidc.OP,3,,shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy,idp.oidc.admin.registration.lookup.policy,SPRING_BEAN_ID,, +562,OPDynamicClientRegistration,oidc.properties,Enables support for non-browser-based authentication,4.1,idp.oidc.OP,3,,true,idp.oidc.admin.registration.nonBrowserSupported,BOOLEAN,, +537,OPDynamicClientRegistration,oidc.properties,Registration lifetime,4.1,idp.oidc.OP,3,,PT24H,idp.oidc.dynreg.defaultRegistrationValidity,DURATION,, +569,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a clientId,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.clientIdPolicy,STRING,, +568,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a policyId,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.policyIdPolicy,STRING,, +567,OPDynamicClientRegistration,oidc.properties,Name of access control policy to apply to requests specifying a policyLocation,4.1,idp.oidc.OP,3,,AccessByAdmin,idp.oidc.admin.registration.policyLocationPolicy,STRING,, +563,OPDynamicClientRegistration,oidc.properties,Whether to enable user authentication for requests,4.1,idp.oidc.OP,3,,false,idp.oidc.admin.registration.authenticated,BOOLEAN,, +541,OPDynamicClientRegistration,oidc.properties,The acceptable client authentication methods when using dynamic registration,4.1,idp.oidc.OP,3,Comma seperated list of values,"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt",idp.oidc.dynreg.tokenEndpointAuthMethods,STRING,, +539,OPDynamicClientRegistration,oidc.properties,The default subject type if not set by client in request. Maybe set to pairwise or public.,4.1,idp.oidc.OP,3,,public,idp.oidc.dynreg.defaultSubjectType,STRING,, +565,OPDynamicClientRegistration,oidc.properties,Default access token lifetime if not specified,4.1,idp.oidc.OP,3,,P1D,idp.oidc.admin.registration.defaultTokenLifetime,DURATION,, +538,OPDynamicClientRegistration,oidc.properties,The default scopes accepted in dynamic registration,4.1,idp.oidc.OP,3,,openid profile email address phone offline_access,idp.oidc.dynreg.defaultScope,STRING,, +561,OPDynamicClientRegistration,oidc.properties,Audit logging label for this profile,4.1,idp.oidc.OP,3,,IssueRegistrationAccessToken,idp.oidc.admin.registration.logging,STRING,, +540,OPMetadataPolicies,oidc.properties,Full path to the file containing default metadata policy used for dynamic client registration,4.1,idp.oidc.OP,3,,,idp.oidc.dynreg.defaultMetadataPolicyFile,STRING,, +536,OPRevocation,oidc.properties,The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token,4.1,idp.oidc.OP,3,,CHAIN,idp.oauth2.revocationMethod,STRING,, +528,OPRevocation,oidc.properties,Lifetime of entries in revocation cache for authorize code,4.1,idp.oidc.OP,3,,PT6H,idp.oidc.revocationCache.authorizeCode.lifetime,DURATION,, +543,OPSecurity,oidc.properties,JWK EC signing keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-signing-es.jwk,idp.signing.oidc.es.key,STRING,, +547,OPSecurity,oidc.properties,Allows override of default request decryption configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.requestObjectDecryptionConfiguration,idp.oidc.rodecrypt.config,SPRING_BEAN_ID,, +544,OPSecurity,oidc.properties,JWK RSA decryption keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-encryption-rsa.jwk,idp.signing.oidc.rsa.enc.key,STRING,, +546,OPSecurity,oidc.properties,Allows override of default encryption configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.EncryptionConfiguration,idp.oidc.encryption.config,SPRING_BEAN_ID,, +545,OPSecurity,oidc.properties,Allows override of default signing configuration,4.1,idp.oidc.OP,3,,shibboleth.oidc.SigningConfiguration,idp.oidc.signing.config,SPRING_BEAN_ID,, +542,OPSecurity,oidc.properties,JWK RSA signing keypair,4.1,idp.oidc.OP,3,JWK file pathname,%{idp.home}/credentials/idp-signing-rs.jwk,idp.signing.oidc.rs.key,STRING,, +548,OPSecurity,oidc.properties,Allows override of default request signature validation configuration,4.1,idp.oidc.OP,3,one of these has the wrong name,shibboleth.oidc.requestObjectSignatureValidationConfiguration,idp.oidc.rovalid.config,SPRING_BEAN_ID,, +549,OPSecurity,oidc.properties,Allows override of default JWT token validation configuration,4.1,idp.oidc.OP,3,one of these has the wrong name,shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration,idp.oidc.rovalid.config,SPRING_BEAN_ID,, +577,OPSubClaim,oidc.properties,The source attribute used in generating the sub claim,4.1,idp.oidc.OP,3,,,idp.oidc.subject.sourceAttribute,STRING,, +578,OPSubClaim,oidc.properties,The digest algorithm used in generating the sub claim,4.1,idp.oidc.OP,3,,SHA,idp.oidc.subject.algorithm,STRING,, +579,OPSubClaim,oidc.properties,Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository,4.1,idp.oidc.OP,3,,,idp.oidc.subject.salt,STRING,, +535,OPToken,oidc.properties,Lifetime of access token issued to client for resource server,4.1,idp.oidc.OP,3,,PT10M,idp.oauth2.accessToken.defaultLifetime,DURATION,, +521,OPToken,oidc.properties,Lifetime of refresh token,4.1,idp.oidc.OP,3,,PT2H,idp.oidc.refreshToken.defaultLifetime,DURATION,, +530,OPToken,oidc.properties,The acceptable client authentication methods,4.1,idp.oidc.OP,3,Comma seperated list of values,"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt",idp.oidc.tokenEndpointAuthMethods,STRING,, +531,OPToken,oidc.properties,OAuth grant types to allow,4.1,idp.oidc.OP,3,Comma seperated list of values,"authorization_code,refresh_token",idp.oauth2.grantTypes,STRING,, +519,OPToken,oidc.properties,Lifetime of access token,4.1,idp.oidc.OP,3,,PT10M,idp.oidc.accessToken.defaultLifetime,DURATION,, +523,OPToken,oidc.properties,Whether client is allowed to use PKCE code challenge method plain,4.1,idp.oidc.OP,3,,false,idp.oidc.allowPKCEPlain,BOOLEAN,, +522,OPToken,oidc.properties,Whether client is required to use PKCE,4.1,idp.oidc.OP,3,,false,idp.oidc.forcePKCE,BOOLEAN,, +518,OPToken,oidc.properties,Lifetime of ID token,4.1,idp.oidc.OP,3,,PT1H,idp.oidc.idToken.defaultLifetime,DURATION,, +533,OPToken,oidc.properties,Format of access token. Supported values are JWT or nothing.,4.1,idp.oidc.OP,3.2,,,idp.oauth2.accessToken.type,STRING,, +534,OPToken,oidc.properties,Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token,4.1,idp.oidc.OP,3,,false,idp.oauth2.encryptionOptional,BOOLEAN,, +532,OPToken,oidc.properties,Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.,4.1,idp.oidc.OP,3.2,,false,idp.oauth2.enforceRefreshTokenRotation,BOOLEAN,, +371,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Query timeout for database access,4.1,,,,PT5S,idp.persistentId.queryTimeout,DURATION,, +373,PersistentNameIDGenerationConfiguration,saml-nameid.properties,List of error strings to identify as retryable failures,4.1,,,,"23000,23505",idp.persistentId.retryableErrors,STRING,, +369,PersistentNameIDGenerationConfiguration,saml-nameid.properties,The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64,all,,,,BASE64,idp.persistentId.encoding,STRING,, +370,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services,all,,,,shibboleth.ComputedIdExceptionMap,idp.persistentId.exceptionMap,SPRING_BEAN_ID,, +367,PersistentNameIDGenerationConfiguration,saml-nameid.properties,An encoded form of the persistentId.salt,all,,,,,idp.persistentId.encodedSalt,STRING,, +362,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies a data source for storage-based management of persistent IDs,all,,,Bean ID of a JDBC DataSource,,idp.persistentId.dataSource,SPRING_BEAN_ID,, +361,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies the strategy plugin for sourcing persistent IDs,all,,,Bean ID of a PairwiseIdStore,shibboleth.ComputedPersistentIdGenerator,idp.persistentId.generator,SPRING_BEAN_ID,, +368,PersistentNameIDGenerationConfiguration,saml-nameid.properties,The hash algorithm used when using computed persistent IDs,all,,,,SHA,idp.persistentId.algorithm,STRING,, +366,PersistentNameIDGenerationConfiguration,saml-nameid.properties,A secret salt for the hash when using computed persistent IDs,all,,,,,idp.persistentId.salt,STRING,, +383,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,deactivationDate,idp.persistentId.deactivationTimeColumn,STRING,, +382,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,creationDate,idp.persistentId.createTimeColumn,STRING,, +374,PersistentNameIDGenerationConfiguration,saml-nameid.properties,When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.,4.1,,,,true,idp.persistentId.verifyDatabase,BOOLEAN,, +365,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Whether or not the previous property has access to unreleased attributes,all,,,,true,idp.persistentId.useUnfilteredAttributes,BOOLEAN,, +381,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,peerProvidedId,idp.persistentId.peerProvidedIdColumn,STRING,, +380,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,persistentId,idp.persistentId.persistentIdColumn,STRING,, +379,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,localId,idp.persistentId.sourceIdColumn,STRING,, +378,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,principalName,idp.persistentId.principalNameColumn,STRING,, +377,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,peerEntity,idp.persistentId.peerEntityColumn,STRING,, +376,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides database column names,4.1,,,,localEntity,idp.persistentId.localEntityColumn,STRING,, +375,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Overrides the name of the table in the database,4.1,,,,shibpid,idp.persistentId.tableName,STRING,, +364,PersistentNameIDGenerationConfiguration,saml-nameid.properties,List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable,all,,,,,idp.persistentId.sourceAttribute,STRING,, +363,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Identifies a strategy plugin to use to generate the first persistent identifier for each subject,all,,,used to migrate from the computed to stored strategies: can be null,shibboleth.ComputedPersistentIdGenerator,idp.persistentId.computed,SPRING_BEAN_ID,, +372,PersistentNameIDGenerationConfiguration,saml-nameid.properties,Number of retries in the event database locking bugs cause retryable failures,4.1,,,,3,idp.persistentId.transactionRetries,INTEGER,, +412,ReloadableServices,services.properties,Time to notice changes to NameIDGenerationConfiguration and reload service,all,,,,0,idp.service.nameidGeneration.checkInterval,DURATION,, +422,ReloadableServices,services.properties,Name of Spring bean identifying Spring message property resources,all,,,,shibboleth.MessageSourceResources,idp.message.resources,SPRING_BEAN_ID,, +419,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for ManagedBeanConfiguration,all,,,,shibboleth.ManagedBeanResources,idp.service.managedBean.resources,SPRING_BEAN_ID,, +417,ReloadableServices,services.properties,Fail at startup if CASServiceRegistry configuration is invalid,all,,,,false,idp.service.cas.registry.failFast,BOOLEAN,, +411,ReloadableServices,services.properties,Fail at startup if NameIDGenerationConfiguration is invalid,all,,,,false,idp.service.nameidGeneration.failFast,BOOLEAN,, +407,ReloadableServices,services.properties,Fail at startup if AttributeFilterConfiguration is invalid,all,,,,false,idp.service.attribute.filter.failFast,BOOLEAN,, +404,ReloadableServices,services.properties,"Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis",all,,,,false,idp.service.attribute.resolver.stripNulls,BOOLEAN,, +401,ReloadableServices,services.properties,Fail at startup if AttributeResolverConfiguration is invalid,all,,,,false,idp.service.attribute.resolver.failFast,BOOLEAN,, +397,ReloadableServices,services.properties,Fail at startup if AttributeRegistryConfiguration is invalid,all,,,,false,idp.service.attribute.registry.failFast,BOOLEAN,, +421,ReloadableServices,services.properties,Time to notice ManagedBeanConfiguration changes and reload service,all,,,,0,idp.service.managedBean.checkInterval,DURATION,, +418,ReloadableServices,services.properties,Time to notice CASServiceRegistry configuration changes and reload service,all,,,,0,idp.service.cas.registry.checkInterval,DURATION,, +415,ReloadableServices,services.properties,Time to notice changes to AccessControlConfiguration and reload service,all,,,,0,idp.service.access.checkInterval,DURATION,, +408,ReloadableServices,services.properties,Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads,all,,,,0,idp.service.attribute.filter.checkInterval,DURATION,, +416,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for CASServiceRegistry configuration,all,,,,shibboleth.CASServiceRegistryResources,idp.service.cas.registry.resources,SPRING_BEAN_ID,, +413,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AccessControlConfiguration,all,,,,shibboleth.AccessControlResource,idp.service.access.resources,SPRING_BEAN_ID,, +410,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for NameIDGenerationConfiguration,all,,,,shibboleth.NameIdentifierGenerationResources,idp.service.nameidGeneration.resources,SPRING_BEAN_ID,, +402,ReloadableServices,services.properties,Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads,all,,,,0,idp.service.attribute.resolver.checkInterval,DURATION,, +406,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeFilterConfiguration,all,,,,shibboleth.AttributeFilterResources,idp.service.attribute.filter.resources,SPRING_BEAN_ID,, +398,ReloadableServices,services.properties,Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads,all,,,,0,idp.service.attribute.registry.checkInterval,DURATION,, +400,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeResolverConfiguration,all,,,,shibboleth.AttributeResolverResources,idp.service.attribute.resolver.resources,SPRING_BEAN_ID,, +396,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for AttributeRegistryConfiguration,all,,,,shibboleth.AttributeRegistryResources,idp.service.attribute.registry.resources,SPRING_BEAN_ID,, +392,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for MetadataConfiguration,all,,,,shibboleth.MetadataResolverResources,idp.service.metadata.resources,SPRING_BEAN_ID,, +423,ReloadableServices,services.properties,Seconds between reloads of message property resources,all,,,,300,idp.message.cacheSeconds,INTEGER,, +393,ReloadableServices,services.properties,Fail at startup if MetadataConfiguration is invalid,all,,,,false,idp.service.metadata.failFast,BOOLEAN,, +391,ReloadableServices,services.properties,See MetadataDrivenConfiguration SAML Attribute Name Format Usage,all,,,,false,idp.service.relyingparty.ignoreUnmappedEntityAttributes,BOOLEAN,, +389,ReloadableServices,services.properties,Fail at startup if RelyingPartyConfiguration is invalid,all,,,,false,idp.service.relyingparty.failFast,BOOLEAN,, +388,ReloadableServices,services.properties,Name of Spring bean identifying resources to use for RelyingPartyConfiguration,all,,,,shibboleth.RelyingPartyResolverResources,idp.service.relyingparty.resources,SPRING_BEAN_ID,, +385,ReloadableServices,services.properties,Logging configuration resource to use (the reloadable service ID is shibboleth.LoggingService),all,,,resource path,%{idp.home}/conf/logback.xml,idp.service.logging.resource,STRING,, +390,ReloadableServices,services.properties,Time to notice changes to RelyingPartyConfiguration and reload service. A value of 0 indicates that the relying party configuration never reloads,all,,,,0,idp.service.relyingparty.checkInterval,DURATION,, +387,ReloadableServices,services.properties,Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads,all,,,,0,idp.service.logging.checkInterval,DURATION,, +394,ReloadableServices,services.properties,Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads,all,,,,0,idp.service.metadata.checkInterval,DURATION,, +384,ReloadableServices,services.properties,Set default fail-fast behavior of all services unless overridden by service,all,,,,false,idp.service.failFast,BOOLEAN,, +414,ReloadableServices,services.properties,Fail at startup if AccessControlConfiguration is invalid,all,,,,true,idp.service.access.failFast,BOOLEAN,, +409,ReloadableServices,services.properties,Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event,all,,,,true,idp.service.attribute.filter.maskFailures,BOOLEAN,, +395,ReloadableServices,services.properties,Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost,all,,,,true,idp.service.metadata.enableByReferenceFilters,BOOLEAN,, +386,ReloadableServices,services.properties,Fail at startup if logging configuration is invalid,all,,,,true,idp.service.logging.failFast,BOOLEAN,, +420,ReloadableServices,services.properties,Fail at startup if ManagedBeanConfiguration is invalid,all,,,,false,idp.service.managedBean.failFast,BOOLEAN,, +405,ReloadableServices,services.properties,Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther,4.2,,,,true,idp.service.attribute.resolver.suppressDisplayInfo,BOOLEAN,, +403,ReloadableServices,services.properties,Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event,all,,,,true,idp.service.attribute.resolver.maskFailures,BOOLEAN,, +399,ReloadableServices,services.properties,Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry,all,,,,true,idp.service.attribute.registry.encodeType,BOOLEAN,, +6,RelyingPartyConfiguration,idp.properties,Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped),all,,,,true,idp.artifact.secureChannel,BOOLEAN,, +9,RelyingPartyConfiguration,idp.properties,"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also",4.1,,,,true,idp.bindings.inMetadataOrder,BOOLEAN,, +3,RelyingPartyConfiguration,idp.properties,The unique name of the IdP used as the iisuer in all SAML profiles,all,,,ex. https://unicon.net/idp/shibboleth,,idp.entityID,STRING,, +7,RelyingPartyConfiguration,idp.properties,Identifies the endpoint in SAML metadata associated with artifacts issued by a server node,all,,,,2,idp.artifact.endpointIndex,INTEGER,, +5,RelyingPartyConfiguration,idp.properties,Whether to allow use of the SAML artifact bindings when sending messages,all,,,,true,idp.artifact.enabled,BOOLEAN,, +186,RemoteUserAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.RemoteUser,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.RemoteUser.proxyRestrictionsEnforced,BOOLEAN,, +191,RemoteUserAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.RemoteUser,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUser.reuseCondition,SPRING_BEAN_ID,, +188,RemoteUserAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.discoveryRequired,BOOLEAN,, +183,RemoteUserAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.nonBrowserSupported,BOOLEAN,, +184,RemoteUserAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.RemoteUser,,,false,idp.authn.RemoteUser.passiveAuthenticationSupported,BOOLEAN,, +193,RemoteUserAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.RemoteUser,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUser.activationCondition,SPRING_BEAN_ID,, +195,RemoteUserAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.RemoteUser,,,true,idp.authn.RemoteUser.addDefaultPrincipals,BOOLEAN,, +189,RemoteUserAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.RemoteUser,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.RemoteUser.lifetime,DURATION,, +208,RemoteUserInternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.nonBrowserSupported,BOOLEAN,, +219,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.RemoteUserInternal,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password",idp.authn.RemoteUserInternal.supportedPrincipals,STRING,, +210,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.forcedAuthenticationSupported,BOOLEAN,, +204,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of usernames to deny while accepting all others,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.deniedUsernames,STRING,, +209,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.passiveAuthenticationSupported,BOOLEAN,, +203,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of usernames to accept while blocking all others,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.allowedUsernames,STRING,, +202,RemoteUserInternalAuthnConfiguration,authn/authn.properties,A regular expression that must match the username,4.1,idp.authn.RemoteUserInternal,,regex expected,,idp.authn.RemoteUserInternal.matchExpression,STRING,, +198,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited list of request headers to check for a username,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.checkHeaders,STRING,, +207,RemoteUserInternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.RemoteUserInternal,,,1000,idp.authn.RemoteUserInternal.order,INTEGER,, +211,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.RemoteUserInternal.proxyRestrictionsEnforced,BOOLEAN,, +220,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.addDefaultPrincipals,BOOLEAN,, +199,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to trim leading and trailing whitespace from the username before validating it,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.trim,BOOLEAN,, +201,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to uppercase the username before validating it,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.uppercase,BOOLEAN,, +196,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to check REMOTE_USER for a username,4.1,idp.authn.RemoteUserInternal,,,true,idp.authn.RemoteUserInternal.checkRemoteUser,BOOLEAN,, +206,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.RemoteUserInternal,,regex expected,,idp.authn.RemoteUserInternal.matchExpression,STRING,, +214,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.RemoteUserInternal.lifetime,DURATION,, +216,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.RemoteUserInternal,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUserInternal.reuseCondition,SPRING_BEAN_ID,, +217,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.RemoteUserInternal,,,shibboleth.Conditions.TRUE,idp.authn.RemoteUserInternal.activationCondition,SPRING_BEAN_ID,, +215,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.RemoteUserInternal,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.RemoteUserInternal.inactivityTimeout,DURATION,, +205,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Spring Web Flow redirection expression for the protected resource,4.1,idp.authn.RemoteUserInternal,,,contextRelative:external.jsp,idp.authn.RemoteUserInternal.externalAuthnPath,STRING,, +213,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.discoveryRequired,BOOLEAN,, +197,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Comma-delimited lists of request attributes to check for a username,4.1,idp.authn.RemoteUserInternal,,,,idp.authn.RemoteUserInternal.checkAttributes,STRING,, +212,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.RemoteUserInternal,,,false,idp.authn.RemoteUserInternal.proxyScopingEnforced,BOOLEAN,, +218,RemoteUserInternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.SAML.activationCondition,SPRING_BEAN_ID,, +338,SAMLAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.SAML.reuseCondition,SPRING_BEAN_ID,, +328,SAMLAuthnConfiguration,authn/authn.properties,Optional bean ID of AssertionValidator to run,4.1,,,,,idp.authn.SAML.assertionValidator,SPRING_BEAN_ID,, +327,SAMLAuthnConfiguration,authn/authn.properties,"Optional bean ID of Function to run at the late stages of Response decoding/processing",4.1,,,,,idp.authn.SAML.inboundMessageHandlerFunction,SPRING_BEAN_ID,, +329,SAMLAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,,,,1000,idp.authn.SAML.order,INTEGER,, +333,SAMLAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.SAML.proxyRestrictionsEnforced,BOOLEAN,, +336,SAMLAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.SAML.lifetime,DURATION,, +340,SAMLAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step",4.1,,,,,idp.authn.SAML.outboundMessageHandlerFunction,SPRING_BEAN_ID,, +325,SAMLAuthnConfiguration,authn/authn.properties,Statically-defined entityID of IdP to use for authentication,4.1,,,,,idp.authn.SAML.proxyEntityID,STRING,, +334,SAMLAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,,,,false,idp.authn.SAML.proxyScopingEnforced,BOOLEAN,, +17,SecurityConfiguration,idp.properties,Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified,all,,,,,idp.cookie.sameSite,SELECTION_LIST,"None,Lax,Strict", +16,SecurityConfiguration,idp.properties,Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days),all,,,,31536000,idp.cookie.maxAge,INTEGER,, +21,SecurityConfiguration,idp.properties,Time between checks for a new AES key version,all,,,,PT15M,idp.sealer.updateInterval,DURATION,, +23,SecurityConfiguration,idp.properties,Keystore resource containing AES encryption key usually a file path,all,,,resource path,,idp.sealer.storeResource,STRING,, +12,SecurityConfiguration,idp.properties,If true all cookies issued by the IdP (not including the container) will be limited to TLS,all,,,,false,idp.cookie.secure,BOOLEAN,, +14,SecurityConfiguration,idp.properties,Overrides the domain of any cookies issued by the IdP (not including the container),all,,,,,idp.cookie.domain,STRING,, +33,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default SecurityConfiguration,all,,,Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration),shibboleth.DefaultSecurityConfiguration,idp.security.config,SPRING_BEAN_ID,, +34,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default SignatureSigningConfiguration,all,,,Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec),shibboleth.SigningConfiguration.SHA256,idp.signing.config,SPRING_BEAN_ID,, +18,SecurityConfiguration,idp.properties,Predicate condition bean controlling whether SameSite filter runs,all,,,Bean ID of Predicate,shibboleth.Conditions.FALSE,idp.cookie.sameSiteCondition,SPRING_BEAN_ID,, +15,SecurityConfiguration,idp.properties,Overrides the path of any cookies issued by the IdP (not including the container),all,,,,,idp.cookie.path,STRING,, +20,SecurityConfiguration,idp.properties,Type of Java keystore used for IdP's internal AES encryption key,all,,,,JCEKS,idp.sealer.storeType,STRING,, +40,SecurityConfiguration,idp.properties,Default freshness window for accepting timestamped messages,all,,,,PT3M,idp.policy.messageLifetime,DURATION,, +41,SecurityConfiguration,idp.properties,Default freshness window for accepting timestamped assertions,all,,,,PT3M,idp.policy.assertionLifetime,DURATION,, +42,SecurityConfiguration,idp.properties,Default allowance for clock differences between systems,all,,,,PT3M,idp.policy.clockSkew,DURATION,, +24,SecurityConfiguration,idp.properties,Resource that tracks the active AES encryption key version usually a file path,all,,,,,idp.sealer.versionResource,STRING,, +27,SecurityConfiguration,idp.properties,Resource containing private key for signing typically a file in the credentials directory,all,,,,,idp.signing.key,STRING,, +22,SecurityConfiguration,idp.properties,Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number),all,,,,secret,idp.sealer.aliasBase,STRING,, +37,SecurityConfiguration,idp.properties,Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration,all,,,,Default,idp.encryption.keyagreement.metadata.defaultUseKeyWrap,STRING,, +38,SecurityConfiguration,idp.properties,Name of Spring bean for the trust engine used to verify signatures,all,,,Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support),shibboleth.ChainingSignatureTrustEngine,idp.trust.signatures,SPRING_BEAN_ID,, +36,SecurityConfiguration,idp.properties,If true failure to locate an encryption key to use won't result in request failure,all,,,,false,idp.encryption.optional,BOOLEAN,, +25,SecurityConfiguration,idp.properties,Keystore password unlocking AES encryption keystore typically set during installation,all,,,,,idp.sealer.storePassword,STRING,, +28,SecurityConfiguration,idp.properties,Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory,all,,,,,idp.signing.cert,STRING,, +31,SecurityConfiguration,idp.properties,Resource containing an alternate private key for decryption generally unused except while changing decryption keys,all,,,,,idp.encryption.key.2,STRING,, +32,SecurityConfiguration,idp.properties,Resource containing an alternate public key certificate generally unused except while changing decryption keys,all,,,,,idp.encryption.cert.2,STRING,, +30,SecurityConfiguration,idp.properties,Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory,all,,,resource path,,idp.encryption.cert,STRING,, +29,SecurityConfiguration,idp.properties,Resource containing a private key for decryption typically a file in the credentials directory,all,,,resource path,,idp.encryption.key,STRING,, +26,SecurityConfiguration,idp.properties,Key password unlocking AES encryption key typically set to the same as the previous property and set during installation,all,,,,,idp.sealer.keyPassword,STRING,, +19,SecurityConfiguration,idp.properties,Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.,all,,,Bean ID of DataSealerKeyStrategy,shibboleth.DataSealerKeyStrategy,idp.sealer.keyStrategy,SPRING_BEAN_ID,, +44,SecurityConfiguration,idp.properties,Overrides the X509KeyInfoGeneratorFactory used by default,4.1,,,Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager),shibboleth.X509KeyInfoGeneratorFactory,idp.security.x509KeyInfoFactory,SPRING_BEAN_ID,, +35,SecurityConfiguration,idp.properties,Name of Spring bean supplying the default EncryptionConfiguration,all,,,Bean ID of EncryptionConfiguration (org.opensaml.xmlsec),shibboleth.EncryptionConfiguration.CBC,idp.encryption.config,SPRING_BEAN_ID,, +43,SecurityConfiguration,idp.properties,Overrides the BasicKeyInfoGeneratorFactory used by default,4.1,,,Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager),shibboleth.BasicKeyInfoGeneratorFactory,idp.security.basicKeyInfoFactory,SPRING_BEAN_ID,, +39,SecurityConfiguration,idp.properties,Name of Spring bean for the trust engine used to verify TLS certificates,all,,,Bean ID of TrustEngine (org.opensaml.security.trust),shibboleth.ChainingX509TrustEngine,idp.trust.certificates,SPRING_BEAN_ID,, +13,SecurityConfiguration,idp.properties,If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property,all,,,,true,idp.cookie.httpOnly,BOOLEAN,, +65,SessionConfiguration,idp.properties,Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions),4.2,,,,shib_idp_session,idp.session.cookieName,STRING,, +67,SessionConfiguration,idp.properties,Whether to bind IdP sessions to IP addresses,all,,,,true,idp.session.consistentAddress,BOOLEAN,, +63,SessionConfiguration,idp.properties,Whether to enable the IdP's session tracking feature,all,,,,true,idp.session.enabled,BOOLEAN,, +74,SessionConfiguration,idp.properties,"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting",all,,,,PT2H,idp.session.defaultSPlifetime,DURATION,, +71,SessionConfiguration,idp.properties,Whether to hide storage failures from users during session cache reads/writes,all,,,,false,idp.session.maskStorageFailure,BOOLEAN,, +66,SessionConfiguration,idp.properties,Number of characters in IdP session identifiers,all,,,,32,idp.session.idSize,INTEGER,, +69,SessionConfiguration,idp.properties,Inactivity timeout policy for IdP sessions (must be non-zero),all,,,,PT60M,idp.session.timeout,DURATION,, +70,SessionConfiguration,idp.properties,Extra time after expiration before removing SP sessions in case a logout is invoked,all,,,,0,idp.session.slop,DURATION,, +64,SessionConfiguration,idp.properties,Bean name of a storage implementation/configuration to use for IdP sessions,all,,,Bean ID of StorageService (org.opensaml.storage),shibboleth.ClientSessionStorageService,idp.session.StorageService,SPRING_BEAN_ID,, +73,SessionConfiguration,idp.properties,"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)",all,,,,false,idp.session.secondaryServiceIndex,BOOLEAN,, +72,SessionConfiguration,idp.properties,Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage),all,,,,false,idp.session.trackSPSessions,BOOLEAN,, +68,SessionConfiguration,idp.properties,A 2-argument predicate that compares a bound session's address to a client address,all,,,"BiPredicate",Direct string comparison,idp.session.consistentAddressCondition,STRING,, +485,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.simple.uppercase,BOOLEAN,, +486,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.simple.trim,BOOLEAN,, +484,SimplePostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.simple.lowercase,BOOLEAN,, +222,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to always try to run SPNEGO independent of the user's auto-login setting,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.enforceRun,BOOLEAN,, +221,SPNEGOAuthnConfiguration,authn/authn.properties,Servlet-relative path to the SPNEGO external authentication implementation,4.1,idp.authn.SPNEGO,,URL path,/Authn/SPNEGO,idp.authn.SPNEGO.externalAuthnPath,STRING,, +224,SPNEGOAuthnConfiguration,authn/authn.properties,Regular expression to match username against,4.1,idp.authn.SPNEGO,,regex expected,,idp.authn.SPNEGO.matchExpression,STRING,, +238,SPNEGOAuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.SPNEGO,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, saml1/urn:ietf:rfc:1510",idp.authn.SPNEGO.supportedPrincipals,STRING,, +230,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.SPNEGO,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.SPNEGO.proxyRestrictionsEnforced,BOOLEAN,, +225,SPNEGOAuthnConfiguration,authn/authn.properties,Name of cookie used to track auto-login state of client,4.2,idp.authn.SPNEGO,,,_idp_spnego_autologin,idp.authn.SPNEGO.cookieName,STRING,, +226,SPNEGOAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.SPNEGO,,,1000,idp.authn.SPNEGO.order,INTEGER,, +237,SPNEGOAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer controlling result reuse for SSO,4.1,idp.authn.SPNEGO,,,shibboleth.Conditions.TRUE,idp.authn.SPNEGO.reuseCondition,SPRING_BEAN_ID,, +236,SPNEGOAuthnConfiguration,authn/authn.properties,Bean ID of Predicate determining whether flow is usable for request,4.1,idp.authn.SPNEGO,,,shibboleth.Conditions.TRUE,idp.authn.SPNEGO.activationCondition,SPRING_BEAN_ID,, +234,SPNEGOAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.SPNEGO,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.SPNEGO.inactivityTimeout,DURATION,, +239,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.SPNEGO,,,true,idp.authn.SPNEGO.addDefaultPrincipals,BOOLEAN,, +233,SPNEGOAuthnConfiguration,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.SPNEGO,,,%{idp.authn.defaultLifetime:PT1H},idp.authn.SPNEGO.lifetime,DURATION,, +223,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.refreshKrbConfig,BOOLEAN,, +227,SPNEGOAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.nonBrowserSupported,BOOLEAN,, +228,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.passiveAuthenticationSupported,BOOLEAN,, +229,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.forcedAuthenticationSupported,BOOLEAN,, +231,SPNEGOAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.proxyScopingEnforced,BOOLEAN,, +232,SPNEGOAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.SPNEGO,,,false,idp.authn.SPNEGO.discoveryRequired,BOOLEAN,, +430,Status,admin/admin.properties,?,4.1,,,,,idp.status.postAuthenticationFlows,STRING,, +428,Status,admin/admin.properties,?,4.1,,,,,idp.status.defaultAuthenticationMethods,STRING,, +426,Status,admin/admin.properties,Whether authentication should be performed prior to access control evaluation,4.1,,,,false,idp.status.authenticated,BOOLEAN,, +425,Status,admin/admin.properties,Name of access control policy for request authorization,4.1,,,,AccessByIPAddress,idp.status.accessPolicy,STRING,, +429,Status,admin/admin.properties,Whether attributes should be resolved prior to access control evaluation,4.1,,,,false,idp.status.resolveAttributes,BOOLEAN,, +427,Status,admin/admin.properties,Whether the flow should allow for non-browser clients during authentication,4.1,,,,false,idp.status.nonBrowserSupported,BOOLEAN,, +424,Status,admin/admin.properties,Audit log identifier for flow,4.1,,,,Status,idp.status.logging,STRING,, +57,StorageConfiguration,idp.properties,Interval of background thread sweeping server-side storage for expired records,all,,,,PT10M,idp.storage.cleanupInterval,DURATION,, +8,StorageConfiguration,idp.properties,Storage back-end to use for short-lived SAML Artifact mappings (must be server-side),all,,,Bean ID of a StorageService (org.opensaml.storage),shibboleth.StorageService,idp.artifact.StorageService,SPRING_BEAN_ID,, +60,StorageConfiguration,idp.properties,Name of cookie or HTML storage key used by the default persistent instance of the client storage service,all,,,,shib_idp_persistent_ss,idp.storage.clientPersistentStorageName,STRING,, +61,StorageConfiguration,idp.properties,Storage back-end to use for message replay checking (must be server-side),all,,,Bean ID of a StorageService (org.opensaml.storage),shibboleth.StorageService,idp.replayCache.StorageService,SPRING_BEAN_ID,, +58,StorageConfiguration,idp.properties,Whether to use HTML Local Storage (if available) instead of cookies,all,,,,false,idp.storage.htmlLocalStorage,BOOLEAN,, +59,StorageConfiguration,idp.properties,Name of cookie or HTML storage key used by the default per-session instance of the client storage service,all,,,,shib_idp_session_ss,idp.storage.clientSessionStorageName,STRING,, +62,StorageConfiguration,idp.properties,Whether storage errors during replay checks should be treated as a replay,all,,,,true,idp.replayCache.strict,BOOLEAN,, +622,TOTP,authn/authn.properties,Name of HTML form field to use for locating browser-submitted token codes,4.1,idp.authn.TOTP,1,,tokencode,idp.authn.TOTP.fieldName,STRING,, +627,TOTP,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.TOTP,1,,true,idp.authn.TOTP.forcedAuthenticationSupported,BOOLEAN,, +636,TOTP,authn/authn.properties,Comma-delimited list of protocol-specific Principalstrings associated with flow,4.1,idp.authn.TOTP,1,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken",idp.authn.TOTP.supportedPrincipals,STRING,, +623,TOTP,authn/authn.properties,Name of IdPAttribute to resolve to obtain token seeds for users,4.1,idp.authn.TOTP,1,,tokenSeeds,idp.authn.TOTP.tokenSeedAttribute,STRING,, +621,TOTP,authn/authn.properties,Name of request header to use for extracting non-browser submitted token codes,4.1,idp.authn.TOTP,1,,X-Shibboleth-TOTP,idp.authn.TOTP.headerName,STRING,, +624,TOTP,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.TOTP,1,,1000,idp.authn.TOTP.order,INTEGER,, +626,TOTP,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.passiveAuthenticationSupported,BOOLEAN,, +625,TOTP,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.nonBrowserSupported,BOOLEAN,, +628,TOTP,authn/authn.properties,Whether the flow enforces upstream IdP-imposed restrictions on proxying,4.1,idp.authn.TOTP,1,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.TOTP.proxyRestrictionsEnforced,BOOLEAN,, +634,TOTP,authn/authn.properties,Bean ID ofPredicate determining whether flow is usable for request,4.1,idp.authn.TOTP,1,,shibboleth.Conditions.TRUE,idp.authn.TOTP.activationCondition,SPRING_BEAN_ID,, +632,TOTP,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,idp.authn.TOTP,1,,%{idp.authn.defaultTimeout:PT30M},idp.authn.TOTP.inactivityTimeout,DURATION,, +631,TOTP,authn/authn.properties,Lifetime of results produced by this flow,4.1,idp.authn.TOTP,1,,%{idp.authn.defaultLifetime:PT1H},idp.authn.TOTP.lifetime,DURATION,, +633,TOTP,authn/authn.properties,Bean ID ofPredicate controlling result reuse for SSO,4.1,idp.authn.TOTP,1,,shibboleth.Conditions.TRUE,idp.authn.TOTP.reuseCondition,SPRING_BEAN_ID,, +635,TOTP,authn/authn.properties,"Bean ID ofBiConsumer for subject customization",4.1,idp.authn.TOTP,1,,,idp.authn.TOTP.subjectDecorator,SPRING_BEAN_ID,, +629,TOTP,authn/authn.properties,Whether the flow considers itself to be proxying,4.1,idp.authn.TOTP,1,and therefore enforces SP-signaled restrictions on proxying,false,idp.authn.TOTP.proxyScopingEnforced,BOOLEAN,, +630,TOTP,authn/authn.properties,Whether to invoke IdP-discovery prior to running flow,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.discoveryRequired,BOOLEAN,, +637,TOTP,authn/authn.properties,Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow,4.1,idp.authn.TOTP,1,,false,idp.authn.TOTP.addDefaultPrincipals,BOOLEAN,, +496,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to trim leading and trailing whitespace from the username,4.1,,,,true,idp.c14n.x500.trim,BOOLEAN,, +498,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of attribute OIDs to search for in the subject DN,4.1,,,Comma seperated list of integer values,"2,5,4,3",idp.c14n.x500.objectIDs,STRING,, +495,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to uppercase the username,4.1,,,,false,idp.c14n.x500.uppercase,BOOLEAN,, +494,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Whether to lowercase the username,4.1,,,,false,idp.c14n.x500.lowercase,BOOLEAN,, +497,X500PostLoginC14NConfiguration,c14n/subject-c14n.properties,Comma-delimited list of subjectAltName extension types to look for,4.1,,,Comma seperated list of integer values,,idp.c14n.x500.subjectAltNameTypes,STRING,, +241,X509AuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,idp.authn.X509,,,1000,idp.authn.X509.order,INTEGER,, +245,X509AuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,idp.authn.X509,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.X509.proxyRestrictionsEnforced,BOOLEAN,, +252,X509AuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,idp.authn.X509,,,shibboleth.Conditions.TRUE,idp.authn.X509.activationCondition,SPRING_BEAN_ID,, +250,X509AuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,idp.authn.X509,,,shibboleth.Conditions.TRUE,idp.authn.X509.reuseCondition,SPRING_BEAN_ID,, +253,X509AuthnConfiguration,authn/authn.properties,Comma-delimited list of protocol-specific Principal strings associated with flow,4.1,idp.authn.X509,,,"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246",idp.authn.X509.supportedPrincipals,STRING,, +247,X509AuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,idp.authn.X509,,,false,idp.authn.X509.discoveryRequired,BOOLEAN,, +246,X509AuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,idp.authn.X509,,,false,idp.authn.X509.proxyScopingEnforced,BOOLEAN,, +254,X509AuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,idp.authn.X509,,,true,idp.authn.X509.addDefaultPrincipals,BOOLEAN,, +244,X509AuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,idp.authn.X509,,,false,idp.authn.X509.forcedAuthenticationSupported,BOOLEAN,, +243,X509AuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,idp.authn.X509,,,false,idp.authn.X509.passiveAuthenticationSupported,BOOLEAN,, +261,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying,4.1,,,,false,idp.authn.X509Internal.proxyScopingEnforced,BOOLEAN,, +259,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow supports forced authentication,4.1,,,,false,idp.authn.X509Internal.forcedAuthenticationSupported,BOOLEAN,, +258,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow allows for passive authentication,4.1,,,,false,idp.authn.X509Internal.passiveAuthenticationSupported,BOOLEAN,, +257,X509InternalAuthnConfiguration,authn/authn.properties,"Whether the flow should handle non-browser request profiles (e.g., ECP)",4.1,,,,false,idp.authn.X509Internal.nonBrowserSupported,BOOLEAN,, +255,X509InternalAuthnConfiguration,authn/authn.properties,Whether to save the certificate into the Subject's public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.,4.1,,,,true,idp.authn.X509Internal.saveCertificateToCredentialSet,BOOLEAN,, +269,X509InternalAuthnConfiguration,authn/authn.properties,Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow,4.1,,,,true,idp.authn.X509Internal.addDefaultPrincipals,BOOLEAN,, +260,X509InternalAuthnConfiguration,authn/authn.properties,Whether the flow enforces upstream IdP imposed restrictions on proxying,4.1,,,,%{idp.authn.enforceProxyRestrictions:true},idp.authn.X509Internal.proxyRestrictionsEnforced,BOOLEAN,, +256,X509InternalAuthnConfiguration,authn/authn.properties,"Flow priority relative to other enabled login flows (lower is ""higher"" in priority)",4.1,,,,1000,idp.authn.X509Internal.order,INTEGER,, +264,X509InternalAuthnConfiguration,authn/authn.properties,Inactivity timeout of results produced by this flow,4.1,,,,%{idp.authn.defaultTimeout:PT30M},idp.authn.X509Internal.inactivityTimeout,DURATION,, +267,X509InternalAuthnConfiguration,authn/authn.properties,Bean ID of BiConsumer determining whether flow is usable for request,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.X509Internal.activationCondition,SPRING_BEAN_ID,, +265,X509InternalAuthnConfiguration,authn/authn.properties,Bean ID of Predicate controlling result reuse for SSO,4.1,,,,shibboleth.Conditions.TRUE,idp.authn.X509Internal.reuseCondition,SPRING_BEAN_ID,, +262,X509InternalAuthnConfiguration,authn/authn.properties,Whether to invoke IdP discovery prior to running flow,4.1,,,,false,idp.authn.X509Internal.discoveryRequired,BOOLEAN,, \ No newline at end of file From 70e9420d876c96b23f48bf7d0459bffb5c0d8ef0 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 15:20:59 -0700 Subject: [PATCH 11/63] SHIBUI-2268 load custom properties to database from application.yml file --- .../CustomPropertiesConfiguration.java | 28 ++++++++++++++++++- .../ui/service/ShibConfigurationService.java | 2 ++ .../service/ShibConfigurationServiceImpl.java | 5 ++++ backend/src/main/resources/application.yml | 25 ++++++++--------- 4 files changed, 46 insertions(+), 14 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index 9a85e48a2..c2a032f36 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -4,6 +4,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.ConfigurationProperties; @@ -29,6 +30,8 @@ public class CustomPropertiesConfiguration implements ApplicationListener shibprops = new ArrayList<>(); + private ShibConfigurationService shibConfigurationService; + private void buildRelyingPartyOverrides() { // Start over with a clean map and get the CustomEntityAttributesDefinitions from the DB HashMap reloaded = new HashMap<>(); @@ -81,13 +84,36 @@ public void setCeadService(CustomEntityAttributesDefinitionService ceadService) this.ceadService = ceadService; } + @Autowired + public void setShibConfigurationService(ShibConfigurationService service) { + this.shibConfigurationService = service; + } + /** - * This setter will get used by Spring's property system to create objects from a config file (should the properties exist) + * This setter will get used by Spring's property system to create objects from application.yml (should the properties exist) */ public void setOverrides(List overridesFromConfigFile) { this.overridesFromConfigFile = overridesFromConfigFile; } + /** + * This setter will get used by Spring's property system to create objects from application.yml (should the properties exist) + */ + public void setShibprops(List props) { + this.shibprops = props; + } + + /** + * Add any custom properties from the application.yml - any incoming property with the same name as an existing property will be + * ignored (ie this will not update/replace information for existing properties). This shouldn't be considered standard, but + * offers users the ability to add properties to their system from an addon module, new feature etc. + */ private void updateShibPropsDatabase() { + List existingPropNames = shibConfigurationService.getExistingPropertyNames(); + shibprops.forEach(prop -> { + if (!existingPropNames.contains(prop.getPropertyName())) { + shibConfigurationService.save(prop); + } + }); } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index 504c60956..b6c39ec44 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -9,4 +9,6 @@ public interface ShibConfigurationService { void addAll(Collection newProperties); List getExistingPropertyNames(); + + void save(ShibConfigurationProperty prop); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index d9d29c37f..8456940aa 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -22,4 +22,9 @@ public void addAll(Collection newProperties) { public List getExistingPropertyNames() { return repository.getPropertyNames(); } + + @Override + public void save(ShibConfigurationProperty prop) { + repository.save(prop); + } } \ No newline at end of file diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 09d922b1c..31e5eeb5a 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -163,16 +163,15 @@ custom: helpText: tooltip.ignore-request-signatures attributeName: http://shibboleth.net/ns/profiles/ignoreRequestSignatures attributeFriendlyName: ignoreRequestSignatures - shibprops: - - category: asd # required - configFile: kj # required - defaultValue: foo - description: blak - idpVersion: 4.1 # required - module: h - moduleVersion: 1 - note: nnn - propertyName: dddd # required - propertyType: dddd # required as one of: BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING - propertyValue: dddd - selectionItems: dddd,dddd # required if propertyType is SELECTION_LIST - comma seperated values \ No newline at end of file +# shibprops: +# - category: main # required +# configFile: random.properties # required +# defaultValue: foo +# description: whatever +# idpVersion: 4.1 # required +# module: some random module +# moduleVersion: 1 +# note: this is an example for the application.yml file +# propertyName: example.property.name # required +# propertyType: SELECTION_LIST # required as one of: BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING +# selectionItems: dddd,eeee # required if propertyType is SELECTION_LIST - comma seperated values \ No newline at end of file From c2c601cd9c1bd76790f23277752f9f418e201527 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 15:20:59 -0700 Subject: [PATCH 12/63] SHIBUI-2268 load custom properties to database from application.yml file Former-commit-id: 70e9420d876c96b23f48bf7d0459bffb5c0d8ef0 --- .../CustomPropertiesConfiguration.java | 28 ++++++++++++++++++- .../ui/service/ShibConfigurationService.java | 2 ++ .../service/ShibConfigurationServiceImpl.java | 5 ++++ backend/src/main/resources/application.yml | 25 ++++++++--------- 4 files changed, 46 insertions(+), 14 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index 9a85e48a2..c2a032f36 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -4,6 +4,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.context.properties.ConfigurationProperties; @@ -29,6 +30,8 @@ public class CustomPropertiesConfiguration implements ApplicationListener shibprops = new ArrayList<>(); + private ShibConfigurationService shibConfigurationService; + private void buildRelyingPartyOverrides() { // Start over with a clean map and get the CustomEntityAttributesDefinitions from the DB HashMap reloaded = new HashMap<>(); @@ -81,13 +84,36 @@ public void setCeadService(CustomEntityAttributesDefinitionService ceadService) this.ceadService = ceadService; } + @Autowired + public void setShibConfigurationService(ShibConfigurationService service) { + this.shibConfigurationService = service; + } + /** - * This setter will get used by Spring's property system to create objects from a config file (should the properties exist) + * This setter will get used by Spring's property system to create objects from application.yml (should the properties exist) */ public void setOverrides(List overridesFromConfigFile) { this.overridesFromConfigFile = overridesFromConfigFile; } + /** + * This setter will get used by Spring's property system to create objects from application.yml (should the properties exist) + */ + public void setShibprops(List props) { + this.shibprops = props; + } + + /** + * Add any custom properties from the application.yml - any incoming property with the same name as an existing property will be + * ignored (ie this will not update/replace information for existing properties). This shouldn't be considered standard, but + * offers users the ability to add properties to their system from an addon module, new feature etc. + */ private void updateShibPropsDatabase() { + List existingPropNames = shibConfigurationService.getExistingPropertyNames(); + shibprops.forEach(prop -> { + if (!existingPropNames.contains(prop.getPropertyName())) { + shibConfigurationService.save(prop); + } + }); } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index 504c60956..b6c39ec44 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -9,4 +9,6 @@ public interface ShibConfigurationService { void addAll(Collection newProperties); List getExistingPropertyNames(); + + void save(ShibConfigurationProperty prop); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index d9d29c37f..8456940aa 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -22,4 +22,9 @@ public void addAll(Collection newProperties) { public List getExistingPropertyNames() { return repository.getPropertyNames(); } + + @Override + public void save(ShibConfigurationProperty prop) { + repository.save(prop); + } } \ No newline at end of file diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 09d922b1c..31e5eeb5a 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -163,16 +163,15 @@ custom: helpText: tooltip.ignore-request-signatures attributeName: http://shibboleth.net/ns/profiles/ignoreRequestSignatures attributeFriendlyName: ignoreRequestSignatures - shibprops: - - category: asd # required - configFile: kj # required - defaultValue: foo - description: blak - idpVersion: 4.1 # required - module: h - moduleVersion: 1 - note: nnn - propertyName: dddd # required - propertyType: dddd # required as one of: BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING - propertyValue: dddd - selectionItems: dddd,dddd # required if propertyType is SELECTION_LIST - comma seperated values \ No newline at end of file +# shibprops: +# - category: main # required +# configFile: random.properties # required +# defaultValue: foo +# description: whatever +# idpVersion: 4.1 # required +# module: some random module +# moduleVersion: 1 +# note: this is an example for the application.yml file +# propertyName: example.property.name # required +# propertyType: SELECTION_LIST # required as one of: BOOLEAN, DURATION, INTEGER, SELECTION_LIST, SPRING_BEAN_ID, STRING +# selectionItems: dddd,eeee # required if propertyType is SELECTION_LIST - comma seperated values \ No newline at end of file From a57f9b63b21093e38733e935f5223c837d7ecf5b Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 15:29:17 -0700 Subject: [PATCH 13/63] SHIBUI-2268 Created controller and endpoint to fetch all the properties --- .../controller/ShibPropertiesController.java | 25 +++++++++++++++++++ .../ui/service/ShibConfigurationService.java | 2 ++ .../service/ShibConfigurationServiceImpl.java | 5 ++++ 3 files changed, 32 insertions(+) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java new file mode 100644 index 000000000..a96e2db5d --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -0,0 +1,25 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller; + +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; +import io.swagger.v3.oas.annotations.tags.Tag; +import io.swagger.v3.oas.annotations.tags.Tags; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.ResponseEntity; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequestMapping(value = "/api/shib") +@Tags(value = {@Tag(name = "Shibboleth Properties")}) +public class ShibPropertiesController { + @Autowired + private ShibConfigurationService service; + + @GetMapping("/properties") + @Transactional(readOnly = true) + public ResponseEntity getAll() { + return ResponseEntity.ok(service.getAll()); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index b6c39ec44..e1eaf5897 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -11,4 +11,6 @@ public interface ShibConfigurationService { List getExistingPropertyNames(); void save(ShibConfigurationProperty prop); + + List getAll(); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index 8456940aa..1fec3181d 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -27,4 +27,9 @@ public List getExistingPropertyNames() { public void save(ShibConfigurationProperty prop) { repository.save(prop); } + + @Override + public List getAll() { + return repository.findAll(); + } } \ No newline at end of file From 04c48efc3b6ae9162167e0be8402a13481a08b29 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 15:29:17 -0700 Subject: [PATCH 14/63] SHIBUI-2268 Created controller and endpoint to fetch all the properties Former-commit-id: a57f9b63b21093e38733e935f5223c837d7ecf5b --- .../controller/ShibPropertiesController.java | 25 +++++++++++++++++++ .../ui/service/ShibConfigurationService.java | 2 ++ .../service/ShibConfigurationServiceImpl.java | 5 ++++ 3 files changed, 32 insertions(+) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java new file mode 100644 index 000000000..a96e2db5d --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -0,0 +1,25 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller; + +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; +import io.swagger.v3.oas.annotations.tags.Tag; +import io.swagger.v3.oas.annotations.tags.Tags; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.ResponseEntity; +import org.springframework.transaction.annotation.Transactional; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +@RequestMapping(value = "/api/shib") +@Tags(value = {@Tag(name = "Shibboleth Properties")}) +public class ShibPropertiesController { + @Autowired + private ShibConfigurationService service; + + @GetMapping("/properties") + @Transactional(readOnly = true) + public ResponseEntity getAll() { + return ResponseEntity.ok(service.getAll()); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index b6c39ec44..e1eaf5897 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -11,4 +11,6 @@ public interface ShibConfigurationService { List getExistingPropertyNames(); void save(ShibConfigurationProperty prop); + + List getAll(); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index 8456940aa..1fec3181d 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -27,4 +27,9 @@ public List getExistingPropertyNames() { public void save(ShibConfigurationProperty prop) { repository.save(prop); } + + @Override + public List getAll() { + return repository.findAll(); + } } \ No newline at end of file From 4ac5009184e3e906d24acbaf9f85c192c83193a4 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 16:30:15 -0700 Subject: [PATCH 15/63] SHIBUI-2268 Adjusted code for better output to the UI of the properties list --- .../ui/domain/ShibConfigurationProperty.java | 26 ++++++++++++++++--- .../util/EmptyStringToNullConverter.java | 21 +++++++++++++++ 2 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java index 345592ae3..eb0f4ea77 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java @@ -1,9 +1,12 @@ package edu.internet2.tier.shibboleth.admin.ui.domain; +import com.fasterxml.jackson.annotation.JsonIgnore; +import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; import lombok.Data; import org.hibernate.envers.Audited; import javax.persistence.Column; +import javax.persistence.Convert; import javax.persistence.Entity; import javax.persistence.Id; import java.util.UUID; @@ -23,35 +26,52 @@ public class ShibConfigurationProperty { String configFile; @Column(name = "default_value") + @Convert(converter = EmptyStringToNullConverter.class) String defaultValue; @Column(name = "description") + @Convert(converter = EmptyStringToNullConverter.class) String description; @Column(name = "idp_version", nullable = false) String idpVersion; @Column(name = "module") + @Convert(converter = EmptyStringToNullConverter.class) String module; @Column(name = "module_version") + @Convert(converter = EmptyStringToNullConverter.class) String moduleVersion; @Column(name = "note") + @Convert(converter = EmptyStringToNullConverter.class) String note; @Column(name = "property_name", nullable = false) String propertyName; @Column(name = "property_type", nullable = false) + @JsonIgnore // display type is sent to the ui instead PropertyType propertyType; - @Column(name = "property_value") - String propertyValue; - @Column(name = "selection_items") + @Convert(converter = EmptyStringToNullConverter.class) String selectionItems; + public String getDisplayType() { + switch (propertyType) { + case BOOLEAN: + return propertyType.name().toLowerCase(); + case INTEGER: + return "number"; + case SELECTION_LIST: + return "list"; + default: // DURATION, SPRING_BEAN_ID, STRING + return "string"; + } + } + public void setPropertyType(String val) { this.propertyType = PropertyType.valueOf(val); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java new file mode 100644 index 000000000..0e3073bfc --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java @@ -0,0 +1,21 @@ +package edu.internet2.tier.shibboleth.admin.util; + +import org.apache.commons.lang3.StringUtils; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +@Converter +public class EmptyStringToNullConverter implements AttributeConverter { + @Override + public String convertToDatabaseColumn(String string) { + // if whitespace is set on a value, send null to the db + return StringUtils.defaultIfBlank(string, null); + } + + @Override + public String convertToEntityAttribute(String dbData) { + // keep nulls from the db as nulls + return dbData; + } +} \ No newline at end of file From 757fbec8f6f66627d185bf6b6413c122082aae24 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Wed, 17 Aug 2022 16:30:15 -0700 Subject: [PATCH 16/63] SHIBUI-2268 Adjusted code for better output to the UI of the properties list Former-commit-id: 4ac5009184e3e906d24acbaf9f85c192c83193a4 --- .../ui/domain/ShibConfigurationProperty.java | 26 ++++++++++++++++--- .../util/EmptyStringToNullConverter.java | 21 +++++++++++++++ 2 files changed, 44 insertions(+), 3 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java index 345592ae3..eb0f4ea77 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java @@ -1,9 +1,12 @@ package edu.internet2.tier.shibboleth.admin.ui.domain; +import com.fasterxml.jackson.annotation.JsonIgnore; +import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; import lombok.Data; import org.hibernate.envers.Audited; import javax.persistence.Column; +import javax.persistence.Convert; import javax.persistence.Entity; import javax.persistence.Id; import java.util.UUID; @@ -23,35 +26,52 @@ public class ShibConfigurationProperty { String configFile; @Column(name = "default_value") + @Convert(converter = EmptyStringToNullConverter.class) String defaultValue; @Column(name = "description") + @Convert(converter = EmptyStringToNullConverter.class) String description; @Column(name = "idp_version", nullable = false) String idpVersion; @Column(name = "module") + @Convert(converter = EmptyStringToNullConverter.class) String module; @Column(name = "module_version") + @Convert(converter = EmptyStringToNullConverter.class) String moduleVersion; @Column(name = "note") + @Convert(converter = EmptyStringToNullConverter.class) String note; @Column(name = "property_name", nullable = false) String propertyName; @Column(name = "property_type", nullable = false) + @JsonIgnore // display type is sent to the ui instead PropertyType propertyType; - @Column(name = "property_value") - String propertyValue; - @Column(name = "selection_items") + @Convert(converter = EmptyStringToNullConverter.class) String selectionItems; + public String getDisplayType() { + switch (propertyType) { + case BOOLEAN: + return propertyType.name().toLowerCase(); + case INTEGER: + return "number"; + case SELECTION_LIST: + return "list"; + default: // DURATION, SPRING_BEAN_ID, STRING + return "string"; + } + } + public void setPropertyType(String val) { this.propertyType = PropertyType.valueOf(val); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java new file mode 100644 index 000000000..0e3073bfc --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/util/EmptyStringToNullConverter.java @@ -0,0 +1,21 @@ +package edu.internet2.tier.shibboleth.admin.util; + +import org.apache.commons.lang3.StringUtils; + +import javax.persistence.AttributeConverter; +import javax.persistence.Converter; + +@Converter +public class EmptyStringToNullConverter implements AttributeConverter { + @Override + public String convertToDatabaseColumn(String string) { + // if whitespace is set on a value, send null to the db + return StringUtils.defaultIfBlank(string, null); + } + + @Override + public String convertToEntityAttribute(String dbData) { + // keep nulls from the db as nulls + return dbData; + } +} \ No newline at end of file From 5bf13c34c4ce658bcce8d2c89677a4622f00dea4 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 19 Aug 2022 12:31:33 -0700 Subject: [PATCH 17/63] Updated search --- .../main/resources/i18n/messages.properties | 7 + ui/public/data/properties.json | 8529 +++++++++++++++-- .../app/admin/component/ConfigurationForm.js | 141 +- .../app/admin/container/EditConfiguration.js | 10 +- .../app/admin/container/NewConfiguration.js | 35 +- .../app/admin/hoc/ConfigurationsProvider.js | 18 +- ui/src/app/admin/hoc/PropertiesProvider.js | 50 + ui/src/app/admin/hooks.js | 14 +- ui/src/app/form/component/ToggleButton.js | 23 + .../form/component/widgets/OptionWidget.js | 20 +- ui/src/theme/project/index.scss | 1 + ui/src/theme/project/typeahead.scss | 43 + 12 files changed, 8171 insertions(+), 720 deletions(-) create mode 100644 ui/src/app/admin/hoc/PropertiesProvider.js create mode 100644 ui/src/app/form/component/ToggleButton.js create mode 100644 ui/src/theme/project/typeahead.scss diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index c225aa4c3..95a496e69 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -78,6 +78,9 @@ action.select-bundle=Select Bundle action.get-latest=Get latest +action.configurations=Shibboleth configurations +action.create-new-configuration=Create Shibboleth configuration set + value.enabled=Enabled value.disabled=Disabled value.current=Current @@ -530,6 +533,10 @@ label.role-name=Role Name label.role-description=Role Description label.role=Role +label.configuration-management=Manage Shibboleth configurations +label.configuration-name=Shibboleth configuration sets +label.new-configuration=Create new configuration set + message.delete-role-title=Delete Role? message.delete-role-body=You are requesting to delete a role. If you complete this process the role will be removed. This cannot be undone. Do you wish to continue? diff --git a/ui/public/data/properties.json b/ui/public/data/properties.json index a022a4fd5..dea2860f5 100644 --- a/ui/public/data/properties.json +++ b/ui/public/data/properties.json @@ -1,659 +1,7874 @@ [ -{"note":"ex. /conf/ldap.properties, /conf/services.properties","property_name":"idp.additionalProperties","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set."}, -{"note":"","property_name":"idp.searchForProperties","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-load all files matching conf/**/*.properties"}, -{"note":"ex. https://unicon.net/idp/shibboleth","property_name":"idp.entityID","idp_vers":"all","property_default_value":"none","property_type":"URI","module_vers":"","configuration_cat":"RP","module":"","description":"The unique name of the IdP used as the iisuer in all SAML profiles"}, -{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, -{"note":"","property_name":"idp.artifact.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether to allow use of the SAML artifact bindings when sending messages"}, -{"note":"","property_name":"idp.artifact.secureChannel","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)"}, -{"note":"","property_name":"idp.artifact.endpointIndex","idp_vers":"all","property_default_value":"2","property_type":"int","module_vers":"","configuration_cat":"RP","module":"","description":"Identifies the endpoint in SAML metadata associated with artifacts issued by a server node"}, -{"note":"","property_name":"idp.artifact.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)"}, -{"note":"","property_name":"idp.bindings.inMetadataOrder","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout."}, -{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"file pathname","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, -{"note":"","property_name":"idp.scope","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"applies a (fixed) scope typically a domain-valued suffix to an input attribute's values"}, -{"note":"","property_name":"idp.cookie.secure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will be limited to TLS"}, -{"note":"","property_name":"idp.cookie.httpOnly","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property"}, -{"note":"","property_name":"idp.cookie.domain","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the domain of any cookies issued by the IdP (not including the container)"}, -{"note":"","property_name":"idp.cookie.path","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the path of any cookies issued by the IdP (not including the container)"}, -{"note":"","property_name":"idp.cookie.maxAge","idp_vers":"all","property_default_value":"31536000","property_type":"int","module_vers":"","configuration_cat":"SEC","module":"","description":"Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)"}, -{"note":"","property_name":"idp.cookie.sameSite","idp_vers":"all","property_default_value":"None","property_type":"Null/None/Lax/Strict","module_vers":"","configuration_cat":"SEC","module":"","description":"Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified"}, -{"note":"","property_name":"idp.cookie.sameSiteCondition","idp_vers":"all","property_default_value":"shibboleth.Conditions.FALSE","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SEC","module":"","description":"Predicate condition bean controlling whether SameSite filter runs"}, -{"note":"","property_name":"idp.sealer.keyStrategy","idp_vers":"all","property_default_value":"shibboleth.DataSealerKeyStrategy","property_type":"Bean ID of DataSealerKeyStrategy","module_vers":"","configuration_cat":"SEC","module":"","description":"Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option."}, -{"note":"","property_name":"idp.sealer.storeType","idp_vers":"all","property_default_value":"JCEKS","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Type of Java keystore used for IdP's internal AES encryption key"}, -{"note":"","property_name":"idp.sealer.updateInterval","idp_vers":"all","property_default_value":"PT15M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Time between checks for a new AES key version"}, -{"note":"","property_name":"idp.sealer.aliasBase","idp_vers":"all","property_default_value":"secret","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)"}, -{"note":"","property_name":"idp.sealer.storeResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore resource containing AES encryption key usually a file path"}, -{"note":"","property_name":"idp.sealer.versionResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource that tracks the active AES encryption key version usually a file path"}, -{"note":"","property_name":"idp.sealer.storePassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore password unlocking AES encryption keystore typically set during installation"}, -{"note":"","property_name":"idp.sealer.keyPassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Key password unlocking AES encryption key typically set to the same as the previous property and set during installation"}, -{"note":"","property_name":"idp.signing.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing private key for signing typically a file in the credentials directory"}, -{"note":"","property_name":"idp.signing.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a private key for decryption typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.key.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate private key for decryption generally unused except while changing decryption keys"}, -{"note":"","property_name":"idp.encryption.cert.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate public key certificate generally unused except while changing decryption keys"}, -{"note":"","property_name":"idp.security.config","idp_vers":"all","property_default_value":"shibboleth.DefaultSecurityConfiguration","property_type":"Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SecurityConfiguration "}, -{"note":"","property_name":"idp.signing.config","idp_vers":"all","property_default_value":"shibboleth.SigningConfiguration.SHA256","property_type":"Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SignatureSigningConfiguration"}, -{"note":"","property_name":"idp.encryption.config","idp_vers":"all","property_default_value":"shibboleth.EncryptionConfiguration.CBC","property_type":"Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default EncryptionConfiguration"}, -{"note":"","property_name":"idp.encryption.optional","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true failure to locate an encryption key to use won't result in request failure "}, -{"note":"","property_name":"idp.encryption.keyagreement.metadata.defaultUseKeyWrap","idp_vers":"all","property_default_value":"Default","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration"}, -{"note":"","property_name":"idp.trust.signatures","idp_vers":"all","property_default_value":"shibboleth.ChainingSignatureTrustEngine","property_type":"Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify signatures"}, -{"note":"","property_name":"idp.trust.certificates","idp_vers":"all","property_default_value":"shibboleth.ChainingX509TrustEngine","property_type":"Bean ID of TrustEngine (org.opensaml.security.trust)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify TLS certificates"}, -{"note":"","property_name":"idp.policy.messageLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped messages"}, -{"note":"","property_name":"idp.policy.assertionLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped assertions"}, -{"note":"","property_name":"idp.policy.clockSkew","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default allowance for clock differences between systems"}, -{"note":"","property_name":"idp.security.basicKeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.BasicKeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the BasicKeyInfoGeneratorFactory used by default"}, -{"note":"","property_name":"idp.security.x509KeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.X509KeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the X509KeyInfoGeneratorFactory used by default"}, -{"note":"","property_name":"idp.csrf.enabled","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CSRF","module":"","description":"Enables CSRF protection"}, -{"note":"","property_name":"idp.csrf.token.parameter","idp_vers":"4","property_default_value":"csrf_token","property_type":"string","module_vers":"","configuration_cat":"CSRF","module":"","description":"Name of the HTTP parameter that stores the CSRF token"}, -{"note":"","property_name":"idp.hsts","idp_vers":"all","property_default_value":"max-age=0","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an HSTS response header"}, -{"note":"","property_name":"idp.frameoptions","idp_vers":"all","property_default_value":"DENY","property_type":"DENY/SAMEORIGIN","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an X-Frame-Options response header"}, -{"note":"","property_name":"idp.csp","idp_vers":"all","property_default_value":"frame-ancestors 'none'","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures a Content Security Policy response header"}, -{"note":"","property_name":"idp.webflows","idp_vers":"all","property_default_value":"%{idp.home}/flows","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-supplied webflows from"}, -{"note":"","property_name":"idp.views","idp_vers":"all","property_default_value":"%{idp.home}/views","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading."}, -{"note":"","property_name":"idp.errors.detailed","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to expose detailed error causes in status information provided to outside parties"}, -{"note":"","property_name":"idp.errors.signed","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)"}, -{"note":"","property_name":"idp.errors.defaultView","idp_vers":"all","property_default_value":"error","property_type":"string","module_vers":"","configuration_cat":"ERR","module":"","description":"The default view name to render for exceptions and events"}, -{"note":"","property_name":"idp.errors.excludedExceptions","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Properties (java.util.Properties)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class)."}, -{"note":"","property_name":"idp.errors.exceptionMappings","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Collection (java.util)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)"}, -{"note":"","property_name":"idp.storage.cleanupInterval","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"STOR","module":"","description":"Interval of background thread sweeping server-side storage for expired records"}, -{"note":"","property_name":"idp.storage.htmlLocalStorage","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether to use HTML Local Storage (if available) instead of cookies"}, -{"note":"","property_name":"idp.storage.clientSessionStorageName","idp_vers":"all","property_default_value":"shib_idp_session_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default per-session instance of the client storage service"}, -{"note":"","property_name":"idp.storage.clientPersistentStorageName","idp_vers":"all","property_default_value":"shib_idp_persistent_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default persistent instance of the client storage service"}, -{"note":"","property_name":"idp.replayCache.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for message replay checking (must be server-side)"}, -{"note":"","property_name":"idp.replayCache.strict","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether storage errors during replay checks should be treated as a replay"}, -{"note":"","property_name":"idp.session.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to enable the IdP's session tracking feature"}, -{"note":"","property_name":"idp.session.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientSessionStorageService","property_type":"Bean ID of StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"SESS","module":"","description":"Bean name of a storage implementation/configuration to use for IdP sessions"}, -{"note":"","property_name":"idp.session.cookieName","idp_vers":"4.2","property_default_value":"shib_idp_session","property_type":"string","module_vers":"","configuration_cat":"SESS","module":"","description":"Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)"}, -{"note":"","property_name":"idp.session.idSize","idp_vers":"all","property_default_value":"32","property_type":"int","module_vers":"","configuration_cat":"SESS","module":"","description":"Number of characters in IdP session identifiers"}, -{"note":"","property_name":"idp.session.consistentAddress","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to bind IdP sessions to IP addresses"}, -{"note":"","property_name":"idp.session.consistentAddressCondition","idp_vers":"all","property_default_value":"Direct string comparison","property_type":"BiPredicate","module_vers":"","configuration_cat":"SESS","module":"","description":"A 2-argument predicate that compares a bound session's address to a client address"}, -{"note":"","property_name":"idp.session.timeout","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Inactivity timeout policy for IdP sessions (must be non-zero)"}, -{"note":"","property_name":"idp.session.slop","idp_vers":"all","property_default_value":"0","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Extra time after expiration before removing SP sessions in case a logout is invoked"}, -{"note":"","property_name":"idp.session.maskStorageFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to hide storage failures from users during session cache reads/writes"}, -{"note":"","property_name":"idp.session.trackSPSessions","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)"}, -{"note":"","property_name":"idp.session.secondaryServiceIndex","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)"}, -{"note":"","property_name":"idp.session.defaultSPlifetime","idp_vers":"all","property_default_value":"PT2H","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting"}, -{"note":" ex. Password, MA, DUO","property_name":"idp.authn.flows","idp_vers":"all","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Required expression that identifies the login flows to globally enable"}, -{"note":" measured since first usage","property_name":"idp.authn.defaultLifetime","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default amount of time to allow reuse prior authentication flows"}, -{"note":" measured since last usage","property_name":"idp.authn.defaultTimeout","idp_vers":"all","property_default_value":"PT30M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default inactivity timeout to prevent reuse of prior authentication flows"}, -{"note":"","property_name":"idp.authn.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication"}, -{"note":"","property_name":"idp.authn.favorSSO","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to prioritize prior authentication results when an SP requests more than one possible matching method"}, -{"note":"","property_name":"idp.authn.rpui","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to populate information about the relying party into the tree for user interfaces during login and interceptors"}, -{"note":"","property_name":"idp.authn.identitySwitchIsError","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session."}, -{"note":"","property_name":"idp.authn.discoveryURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose"}, -{"note":"","property_name":"idp.authn.overrideRequestedAuthnContext","idp_vers":"4","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set."}, -{"note":"","property_name":"idp.consent.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientPersistentStorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of storage service used to store users' consent choices"}, -{"note":"","property_name":"idp.consent.attribute-release.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, -{"note":"","property_name":"idp.consent.attribute-release.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, -{"note":"","property_name":"idp.consent.attribute-release.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of attribute-release flow along with system default behavior"}, -{"note":"","property_name":"idp.consent.attribute-release.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, -{"note":"","property_name":"idp.consent.terms-of-use.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, -{"note":"","property_name":"idp.consent.terms-of-use.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, -{"note":"","property_name":"idp.consent.terms-of-use.consentValueMessageCodeSuffix","idp_vers":"all","property_default_value":".text","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Suffix of message property used as value of consent storage records when idp.consent.compareValues is true"}, -{"note":"","property_name":"idp.consent.terms-of-use.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of terms-of-use flow"}, -{"note":"","property_name":"idp.consent.terms-of-use.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, -{"note":"","property_name":"idp.consent.allowDoNotRemember","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether not remembering/storing consent is allowed"}, -{"note":"","property_name":"idp.consent.allowGlobal","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether consent to any attribute and to any relying party is allowed"}, -{"note":"","property_name":"idp.consent.allowPerAttribute","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether per-attribute consent is allowed"}, -{"note":"","property_name":"idp.consent.compareValues","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether attribute values and terms of use text are stored and compared for equality"}, -{"note":"","property_name":"idp.consent.maxStoredRecords","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit"}, -{"note":"","property_name":"idp.consent.expandedMaxStoredRecords","idp_vers":"all","property_default_value":"0","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using larger/server-side storage, 0 = no limit"}, -{"note":"","property_name":"idp.consent.storageRecordLifetime","idp_vers":"4.x","property_default_value":"(v4.0=P1Y,v4.1=infinite)","property_type":"duration","module_vers":"","configuration_cat":"CONS","module":"","description":"Time in milliseconds to expire consent storage records"}, -{"note":"","property_name":"idp.logout.elaboration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to search metadata for user interface information associated with every service involved in logout propagation"}, -{"note":"","property_name":"idp.logout.authenticated","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to require signed logout messages in accordance with the SAML 2.0 standard"}, -{"note":"","property_name":"idp.logout.promptUser","idp_vers":"all","property_default_value":"false","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SLO","module":"","description":"If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session"}, -{"note":"","property_name":"idp.logout.preserveQuery","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic"}, -{"note":"","property_name":"idp.logout.assumeAsync","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints"}, -{"note":"","property_name":"idp.logout.propagationHidden","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user"}, -{"note":"","property_name":"idp.soap.httpClient","idp_vers":"all","property_default_value":"SOAPClient.HttpClient","property_type":"Bean ID of HttpClient to use for SOAP-based logout","module_vers":"","configuration_cat":"IDP","module":"","description":"Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)"}, -{"note":"ex. en, fr, de","property_name":"idp.ui.fallbackLanguages","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited list","module_vers":"","configuration_cat":"IDP","module":"","description":"languages to use if no match can be found with the browser-supported languages"}, -{"note":"","property_name":"idp.cas.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CAS","module":"","description":"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)"}, -{"note":"","property_name":"idp.cas.serviceRegistryClass","idp_vers":"all","property_default_value":"net.shibboleth.idp.cas.service.PatternServiceRegistry","property_type":"?","module_vers":"","configuration_cat":"CAS","module":"","description":"CAS service registry implementation class"}, -{"note":"","property_name":"idp.cas.relyingPartyIdFromMetadata","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CAS","module":"","description":"If true CAS services provisioned with SAML metadata are identified via entityID"}, -{"note":"","property_name":"idp.fticks.federation","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Enables F-TICKS output and specifies the value of the federation-identifier field"}, -{"note":"","property_name":"idp.fticks.condition","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"FTICK","module":"","description":"Optional bean name of a Predicate to use to decide whether to run"}, -{"note":"","property_name":"idp.fticks.algorithm","idp_vers":"all","property_default_value":"SHA-2","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Digest algorithm used to obscure usernames"}, -{"note":"","property_name":"idp.fticks.salt","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"A salt to apply when digesting usernames (if not specified, the username will not be included)"}, -{"note":"","property_name":"idp.fticks.loghost","idp_vers":"all","property_default_value":"localhost","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog host"}, -{"note":"","property_name":"idp.fticks.logport","idp_vers":"all","property_default_value":"514","property_type":"int","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog port"}, -{"note":"","property_name":"idp.audit.shortenBindings","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SERV","module":"","description":"Set false if you want SAML bindings \"spelled out\" in audit log"}, -{"note":"","property_name":"idp.velocity.runtime.strictmode","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Set to true to fail on velocity syntax errors"}, -{"note":"","property_name":"idp.intercept.External.externalPath","idp_vers":"all","property_default_value":"contextRelative:intercept.jsp","property_type":"path","module_vers":"","configuration_cat":"IDP","module":"","description":"Path to use with External interceptor flow"}, -{"note":"","property_name":"idp.impersonate.generalPolicy","idp_vers":"all","property_default_value":"GeneralImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, -{"note":"","property_name":"idp.impersonate.specificPolicy","idp_vers":"all","property_default_value":"SpecificImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, -{"note":"","property_name":"idp.authn.LDAP.authenticator","idp_vers":"all","property_default_value":"anonSearchAuthenticator","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator"}, -{"note":" ex. ldap://localhost or ldaps://localhost","property_name":"idp.authn.LDAP.ldapURL","idp_vers":"all","property_default_value":"none","property_type":"LDAP URI","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection URI for LDAP directory"}, -{"note":"","property_name":"idp.authn.LDAP.useStartTLS","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether StartTLS should be used after connecting with LDAP alone."}, -{"note":"","property_name":"idp.authn.LDAP.connectTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for the TCP connection to occur."}, -{"note":"","property_name":"idp.authn.LDAP.responseTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for an LDAP response message"}, -{"note":"","property_name":"idp.authn.LDAP.connectionStrategy","idp_vers":"all","property_default_value":"ACTIVE_PASSIVE","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM"}, -{"note":"","property_name":"idp.authn.LDAP.sslConfig","idp_vers":"all","property_default_value":"certificateTrust","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust"}, -{"note":"ex. %{idp.home}/credentials/ldap-server.crt","property_name":"idp.authn.LDAP.trustCertificates","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load trust anchors from when using sslConfig = certificateTrust"}, -{"note":"ex. %{idp.home}/credentials/ldap-server.truststore","property_name":"idp.authn.LDAP.trustStore","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust"}, -{"note":"","property_name":"idp.authn.LDAP.returnAttributes","idp_vers":"all","property_default_value":"none","property_type":"comma-seperated strings","module_vers":"","configuration_cat":"LDAP","module":"","description":"List of attributes to request during authentication"}, -{"note":"","property_name":"idp.authn.LDAP.baseDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.subtreeSearch","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.userFilter","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.bindDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.bindDNCredential","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties"}, -{"note":"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com","property_name":"idp.authn.LDAP.dnFormat","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.resolveEntryOnFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails."}, -{"note":"","property_name":"idp.authn.LDAP.resolveEntryWithBindDN","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user."}, -{"note":"","property_name":"idp.authn.LDAP.usePasswordPolicy","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Policy Control."}, -{"note":"","property_name":"idp.authn.LDAP.usePasswordExpiration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Expired Control."}, -{"note":"","property_name":"idp.authn.LDAP.activeDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types."}, -{"note":"","property_name":"idp.authn.LDAP.freeIPADirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product."}, -{"note":"","property_name":"idp.authn.LDAP.eDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product."}, -{"note":"","property_name":"idp.authn.LDAP.disablePooling","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether connection pools should be used for LDAP authentication and DN resolution"}, -{"note":"","property_name":"idp.pool.LDAP.minSize","idp_vers":"all","property_default_value":"3","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Minimum LDAP connection pool size"}, -{"note":"","property_name":"idp.pool.LDAP.maxSize","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Maximum LDAP connection pool size"}, -{"note":"","property_name":"idp.pool.LDAP.validateOnCheckout","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections when checking them out of the pool"}, -{"note":"","property_name":"idp.pool.LDAP.validatePeriodically","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections in the background"}, -{"note":"","property_name":"idp.pool.LDAP.validatePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between validation if idp.pool.LDAP.validatePeriodically is true"}, -{"note":"","property_name":"idp.pool.LDAP.validateDN","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to search with the validateFilter: defaults to the rootDSE"}, -{"note":"","property_name":"idp.pool.LDAP.validateFilter","idp_vers":"4.0.1","property_default_value":"(objectClass=*)","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Search filter to execute in order to validate a pooled connection"}, -{"note":"","property_name":"idp.pool.LDAP.prunePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between looking for idle connections to reduce the pool back to its minimum size"}, -{"note":"","property_name":"idp.pool.LDAP.idleTime","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration connections must be idle to be eligible for pruning"}, -{"note":"","property_name":"idp.pool.LDAP.blockWaitTime","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration to wait for a free connection in the pool"}, -{"note":"","property_name":"idp.authn.LDAP.bindPoolPassivator","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind."}, -{"note":"","property_name":"idp.authn.JAAS.loginConfigNames","idp_vers":"4.1","property_default_value":"ShibUserPassAuth","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Comma-delimited set of JAAS application configuration names to use"}, -{"note":"","property_name":"idp.authn.JAAS.loginConfig","idp_vers":"4.1","property_default_value":"%{idp.home}/conf/authn/jaas.config","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Location of JAAS configuration file"}, -{"note":"","property_name":"idp.authn.Krb5.refreshConfig","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt"}, -{"note":"","property_name":"idp.authn.Krb5.preserveTicket","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set"}, -{"note":"","property_name":"idp.authn.Krb5.servicePrincipal","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it"}, -{"note":"","property_name":"idp.authn.Krb5.keytab","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal"}, -{"note":"","property_name":"idp.authn.External.externalAuthnPath","idp_vers":"4.1","property_default_value":"contextRelative:external.jsp","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Spring Web Flow redirection expression for the protected resource"}, -{"note":"","property_name":"idp.authn.External.matchExpression","idp_vers":"4.1","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Regular expression to match username against"}, -{"note":"","property_name":"idp.authn.External.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.External.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.External.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.External.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.External.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, -{"note":"","property_name":"idp.authn.External.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, -{"note":"","property_name":"idp.authn.External.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether to invoke IdP discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.External.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.External.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.External.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.External.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.External.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.RemoteUser.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUser.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.RemoteUserInternal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUserInternal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.SPNEGO.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.SPNEGO.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.X509.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.X509.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.X509Internal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.X509Internal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.IPAddress.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.IPAddress.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.Function.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.Function.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.Duo.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.Duo.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step"}, -{"note":"","property_name":"idp.authn.SAML.inboundMessageHandlerFunction","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of Function to run at the late stages of Response decoding/processing"}, -{"note":"","property_name":"idp.authn.SAML.assertionValidator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of AssertionValidator to run"}, -{"note":"","property_name":"idp.authn.SAML.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.SAML.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.SAML.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.SAML.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.SAML.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, -{"note":"","property_name":"idp.authn.SAML.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, -{"note":"","property_name":"idp.authn.SAML.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to invoke IdP discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.SAML.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.SAML.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.SAML.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.SAML.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.SAML.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.MFA.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.MFA.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of BiConsumer to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone"}, -{"note":"","property_name":"idp.c14n.x500.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.x500.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":"","property_name":"idp.c14n.x500.trim","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to trim leading and trailing whitespace from the username"}, -{"note":"","property_name":"idp.c14n.x500.subjectAltNameTypes","idp_vers":"4.1","property_default_value":"none","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of subjectAltName extension types to look for"}, -{"note":"","property_name":"idp.c14n.x500.objectIDs","idp_vers":"4.1","property_default_value":"2.5.4.3","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of attribute OIDs to search for in the subject DN"}, -{"note":"","property_name":"idp.c14n.saml.proxy.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.saml.proxy.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":"","property_name":"idp.c14n.saml.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.saml.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2slo","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.logout","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.cas","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.status","idp_vers":"all","property_default_value":"Status","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.resolvertest","idp_vers":"all","property_default_value":"ResolverTest","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.serviceReload","idp_vers":"all","property_default_value":"Reload","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":"","property_name":"idp.audit.hashAlgorithm","idp_vers":"4.1","property_default_value":"SHA-256","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Hash algorithm to apply to various hashed fields"}, -{"note":"","property_name":"idp.audit.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Salt to apply to hashed fields must be set to use those fields"}, -{"note":"","property_name":"idp.oidc.issuer","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set the Open ID Connect Issuer value "}, -{"note":"","property_name":"idp.oidc.idToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT1H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of ID token"}, -{"note":"","property_name":"idp.oidc.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token"}, -{"note":"","property_name":"idp.oidc.authorizeCode.defaultLifetime","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of authorization code"}, -{"note":"","property_name":"idp.oidc.refreshToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT2H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of refresh token"}, -{"note":"","property_name":"idp.oidc.forcePKCE","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is required to use PKCE"}, -{"note":"","property_name":"idp.oidc.allowPKCEPlain","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is allowed to use PKCE code challenge method plain"}, -{"note":"","property_name":"idp.oidc.encodedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests"}, -{"note":"","property_name":"idp.oidc.encodeConsentInTokens","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage"}, -{"note":"","property_name":"idp.oidc.alwaysIncludedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to always include in ID token regardless of response_type"}, -{"note":"","property_name":"idp.oidc.deniedUserInfoAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to omit from UserInfo token"}, -{"note":"","property_name":"idp.oidc.revocationCache.authorizeCode.lifetime","idp_vers":"4.1","property_default_value":"PT6H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of entries in revocation cache for authorize code"}, -{"note":"","property_name":"idp.oidc.revocationCache.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of StorageService for revocation cache requires server-side storage"}, -{"note":"","property_name":"idp.oidc.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods"}, -{"note":"","property_name":"idp.oauth2.grantTypes","idp_vers":"4.1","property_default_value":"authorization_code,refresh_token","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"OAuth grant types to allow"}, -{"note":"","property_name":"idp.oauth2.enforceRefreshTokenRotation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token."}, -{"note":"","property_name":"idp.oauth2.accessToken.type","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Format of access token. Supported values are JWT or nothing."}, -{"note":"","property_name":"idp.oauth2.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token"}, -{"note":"","property_name":"idp.oauth2.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token issued to client for resource server"}, -{"note":"","property_name":"idp.oauth2.revocationMethod","idp_vers":"4.1","property_default_value":"CHAIN","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultRegistrationValidity","idp_vers":"4.1","property_default_value":"PT24H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Registration lifetime"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultScope","idp_vers":"4.1","property_default_value":"openid profile email address phone offline_access","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default scopes accepted in dynamic registration"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultSubjectType","idp_vers":"4.1","property_default_value":"public","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default subject type if not set by client in request. Maybe set to pairwise or public."}, -{"note":"","property_name":"idp.oidc.dynreg.defaultMetadataPolicyFile","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Full path to the file containing default metadata policy used for dynamic client registration"}, -{"note":"","property_name":"idp.oidc.dynreg.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods when using dynamic registration"}, -{"note":"","property_name":"idp.signing.oidc.rs.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-rs.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA signing keypair"}, -{"note":"","property_name":"idp.signing.oidc.es.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-es.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK EC signing keypair"}, -{"note":"","property_name":"idp.signing.oidc.rsa.enc.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-encryption-rsa.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA decryption keypair"}, -{"note":"","property_name":"idp.oidc.signing.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.SigningConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default signing configuration"}, -{"note":"","property_name":"idp.oidc.encryption.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.EncryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default encryption configuration"}, -{"note":"","property_name":"idp.oidc.rodecrypt.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectDecryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request decryption configuration"}, -{"note":"one of these has the wrong name","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request signature validation configuration"}, -{"note":"one of these has the wrong name ","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default JWT token validation configuration"}, -{"note":"","property_name":"idp.authn.OAuth2Client.requireAll","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether all validators must succeed or just one"}, -{"note":"","property_name":"idp.authn.OAuth2Client.removeAfterValidation","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)"}, -{"note":"use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.","property_name":"idp.authn.OAuth2Client.retainAsPrivateCredential","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution"}, -{"note":"","property_name":"idp.authn.OAuth2Client.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.OAuth2Client.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.OAuth2Client.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of BiConsumer>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter."}, -{"note":"","property_name":"idp.service.clientinfo.failFast","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"If true any failures during initialization of any resolvers result in IdP startup failure"}, -{"note":"","property_name":"idp.service.clientinfo.checkInterval","idp_vers":"4.1","property_default_value":"PT0S","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"When non-zero enables monitoring of resources for service reload"}, -{"note":"","property_name":"idp.service.clientinfo.resources","idp_vers":"4.1","property_default_value":"shibboleth.ClientInformationResolverResources","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Name of bean used to define the resources to use in configuring this service"}, -{"note":"","property_name":"idp.oauth2.defaultAllowedScope","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function called shibboleth.oidc.AllowedScopeStrategy"}, -{"note":"","property_name":"idp.oauth2.defaultAllowedAudience","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy"}, -{"note":"","property_name":"idp.oauth2.authn.flows","idp_vers":"4.1","property_default_value":"OAuth2Client","property_type":"regex","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regular expression matching OAuth login flows to enable."}, -{"note":"","property_name":"idp.oidc.subject.sourceAttribute","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The source attribute used in generating the sub claim"}, -{"note":"","property_name":"idp.oidc.subject.algorithm","idp_vers":"4.1","property_default_value":"SHA","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The digest algorithm used in generating the sub claim"}, -{"note":"","property_name":"idp.oidc.subject.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository"}, -{"note":"","property_name":"idp.authn.DuoOIDC.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.DuoOIDC.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.DuoOIDC.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.DuoOIDC.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.DuoOIDC.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, -{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.DuoOIDC.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow considers itself to be proxying"}, -{"note":"","property_name":"idp.authn.DuoOIDC.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to invoke IdP-discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.DuoOIDC.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate determining whether flow is usable for request"}, -{"note":"","property_name":"idp.authn.DuoOIDC.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofBiConsumer for subject customization"}, -{"note":"","property_name":"idp.authn.DuoOIDC.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, -{"note":"","property_name":"idp.duo.oidc.apiHost","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"DuoOIDC API hostname assigned to the integration"}, -{"note":"","property_name":"idp.duo.oidc.clientId","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The OAuth 2.0 Client Identifier valid at the Authorization Server"}, -{"note":"ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback","property_name":"idp.duo.oidc.redirectURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Redirection URI to which the 2FA response will be sent"}, -{"note":"","property_name":"idp.duo.oidc.redirecturl.allowedOrigins","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection."}, -{"note":"","property_name":"idp.duo.oidc.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token)."}, -{"note":"","property_name":"idp.duo.oidc.endpoint.health","idp_vers":"4.1","property_default_value":"/oauth/v1/health_check","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 health check endpoint"}, -{"note":"","property_name":"idp.duo.oidc.endpoint.token","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 token endpoint"}, -{"note":"","property_name":"idp.duo.oidc.endpoint.authorize","idp_vers":"4.1","property_default_value":"/oauth/v1/authorize","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 authorization endpoint"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.clockSkew","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Leeway allowed in token expiry calculations"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.iatWindow","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum amount (in either direction from now) of duration for which a token is valid after it is issued"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.issuerPath","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.preferredUsername","idp_vers":"4.1","property_default_value":"preferred_username","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request."}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.authLifetime","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"How long the authentication is valid. Only applies to forced authentication requests."}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.apiHost","idp_vers":"4.1","property_default_value":"%{idp.duo.oidc.apiHost}","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI hostname assigned to the integration"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.integrationKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI integration key supplied by Duo"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI secret key supplied by Duo"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.factor","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Factor","property_type":"strinig","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI factor"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.device","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Device","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI device ID or name"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.passcode","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Passcode","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI passcode"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.auto","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Allow the factor to be defaulted in as \"auto\" if no headers are received"}, -{"note":" push display","property_name":"idp.duo.oidc.nonbrowser.clientAddressTrusted","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Pass client address to Duo in API calls to support logging"}, -{"note":"","property_name":"idp.duo.oidc.connectionTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for the connection to be established"}, -{"note":"","property_name":"idp.duo.oidc.connectionRequestTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for a connection to be returned from the connection manager"}, -{"note":"","property_name":"idp.duo.oidc.socketTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum period inactivity between two consecutive data packets"}, -{"note":"","property_name":"idp.duo.oidc.maxConnectionsTotal","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max total simultaneous connections allowed by the pooling connection manager"}, -{"note":"","property_name":"idp.duo.oidc.maxConnectionsPerRoute","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max simultaneous connections per route allowed by the pooling connection manager"}, -{"note":"","property_name":"idp.duo.oidc.nimbus.checkRevocation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"To enable certificate revocation checking"}, -{"note":"","property_name":"idp.authn.TOTP.headerName","idp_vers":"4.1","property_default_value":"X-Shibboleth-TOTP","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of request header to use for extracting non-browser submitted token codes"}, -{"note":"","property_name":"idp.authn.TOTP.fieldName","idp_vers":"4.1","property_default_value":"tokencode","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of HTML form field to use for locating browser-submitted token codes"}, -{"note":"","property_name":"idp.authn.TOTP.tokenSeedAttribute","idp_vers":"4.1","property_default_value":"tokenSeeds","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of IdPAttribute to resolve to obtain token seeds for users"}, -{"note":"","property_name":"idp.authn.TOTP.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.TOTP.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.TOTP.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.TOTP.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.TOTP.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, -{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.TOTP.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow considers itself to be proxying"}, -{"note":"","property_name":"idp.authn.TOTP.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to invoke IdP-discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.TOTP.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.TOTP.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.TOTP.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.TOTP.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate determining whether flow is usable for request"}, -{"note":"","property_name":"idp.authn.TOTP.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofBiConsumer for subject customization"}, -{"note":"","property_name":"idp.authn.TOTP.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, -{"note":"","property_name":"idp.authn.TOTP.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, -{"note":"","property_name":"idp.metadata.dnsname","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier"}, -{"note":"","property_name":"idp.metadata.backchannel.cert","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.path","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.height","idp_vers":"4.1","property_default_value":"80","property_type":"int","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The height of the logo in pixels."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.width","idp_vers":"4.1","property_default_value":"80","property_type":"init","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The width of the logo in pixels"}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.langs","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.displayname.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.description.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, -{"note":"no doc","property_name":"idp.oidc.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.defaultSecretExpiration","idp_vers":"4.1","property_default_value":"P12M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The validity of client secret registered"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.allowNoneForRequestSigning","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regardless of what signing algorithms are configured allow none for request object signing"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.validateRemoteJwks","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.defaultMetadataPolicy","idp_vers":"4.1","property_default_value":"shibboleth.oidc.dynreg.DefaultMetadataPolicy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine the default metadata policy used for dynamic client registration"}, -{"note":"no doc","property_name":"idp.oidc.jwk.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Storage for storing remote jwk sets."}, -{"note":"no doc","property_name":"idp.oidc.metadata.saml","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution"}, -{"note":"no doc","property_name":"idp.oidc.jwksuri.fetchInterval","idp_vers":"4.1","property_default_value":"PT30M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Upgrade interval to the remote JWKs"}, -{"note":"no doc","property_name":"idp.oidc.config.minRefreshDelay","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, -{"note":"no doc","property_name":"idp.oidc.config.maxRefreshDelay","idp_vers":"4.1","property_default_value":"PT4H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, -{"note":"no doc","property_name":"idp.oidc.LoginHintLookupStrategy","idp_vers":"4.1","property_default_value":"DefaultRequestLoginHintLookupFunction","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is."}, -{"note":"no doc","property_name":"idp.oidc.SPSessionCreationStrategy","idp_vers":"4.1","property_default_value":"DefaultSPSessionCreationStrategy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported."} + { + "property_name": "idp.searchForProperties", + "property_type": "bool", + "property_default_value": true, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Auto-load all files matching conf/**/*.properties", + "note": "" + }, + { + "property_name": "idp.additionalProperties", + "property_type": "Comma-delimited paths", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.", + "note": "ex. /conf/ldap.properties, /conf/services.properties" + }, + { + "property_name": "idp.entityID", + "property_type": "URI", + "property_default_value": "none", + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The unique name of the IdP used as the iisuer in all SAML profiles", + "note": "ex. https://unicon.net/idp/shibboleth" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "resource path", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.artifact.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to allow use of the SAML artifact bindings when sending messages", + "note": "" + }, + { + "property_name": "idp.artifact.secureChannel", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)", + "note": "" + }, + { + "property_name": "idp.artifact.endpointIndex", + "property_type": "int", + "property_default_value": 2, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the endpoint in SAML metadata associated with artifacts issued by a server node", + "note": "" + }, + { + "property_name": "idp.artifact.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)", + "note": "" + }, + { + "property_name": "idp.bindings.inMetadataOrder", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout.", + "note": "" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "file pathname", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.scope", + "property_type": "string", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "applies a (fixed) scope typically a domain-valued suffix to an input attribute's values", + "note": "" + }, + { + "property_name": "idp.cookie.secure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will be limited to TLS", + "note": "" + }, + { + "property_name": "idp.cookie.httpOnly", + "property_type": "bool", + "property_default_value": true, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property", + "note": "" + }, + { + "property_name": "idp.cookie.domain", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the domain of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.path", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the path of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.maxAge", + "property_type": "int", + "property_default_value": 31536000, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)", + "note": "" + }, + { + "property_name": "idp.cookie.sameSite", + "property_type": "Null/None/Lax/Strict", + "property_default_value": "None", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified", + "note": "" + }, + { + "property_name": "idp.cookie.sameSiteCondition", + "property_type": "Bean ID of Predicate", + "property_default_value": "shibboleth.Conditions.FALSE", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Predicate condition bean controlling whether SameSite filter runs", + "note": "" + }, + { + "property_name": "idp.sealer.keyStrategy", + "property_type": "Bean ID of DataSealerKeyStrategy", + "property_default_value": "shibboleth.DataSealerKeyStrategy", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.", + "note": "" + }, + { + "property_name": "idp.sealer.storeType", + "property_type": "string", + "property_default_value": "JCEKS", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Type of Java keystore used for IdP's internal AES encryption key", + "note": "" + }, + { + "property_name": "idp.sealer.updateInterval", + "property_type": "duration", + "property_default_value": "PT15M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time between checks for a new AES key version", + "note": "" + }, + { + "property_name": "idp.sealer.aliasBase", + "property_type": "string", + "property_default_value": "secret", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)", + "note": "" + }, + { + "property_name": "idp.sealer.storeResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore resource containing AES encryption key usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.versionResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource that tracks the active AES encryption key version usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.storePassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore password unlocking AES encryption keystore typically set during installation", + "note": "" + }, + { + "property_name": "idp.sealer.keyPassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Key password unlocking AES encryption key typically set to the same as the previous property and set during installation", + "note": "" + }, + { + "property_name": "idp.signing.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing private key for signing typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.signing.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a private key for decryption typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate private key for decryption generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.encryption.cert.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate public key certificate generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.security.config", + "property_type": "Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)", + "property_default_value": "shibboleth.DefaultSecurityConfiguration", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SecurityConfiguration", + "note": "" + }, + { + "property_name": "idp.signing.config", + "property_type": "Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.SigningConfiguration.SHA256", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SignatureSigningConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.config", + "property_type": "Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.EncryptionConfiguration.CBC", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default EncryptionConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.optional", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true failure to locate an encryption key to use won't result in request failure", + "note": "" + }, + { + "property_name": "idp.encryption.keyagreement.metadata.defaultUseKeyWrap", + "property_type": "string", + "property_default_value": "Default", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration", + "note": "" + }, + { + "property_name": "idp.trust.signatures", + "property_type": "Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)", + "property_default_value": "shibboleth.ChainingSignatureTrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify signatures", + "note": "" + }, + { + "property_name": "idp.trust.certificates", + "property_type": "Bean ID of TrustEngine (org.opensaml.security.trust)", + "property_default_value": "shibboleth.ChainingX509TrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify TLS certificates", + "note": "" + }, + { + "property_name": "idp.policy.messageLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped messages", + "note": "" + }, + { + "property_name": "idp.policy.assertionLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped assertions", + "note": "" + }, + { + "property_name": "idp.policy.clockSkew", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default allowance for clock differences between systems", + "note": "" + }, + { + "property_name": "idp.security.basicKeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.BasicKeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the BasicKeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.security.x509KeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.X509KeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the X509KeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.csrf.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Enables CSRF protection", + "note": "" + }, + { + "property_name": "idp.csrf.token.parameter", + "property_type": "string", + "property_default_value": "csrf_token", + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Name of the HTTP parameter that stores the CSRF token", + "note": "" + }, + { + "property_name": "idp.hsts", + "property_type": "string", + "property_default_value": "max-age=0", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an HSTS response header", + "note": "" + }, + { + "property_name": "idp.frameoptions", + "property_type": "DENY/SAMEORIGIN", + "property_default_value": "DENY", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an X-Frame-Options response header", + "note": "" + }, + { + "property_name": "idp.csp", + "property_type": "string", + "property_default_value": "frame-ancestors 'none'", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures a Content Security Policy response header", + "note": "" + }, + { + "property_name": "idp.webflows", + "property_type": "resource path", + "property_default_value": "%{idp.home}/flows", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-supplied webflows from", + "note": "" + }, + { + "property_name": "idp.views", + "property_type": "Comma-delimited paths", + "property_default_value": "%{idp.home}/views", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading.", + "note": "" + }, + { + "property_name": "idp.errors.detailed", + "property_type": "bool", + "property_default_value": false, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to expose detailed error causes in status information provided to outside parties", + "note": "" + }, + { + "property_name": "idp.errors.signed", + "property_type": "bool", + "property_default_value": true, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)", + "note": "" + }, + { + "property_name": "idp.errors.defaultView", + "property_type": "string", + "property_default_value": "error", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The default view name to render for exceptions and events", + "note": "" + }, + { + "property_name": "idp.errors.excludedExceptions", + "property_type": "Bean ID of Properties (java.util.Properties)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class).", + "note": "" + }, + { + "property_name": "idp.errors.exceptionMappings", + "property_type": "Bean ID of Collection (java.util)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)", + "note": "" + }, + { + "property_name": "idp.storage.cleanupInterval", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Interval of background thread sweeping server-side storage for expired records", + "note": "" + }, + { + "property_name": "idp.storage.htmlLocalStorage", + "property_type": "bool", + "property_default_value": false, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use HTML Local Storage (if available) instead of cookies", + "note": "" + }, + { + "property_name": "idp.storage.clientSessionStorageName", + "property_type": "string", + "property_default_value": "shib_idp_session_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default per-session instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.storage.clientPersistentStorageName", + "property_type": "string", + "property_default_value": "shib_idp_persistent_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default persistent instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.replayCache.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for message replay checking (must be server-side)", + "note": "" + }, + { + "property_name": "idp.replayCache.strict", + "property_type": "bool", + "property_default_value": true, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether storage errors during replay checks should be treated as a replay", + "note": "" + }, + { + "property_name": "idp.session.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to enable the IdP's session tracking feature", + "note": "" + }, + { + "property_name": "idp.session.StorageService", + "property_type": "Bean ID of StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.ClientSessionStorageService", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean name of a storage implementation/configuration to use for IdP sessions", + "note": "" + }, + { + "property_name": "idp.session.cookieName", + "property_type": "string", + "property_default_value": "shib_idp_session", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)", + "note": "" + }, + { + "property_name": "idp.session.idSize", + "property_type": "int", + "property_default_value": 32, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Number of characters in IdP session identifiers", + "note": "" + }, + { + "property_name": "idp.session.consistentAddress", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to bind IdP sessions to IP addresses", + "note": "" + }, + { + "property_name": "idp.session.consistentAddressCondition", + "property_type": "BiPredicate", + "property_default_value": "Direct string comparison", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A 2-argument predicate that compares a bound session's address to a client address", + "note": "" + }, + { + "property_name": "idp.session.timeout", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Inactivity timeout policy for IdP sessions (must be non-zero)", + "note": "" + }, + { + "property_name": "idp.session.slop", + "property_type": "duration", + "property_default_value": 0, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Extra time after expiration before removing SP sessions in case a logout is invoked", + "note": "" + }, + { + "property_name": "idp.session.maskStorageFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to hide storage failures from users during session cache reads/writes", + "note": "" + }, + { + "property_name": "idp.session.trackSPSessions", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)", + "note": "" + }, + { + "property_name": "idp.session.secondaryServiceIndex", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)", + "note": "" + }, + { + "property_name": "idp.session.defaultSPlifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting", + "note": "" + }, + { + "property_name": "idp.authn.flows", + "property_type": "regex", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Required expression that identifies the login flows to globally enable", + "note": "ex. Password, MA, DUO" + }, + { + "property_name": "idp.authn.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default amount of time to allow reuse prior authentication flows", + "note": "measured since first usage" + }, + { + "property_name": "idp.authn.defaultTimeout", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default inactivity timeout to prevent reuse of prior authentication flows", + "note": "measured since last usage" + }, + { + "property_name": "idp.authn.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication", + "note": "" + }, + { + "property_name": "idp.authn.favorSSO", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to prioritize prior authentication results when an SP requests more than one possible matching method", + "note": "" + }, + { + "property_name": "idp.authn.rpui", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to populate information about the relying party into the tree for user interfaces during login and interceptors", + "note": "" + }, + { + "property_name": "idp.authn.identitySwitchIsError", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session.", + "note": "" + }, + { + "property_name": "idp.authn.discoveryURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose", + "note": "" + }, + { + "property_name": "idp.authn.overrideRequestedAuthnContext", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set.", + "note": "" + }, + { + "property_name": "idp.consent.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientPersistentStorageService", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of storage service used to store users' consent choices", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of attribute-release flow along with system default behavior", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.consentValueMessageCodeSuffix", + "property_type": "string", + "property_default_value": ".text", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix of message property used as value of consent storage records when idp.consent.compareValues is true", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of terms-of-use flow", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.allowDoNotRemember", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether not remembering/storing consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowGlobal", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether consent to any attribute and to any relying party is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowPerAttribute", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether per-attribute consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.compareValues", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute values and terms of use text are stored and compared for equality", + "note": "" + }, + { + "property_name": "idp.consent.maxStoredRecords", + "property_type": "int", + "property_default_value": 10, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.expandedMaxStoredRecords", + "property_type": "int", + "property_default_value": 0, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using larger/server-side storage, 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.storageRecordLifetime", + "property_type": "duration", + "property_default_value": "(v4.0=P1Y,v4.1=infinite)", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "4.x", + "module": "", + "module_vers": "", + "description": "Time in milliseconds to expire consent storage records", + "note": "" + }, + { + "property_name": "idp.logout.elaboration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search metadata for user interface information associated with every service involved in logout propagation", + "note": "" + }, + { + "property_name": "idp.logout.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to require signed logout messages in accordance with the SAML 2.0 standard", + "note": "" + }, + { + "property_name": "idp.logout.promptUser", + "property_type": "Bean ID of Predicate", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session", + "note": "" + }, + { + "property_name": "idp.logout.preserveQuery", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic", + "note": "" + }, + { + "property_name": "idp.logout.assumeAsync", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints", + "note": "" + }, + { + "property_name": "idp.logout.propagationHidden", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user", + "note": "" + }, + { + "property_name": "idp.soap.httpClient", + "property_type": "Bean ID of HttpClient to use for SOAP-based logout", + "property_default_value": "SOAPClient.HttpClient", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)", + "note": "" + }, + { + "property_name": "idp.ui.fallbackLanguages", + "property_type": "Comma-delimited list", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "languages to use if no match can be found with the browser-supported languages", + "note": "ex. en, fr, de" + }, + { + "property_name": "idp.cas.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)", + "note": "" + }, + { + "property_name": "idp.cas.serviceRegistryClass", + "property_type": "?", + "property_default_value": "net.shibboleth.idp.cas.service.PatternServiceRegistry", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "CAS service registry implementation class", + "note": "" + }, + { + "property_name": "idp.cas.relyingPartyIdFromMetadata", + "property_type": "bool", + "property_default_value": false, + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true CAS services provisioned with SAML metadata are identified via entityID", + "note": "" + }, + { + "property_name": "idp.fticks.federation", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Enables F-TICKS output and specifies the value of the federation-identifier field", + "note": "" + }, + { + "property_name": "idp.fticks.condition", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean name of a Predicate to use to decide whether to run", + "note": "" + }, + { + "property_name": "idp.fticks.algorithm", + "property_type": "string", + "property_default_value": "SHA-2", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Digest algorithm used to obscure usernames", + "note": "" + }, + { + "property_name": "idp.fticks.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A salt to apply when digesting usernames (if not specified, the username will not be included)", + "note": "" + }, + { + "property_name": "idp.fticks.loghost", + "property_type": "string", + "property_default_value": "localhost", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog host", + "note": "" + }, + { + "property_name": "idp.fticks.logport", + "property_type": "int", + "property_default_value": 514, + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog port", + "note": "" + }, + { + "property_name": "idp.audit.shortenBindings", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set false if you want SAML bindings \"spelled out\" in audit log", + "note": "" + }, + { + "property_name": "idp.velocity.runtime.strictmode", + "property_type": "bool", + "property_default_value": false, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set to true to fail on velocity syntax errors", + "note": "" + }, + { + "property_name": "idp.intercept.External.externalPath", + "property_type": "path", + "property_default_value": "contextRelative:intercept.jsp", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Path to use with External interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.generalPolicy", + "property_type": "Policy ID", + "property_default_value": "GeneralImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.specificPolicy", + "property_type": "Policy ID", + "property_default_value": "SpecificImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.authenticator", + "property_type": "string", + "property_default_value": "anonSearchAuthenticator", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.ldapURL", + "property_type": "LDAP URI", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection URI for LDAP directory", + "note": "ex. ldap://localhost or ldaps://localhost" + }, + { + "property_name": "idp.authn.LDAP.useStartTLS", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether StartTLS should be used after connecting with LDAP alone.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for the TCP connection to occur.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.responseTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for an LDAP response message", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectionStrategy", + "property_type": "string", + "property_default_value": "ACTIVE_PASSIVE", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.sslConfig", + "property_type": "string", + "property_default_value": "certificateTrust", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.trustCertificates", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load trust anchors from when using sslConfig = certificateTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.crt" + }, + { + "property_name": "idp.authn.LDAP.trustStore", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.truststore" + }, + { + "property_name": "idp.authn.LDAP.returnAttributes", + "property_type": "comma-seperated strings", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to request during authentication", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.baseDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.subtreeSearch", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.userFilter", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDNCredential", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.dnFormat", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator", + "note": "ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryOnFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryWithBindDN", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordPolicy", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Policy Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordExpiration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Expired Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.activeDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.freeIPADirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.eDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.disablePooling", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether connection pools should be used for LDAP authentication and DN resolution", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.minSize", + "property_type": "int", + "property_default_value": 3, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Minimum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.maxSize", + "property_type": "int", + "property_default_value": 10, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateOnCheckout", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections when checking them out of the pool", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriodically", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections in the background", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between validation if idp.pool.LDAP.validatePeriodically is true", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "DN to search with the validateFilter: defaults to the rootDSE", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateFilter", + "property_type": "string", + "property_default_value": "(objectClass=*)", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Search filter to execute in order to validate a pooled connection", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.prunePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between looking for idle connections to reduce the pool back to its minimum size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.idleTime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration connections must be idle to be eligible for pruning", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.blockWaitTime", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration to wait for a free connection in the pool", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindPoolPassivator", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind.", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfigNames", + "property_type": "string", + "property_default_value": "ShibUserPassAuth", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited set of JAAS application configuration names to use", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfig", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/authn/jaas.config", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Location of JAAS configuration file", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.refreshConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.preserveTicket", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.servicePrincipal", + "property_type": "string", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.keytab", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal", + "note": "" + }, + { + "property_name": "idp.authn.External.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.External.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.External.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.External.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.External.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.External.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.External.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.External.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.External.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.External.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUser.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkRemoteUser", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to check REMOTE_USER for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkAttributes", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited lists of request attributes to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkHeaders", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of request headers to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to lowercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to uppercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "A regular expression that must match the username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.allowedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to accept while blocking all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.deniedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to deny while accepting all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUserInternal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.externalAuthnPath", + "property_type": "URL path", + "property_default_value": "/Authn/SPNEGO", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Servlet-relative path to the SPNEGO external authentication implementation", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.enforceRun", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to always try to run SPNEGO independent of the user's auto-login setting", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.refreshKrbConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.cookieName", + "property_type": "string", + "property_default_value": "_idp_spnego_autologin", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.2, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Name of cookie used to track auto-login state of client", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SPNEGO.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, saml1/urn:ietf:rfc:1510", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:x509-prompt.jsp", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.X509.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.saveCertificateToCredentialSet", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to save the certificate into the Subject's public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509Internal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.IPAddress.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Function.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Function.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Function.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Function.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Function.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.apiHost", + "property_type": "URL", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb API hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.applicationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, \"Generate an akey\".", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.apiHost", + "property_type": "URL", + "property_default_value": "${idp.duo.apiHost}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.factor", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Allow the factor to be defaulted to auto if no headers are received", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.authn.Duo.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Duo.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Duo.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Duo.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.externalAuthnPath", + "property_type": "url path", + "property_default_value": "servletRelative:/Authn/SAML2/POST/SSO", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the IdP's AssertionConsumerService", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyEntityID", + "property_type": "string", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Statically-defined entityID of IdP to use for authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.outboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run just prior to AuthnRequest signing/encoding step", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run at the late stages of Response decoding/processing", + "note": "" + }, + { + "property_name": "idp.authn.SAML.assertionValidator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of AssertionValidator to run", + "note": "" + }, + { + "property_name": "idp.authn.SAML.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SAML.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SAML.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SAML.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.validateLoginTransitions", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions", + "note": "" + }, + { + "property_name": "idp.authn.MFA.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.MFA.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.MFA.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.MFA.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.transientId.generator", + "property_type": "Bean ID of a TransientIdGenerationStrategy", + "property_default_value": "shibboleth.CryptoTransientIdGenerator", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for generating transient IDs", + "note": "" + }, + { + "property_name": "idp.nameid.saml2.default", + "property_type": "URI", + "property_default_value": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.nameid.saml1.default", + "property_type": "URI", + "property_default_value": "urn:mace:shibboleth:1.0:nameIdentifier", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.persistentId.generator", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for sourcing persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.dataSource", + "property_type": "Bean ID of a JDBC DataSource", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a data source for storage-based management of persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.computed", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a strategy plugin to use to generate the first persistent identifier for each subject", + "note": "used to migrate from the computed to stored strategies: can be null" + }, + { + "property_name": "idp.persistentId.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable", + "note": "" + }, + { + "property_name": "idp.persistentId.useUnfilteredAttributes", + "property_type": "boolean", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether or not the previous property has access to unreleased attributes", + "note": "" + }, + { + "property_name": "idp.persistentId.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A secret salt for the hash when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encodedSalt", + "property_type": "Base64-encoded String", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "An encoded form of the persistentId.salt", + "note": "" + }, + { + "property_name": "idp.persistentId.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The hash algorithm used when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encoding", + "property_type": "string", + "property_default_value": "BASE64", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64", + "note": "" + }, + { + "property_name": "idp.persistentId.exceptionMap", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ComputedIdExceptionMap", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services", + "note": "" + }, + { + "property_name": "idp.persistentId.queryTimeout", + "property_type": "duration", + "property_default_value": "PT5S", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Query timeout for database access", + "note": "" + }, + { + "property_name": "idp.persistentId.transactionRetries", + "property_type": "int", + "property_default_value": 3, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Number of retries in the event database locking bugs cause retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.retryableErrors", + "property_type": "string", + "property_default_value": "23000,23505", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "List of error strings to identify as retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.verifyDatabase", + "property_type": "bool", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.", + "note": "" + }, + { + "property_name": "idp.persistentId.tableName", + "property_type": "string", + "property_default_value": "shibpid", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the name of the table in the database", + "note": "" + }, + { + "property_name": "idp.persistentId.localEntityColumn", + "property_type": "string", + "property_default_value": "localEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerEntityColumn", + "property_type": "string", + "property_default_value": "peerEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.principalNameColumn", + "property_type": "string", + "property_default_value": "principalName", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.sourceIdColumn", + "property_type": "string", + "property_default_value": "localId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.persistentIdColumn", + "property_type": "string", + "property_default_value": "persistentId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerProvidedIdColumn", + "property_type": "string", + "property_default_value": "peerProvidedId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.createTimeColumn", + "property_type": "string", + "property_default_value": "creationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.deactivationTimeColumn", + "property_type": "string", + "property_default_value": "deactivationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.service.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set default fail-fast behavior of all services unless overridden by service", + "note": "" + }, + { + "property_name": "idp.service.logging.resource", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/logback.xml", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Logging configuration resource to use (the reloadable service ID is shibboleth.LoggingService)", + "note": "" + }, + { + "property_name": "idp.service.logging.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if logging configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.logging.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.RelyingPartyResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for RelyingPartyConfiguration", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if RelyingPartyConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to RelyingPartyConfiguration and reload service. A value of 0 indicates that the relying party configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.ignoreUnmappedEntityAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "See MetadataDrivenConfiguration SAML Attribute Name Format Usage", + "note": "" + }, + { + "property_name": "idp.service.metadata.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MetadataResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for MetadataConfiguration", + "note": "" + }, + { + "property_name": "idp.service.metadata.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if MetadataConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.metadata.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.metadata.enableByReferenceFilters", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeRegistryConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeRegistryConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.encodeType", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeResolverConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeResolverConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.stripNulls", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invisible to dependant attribute definitions) use a SimpleAttributeDefinition and specify ignoreNullValues", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.suppressDisplayInfo", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so there should be no reason to revert this behavior unless using third party software which expect the IdPAttribute DisplayName and DisplayDescriptions to be pre-populated", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeFilterResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeFilterConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeFilterConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.NameIdentifierGenerationResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for NameIDGenerationConfiguration", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if NameIDGenerationConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to NameIDGenerationConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.access.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AccessControlResource", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AccessControlConfiguration", + "note": "" + }, + { + "property_name": "idp.service.access.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AccessControlConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.access.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AccessControlConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.CASServiceRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for CASServiceRegistry configuration", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if CASServiceRegistry configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice CASServiceRegistry configuration changes and reload service", + "note": "" + }, + { + "property_name": "idp.service.managedBean.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ManagedBeanResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for ManagedBeanConfiguration", + "note": "" + }, + { + "property_name": "idp.service.managedBean.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if ManagedBeanConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.managedBean.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice ManagedBeanConfiguration changes and reload service", + "note": "" + }, + { + "property_name": "idp.message.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MessageSourceResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying Spring message property resources", + "note": "" + }, + { + "property_name": "idp.message.cacheSeconds", + "property_type": "int", + "property_default_value": 300, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Seconds between reloads of message property resources", + "note": "" + }, + { + "property_name": "idp.status.logging", + "property_type": "string", + "property_default_value": "Status", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.status.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.status.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.status.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.status.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.logging", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.reload.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.reload.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.reload.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.logging", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.resolvertest.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.resolvertest.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.resolvertest.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.logging", + "property_type": "string", + "property_default_value": "MetadataQuery", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.mdquery.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.mdquery.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.mdquery.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.logging", + "property_type": "string", + "property_default_value": "Metrics", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.metrics.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.metrics.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.logging", + "property_type": "string", + "property_default_value": "Hello", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.hello.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByAdminUser", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.hello.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.hello.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.resolveAttributes", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.logging", + "property_type": "string", + "property_default_value": "Lockout", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.lockout.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.lockout.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.lockout.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.logging", + "property_type": "string", + "property_default_value": "Storage", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.storage.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.storage.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.storage.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.storage.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.logging", + "property_type": "string", + "property_default_value": "UnlockKeys", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.unlock-keys.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.unlock-keys.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.unlock-keys.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.c14n.simple.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributesToResolve", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributeSourceIds", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolveFromSubject", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolutionCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone", + "note": "" + }, + { + "property_name": "idp.c14n.x500.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.subjectAltNameTypes", + "property_type": "List", + "property_default_value": "none", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of subjectAltName extension types to look for", + "note": "" + }, + { + "property_name": "idp.c14n.x500.objectIDs", + "property_type": "List", + "property_default_value": "2.5.4.3", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attribute OIDs to search for in the subject DN", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.service.logging.saml1sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2slo", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.logout", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.cas", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.status", + "property_type": "string", + "property_default_value": "Status", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.resolvertest", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.serviceReload", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.audit.hashAlgorithm", + "property_type": "string", + "property_default_value": "SHA-256", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Hash algorithm to apply to various hashed fields", + "note": "" + }, + { + "property_name": "idp.audit.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Salt to apply to hashed fields must be set to use those fields", + "note": "" + }, + { + "property_name": "idp.oidc.issuer", + "property_type": "URL", + "property_default_value": "none", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set the Open ID Connect Issuer value", + "note": "" + }, + { + "property_name": "idp.oidc.idToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT1H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of ID token", + "note": "" + }, + { + "property_name": "idp.oidc.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token", + "note": "" + }, + { + "property_name": "idp.oidc.authorizeCode.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of authorization code", + "note": "" + }, + { + "property_name": "idp.oidc.refreshToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of refresh token", + "note": "" + }, + { + "property_name": "idp.oidc.forcePKCE", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is required to use PKCE", + "note": "" + }, + { + "property_name": "idp.oidc.allowPKCEPlain", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is allowed to use PKCE code challenge method plain", + "note": "" + }, + { + "property_name": "idp.oidc.encodedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests", + "note": "" + }, + { + "property_name": "idp.oidc.encodeConsentInTokens", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage", + "note": "" + }, + { + "property_name": "idp.oidc.alwaysIncludedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to always include in ID token regardless of response_type", + "note": "" + }, + { + "property_name": "idp.oidc.deniedUserInfoAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to omit from UserInfo token", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.authorizeCode.lifetime", + "property_type": "duration", + "property_default_value": "PT6H", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of entries in revocation cache for authorize code", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of StorageService for revocation cache requires server-side storage", + "note": "" + }, + { + "property_name": "idp.oidc.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods", + "note": "" + }, + { + "property_name": "idp.oauth2.grantTypes", + "property_type": "Collection", + "property_default_value": "authorization_code,refresh_token", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "OAuth grant types to allow", + "note": "" + }, + { + "property_name": "idp.oauth2.enforceRefreshTokenRotation", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.type", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Format of access token. Supported values are JWT or nothing.", + "note": "" + }, + { + "property_name": "idp.oauth2.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token issued to client for resource server", + "note": "" + }, + { + "property_name": "idp.oauth2.revocationMethod", + "property_type": "string", + "property_default_value": "CHAIN", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultRegistrationValidity", + "property_type": "duration", + "property_default_value": "PT24H", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Registration lifetime", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultScope", + "property_type": "string", + "property_default_value": "openid profile email address phone offline_access", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default scopes accepted in dynamic registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultSubjectType", + "property_type": "string", + "property_default_value": "public", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default subject type if not set by client in request. Maybe set to pairwise or public.", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultMetadataPolicyFile", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "OPMetadataPolicies", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Full path to the file containing default metadata policy used for dynamic client registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods when using dynamic registration", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rs.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-rs.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.es.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-es.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK EC signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rsa.enc.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-encryption-rsa.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA decryption keypair", + "note": "" + }, + { + "property_name": "idp.oidc.signing.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.SigningConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default signing configuration", + "note": "" + }, + { + "property_name": "idp.oidc.encryption.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.EncryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default encryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rodecrypt.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectDecryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request decryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request signature validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default JWT token validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.authn.OAuth2Client.requireAll", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether all validators must succeed or just one", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.removeAfterValidation", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.retainAsPrivateCredential", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution", + "note": "use with caution as it retains the password and makes it available in plaintext from within server memory at various stages." + }, + { + "property_name": "idp.authn.OAuth2Client.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.OAuth2Client.supportedPrincipals", + "property_type": "string", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.oidc.ResponseHeaderFilter", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ResponseHeaderFilter", + "config_category": "OPCustomFilterRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.template", + "property_type": "resource path", + "property_default_value": "%{idp.home}/static/openid-configuration.json", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Location of discovery template to use", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.resolver", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.DefaultOpenIdConfigurationResolver", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Implementation bean for discovery shouldn't require alteration", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.logging", + "property_type": "string", + "property_default_value": "IssueRegistrationAccessToken", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Audit logging label for this profile", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.nonBrowserSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Enables support for non-browser-based authentication", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to enable user authentication for requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to resolve attributes if authentication is enabled", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.defaultTokenLifetime", + "property_type": "duration", + "property_default_value": "P1D", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Default access token lifetime if not specified", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to all requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyLocationPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyLocation", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.clientIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a clientId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.lookup.policy", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "If true any failures during initialization of any resolvers result in IdP startup failure", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.checkInterval", + "property_type": "duration", + "property_default_value": "PT0S", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "When non-zero enables monitoring of resources for service reload", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientInformationResolverResources", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of bean used to define the resources to use in configuring this service", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedScope", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function called shibboleth.oidc.AllowedScopeStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedAudience", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.authn.flows", + "property_type": "regex", + "property_default_value": "OAuth2Client", + "config_category": "OPClientAuthentication", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regular expression matching OAuth login flows to enable.", + "note": "" + }, + { + "property_name": "idp.oidc.subject.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The source attribute used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The digest algorithm used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.DuoOIDC.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.oidc.apiHost", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "DuoOIDC API hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.clientId", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The OAuth 2.0 Client Identifier valid at the Authorization Server", + "note": "" + }, + { + "property_name": "idp.duo.oidc.redirectURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Redirection URI to which the 2FA response will be sent", + "note": "ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback" + }, + { + "property_name": "idp.duo.oidc.redirecturl.allowedOrigins", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.health", + "property_type": "string", + "property_default_value": "/oauth/v1/health_check", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 health check endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.token", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 token endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.authorize", + "property_type": "string", + "property_default_value": "/oauth/v1/authorize", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 authorization endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.clockSkew", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Leeway allowed in token expiry calculations", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.iatWindow", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Maximum amount (in either direction from now) of duration for which a token is valid after it is issued", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.issuerPath", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.preferredUsername", + "property_type": "string", + "property_default_value": "preferred_username", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.authLifetime", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "How long the authentication is valid. Only applies to forced authentication requests.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.apiHost", + "property_type": "string", + "property_default_value": "%{idp.duo.oidc.apiHost}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI integration key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI secret key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.factor", + "property_type": "strinig", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Allow the factor to be defaulted in as \"auto\" if no headers are received", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Pass client address to Duo in API calls to support logging", + "note": "push display" + }, + { + "property_name": "idp.duo.oidc.connectionTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for the connection to be established", + "note": "" + }, + { + "property_name": "idp.duo.oidc.connectionRequestTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for a connection to be returned from the connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.socketTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum period inactivity between two consecutive data packets", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsTotal", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max total simultaneous connections allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsPerRoute", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max simultaneous connections per route allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nimbus.checkRevocation", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "To enable certificate revocation checking", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.headerName", + "property_type": "string", + "property_default_value": "X-Shibboleth-TOTP", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of request header to use for extracting non-browser submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.fieldName", + "property_type": "string", + "property_default_value": "tokencode", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of HTML form field to use for locating browser-submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.tokenSeedAttribute", + "property_type": "string", + "property_default_value": "tokenSeeds", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of IdPAttribute to resolve to obtain token seeds for users", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.TOTP.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.metadata.dnsname", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier", + "note": "" + }, + { + "property_name": "idp.metadata.backchannel.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.path", + "property_type": "URL", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.height", + "property_type": "int", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The height of the logo in pixels.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.width", + "property_type": "init", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The width of the logo in pixels", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.langs", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.displayname.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.description.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.oidc.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.defaultSecretExpiration", + "property_type": "duration", + "property_default_value": "P12M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The validity of client secret registered", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.allowNoneForRequestSigning", + "property_type": "bool", + "property_default_value": true, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regardless of what signing algorithms are configured allow none for request object signing", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.validateRemoteJwks", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwk.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Storage for storing remote jwk sets.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.metadata.saml", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwksuri.fetchInterval", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Upgrade interval to the remote JWKs", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.minRefreshDelay", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.maxRefreshDelay", + "property_type": "duration", + "property_default_value": "PT4H", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.LoginHintLookupStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultRequestLoginHintLookupFunction", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.SPSessionCreationStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultSPSessionCreationStrategy", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.", + "note": "no doc" + } ] \ No newline at end of file diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 93d9ff1d9..7229a27c3 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,26 +1,99 @@ -import React from 'react'; +import React, { Fragment } from 'react'; import Button from 'react-bootstrap/Button'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; +import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; import Translate from '../../i18n/components/translate'; +import { ToggleButton } from '../../form/component/ToggleButton'; -import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; +import { useProperties, usePropertiesLoading } from '../hoc/PropertiesProvider'; +import { groupBy } from 'lodash'; +import { useCallback } from 'react'; -export function ConfigurationForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { +export function ConfigurationForm({ configuration = {}, errors = [], schema, onSave, onCancel }) { - const { dispatch } = React.useContext(FormContext); - const onChange = ({ formData, errors }) => { - dispatch(setFormDataAction(formData)); - dispatch(setFormErrorAction(errors)); + const properties = useProperties(); + const loading = usePropertiesLoading(); + + const select = (data) => { + console.log(data); + setSelected(data); + }; + + const [selected, setSelected] = React.useState([]); + + const [config, setConfig] = React.useState({ name: '', properties: [] }); + + // config.properties.filter(p => p.category === item.category).length === properties.filter(p => p.category === item.category).length + + const menu = useCallback((results, menuProps, state) => { + let index = 0; + const mapped = results.map(p => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); + const grouped = groupBy(mapped, 'category'); + const items = Object.keys(grouped).sort().map((item) => ( + + {index !== 0 && } + + + {item} - Add all + + + {grouped[item].map((i) => { + const item = + p.propertyName === i.propertyName) }> + + {`- ${i.propertyName}`} + + ; + index += 1; + return item; + })} + + )); + + return {items}; + }, [config.properties]); + + const token = (option, { onRemove }, index) => ( + + {`${option.propertyName}`} + + ); + + const addProperties = (props) => { + + const parsed = props.reduce((coll, prop, idx) => { + if (prop.isCategory) { + return [...coll, ...properties.filter(p => p.category === prop.category)]; + } else { + return [...coll, prop]; + } + }, []); + + setConfig({ + ...config, + properties: [ + ...config.properties, + ...parsed, + ] + }); + setSelected([]); }; + React.useEffect(() => console.log(selected), [selected]); + return (<>
+
+
+
+
+
+
+ + + + + + + + + + + {config.properties.map((p, idx) => ( + + + + + + + ))} + +
PropertyCategoryTypeValue
{ p.propertyName }
diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js index 4703cc098..131ec0383 100644 --- a/ui/src/app/admin/container/EditConfiguration.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -3,11 +3,11 @@ import React from 'react'; import { Prompt, useHistory } from 'react-router-dom'; import { useParams } from 'react-router-dom'; import Translate from '../../i18n/components/translate'; -import { useProperties } from '../hooks'; +import { useConfigurations } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; -import { PropertyProvider } from '../hoc/PropertyProvider'; +import { ConfigurationsProvider } from '../hoc/ConfigurationsProvider'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; @@ -22,7 +22,7 @@ export function EditConfiguration() { const history = useHistory(); - const { put, response, loading } = useProperties(); + const { put, response, loading } = useConfigurations(); const [blocking, setBlocking] = React.useState(false); @@ -66,7 +66,7 @@ export function EditConfiguration() {
- + {(property) => {(schema) => @@ -84,7 +84,7 @@ export function EditConfiguration() { }} } - +
diff --git a/ui/src/app/admin/container/NewConfiguration.js b/ui/src/app/admin/container/NewConfiguration.js index 5169954b1..d2ece36a9 100644 --- a/ui/src/app/admin/container/NewConfiguration.js +++ b/ui/src/app/admin/container/NewConfiguration.js @@ -2,7 +2,7 @@ import React from 'react'; import { Prompt, useHistory } from 'react-router-dom'; import Translate from '../../i18n/components/translate'; -import { useProperties } from '../hooks'; +import { useConfiguration } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; import { ConfigurationForm } from '../component/ConfigurationForm'; @@ -10,13 +10,14 @@ import { ConfigurationForm } from '../component/ConfigurationForm'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; +import { PropertiesProvider } from '../hoc/PropertiesProvider'; export function NewConfiguration() { const history = useHistory(); const notifier = useNotificationDispatcher(); const translator = useTranslator(); - const { post, response, loading } = useProperties({}); + const { post, response, loading } = useConfiguration({}); const [blocking, setBlocking] = React.useState(false); @@ -55,24 +56,26 @@ export function NewConfiguration() {
- Add a new property + Create new configuration set
- - {(schema) => - - {(data, errors) => - save(data)} - onCancel={() => cancel()} />} - } - + + + {(schema) => + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + } + +
diff --git a/ui/src/app/admin/hoc/ConfigurationsProvider.js b/ui/src/app/admin/hoc/ConfigurationsProvider.js index 256805cdc..495743cc2 100644 --- a/ui/src/app/admin/hoc/ConfigurationsProvider.js +++ b/ui/src/app/admin/hoc/ConfigurationsProvider.js @@ -1,31 +1,31 @@ import React from 'react'; -import { useProperties } from '../hooks'; +import { useConfigurations } from '../hooks'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; export function ConfigurationsProvider({ children, cache = 'no-cache' }) { - const [properties, setProperties] = React.useState([]); + const [configurations, setConfigurations] = React.useState([]); const notifier = useNotificationDispatcher(); const translator = useTranslator(); - const { get, del, response, loading } = useProperties({ + const { get, del, response, loading } = useConfigurations({ cachePolicy: cache }); - async function loadProperties() { + async function loadConfigurations() { const list = await get(`assets/data/properties.json`); if (response.ok) { - setProperties(list); + setConfigurations(list); } } - async function removeProperty(id) { + async function removeConfiguration(id) { let toast; const resp = await del(`/${id}`); if (response.ok) { - loadProperties(); + loadConfigurations(); toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); } else { toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); @@ -36,7 +36,7 @@ export function ConfigurationsProvider({ children, cache = 'no-cache' }) { } /*eslint-disable react-hooks/exhaustive-deps*/ - React.useEffect(() => { loadProperties() }, []); + React.useEffect(() => { loadConfigurations() }, []); - return (<>{children(properties, removeProperty, loading)}); + return (<>{children(configurations, removeConfiguration, loading)}); } \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js new file mode 100644 index 000000000..55dde0696 --- /dev/null +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -0,0 +1,50 @@ +import React from 'react'; +import useFetch from 'use-http'; +import API_BASE_PATH, { BASE_PATH } from '../../App.constant'; +import has from 'lodash/has'; +import { groupBy } from 'lodash'; + + +const PropertiesContext = React.createContext(); + +const { Provider, Consumer } = PropertiesContext; + +function PropertiesProvider({ children, cache = 'no-cache' }) { + + const [properties, setProperties] = React.useState([]); + + + const { get, response, loading } = useFetch('', { + cachePolicy: cache + }); + + async function loadProperties() { + const list = await get(`${API_BASE_PATH}/shib/properties`); + if (response.ok) { + setProperties(list); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperties() }, []); + + return ({children}); +} + +function useProperties() { + const { properties } = React.useContext(PropertiesContext); + return properties; +} + +function usePropertiesLoading() { + const { loading } = React.useContext(PropertiesContext); + return loading; +} + +export { + PropertiesProvider, + PropertiesContext, + Consumer as PropertiesConsumer, + useProperties, + usePropertiesLoading, +}; diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index 955c510a6..328391778 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -1,7 +1,7 @@ import useFetch from 'use-http'; import isNil from 'lodash/isNil'; import {isValidRegex} from '../core/utility/is_valid_regex'; -import API_BASE_PATH from '../App.constant'; +import API_BASE_PATH, { BASE_PATH } from '../App.constant'; export function useGroups (opts = { cachePolicy: 'no-cache' }) { return useFetch(`${API_BASE_PATH}/admin/groups`, opts); @@ -47,18 +47,18 @@ export function useRoleUiSchema() { return {}; } -export function useProperties (opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/properties`, opts); +export function useConfigurations (opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/configurations`, opts); } -export function useProperty (id, opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/property/${id}`, opts); +export function useConfiguration(id, opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/configuration/${id}`, opts); } -export function usePropertyUiSchema () { +export function useConfigurationUiSchema () { return { description: { 'ui:widget': 'textarea' } }; -} +} \ No newline at end of file diff --git a/ui/src/app/form/component/ToggleButton.js b/ui/src/app/form/component/ToggleButton.js new file mode 100644 index 000000000..d45c04cd4 --- /dev/null +++ b/ui/src/app/form/component/ToggleButton.js @@ -0,0 +1,23 @@ +import Button from 'react-bootstrap/Button'; +import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; +import { faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; + +export function ToggleButton ({ isOpen, onClick, disabled, children }) { + return ( + + ); +} + +export default ToggleButton; \ No newline at end of file diff --git a/ui/src/app/form/component/widgets/OptionWidget.js b/ui/src/app/form/component/widgets/OptionWidget.js index 92fc81b3d..b4ac812c6 100644 --- a/ui/src/app/form/component/widgets/OptionWidget.js +++ b/ui/src/app/form/component/widgets/OptionWidget.js @@ -2,31 +2,17 @@ import React, { useRef } from "react"; import ListGroup from "react-bootstrap/ListGroup"; import Form from "react-bootstrap/Form"; -import Button from 'react-bootstrap/Button'; + import Translate from "../../../i18n/components/translate"; import { InfoIcon } from "../InfoIcon"; import { Typeahead } from 'react-bootstrap-typeahead'; import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; -import { faAsterisk, faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; +import { faAsterisk } from "@fortawesome/free-solid-svg-icons"; import { useTranslator } from "../../../i18n/hooks"; +import { ToggleButton } from '../ToggleButton'; -const ToggleButton = ({ isOpen, onClick, disabled, children }) => ( - -); const OptionWidget = ({ id, diff --git a/ui/src/theme/project/index.scss b/ui/src/theme/project/index.scss index 4e36779c5..6d0de6f9a 100644 --- a/ui/src/theme/project/index.scss +++ b/ui/src/theme/project/index.scss @@ -13,6 +13,7 @@ @import './utility'; @import './notifications'; @import './filters'; +@import './typeahead'; html, body { height: 100%; diff --git a/ui/src/theme/project/typeahead.scss b/ui/src/theme/project/typeahead.scss new file mode 100644 index 000000000..0fca115fa --- /dev/null +++ b/ui/src/theme/project/typeahead.scss @@ -0,0 +1,43 @@ +@import '~react-bootstrap-typeahead/css/Typeahead'; + +.rbt-token-removeable { + cursor: pointer; + padding-right: 21px; +} + +.rbt-token { + background-color: #e7f4ff; + border: 0; + border-radius: .25rem; + color: #007bff; + display: inline-block; + line-height: 1em; + margin: 1px 3px 2px 0; + padding: 4px 7px; + padding-right: 1.8em; + position: relative; + + .rbt-token-remove-button { + bottom: 0; + color: inherit; + font-size: inherit; + font-weight: normal; + opacity: 1; + outline: none; + padding: 3px 7px; + position: absolute; + right: 0; + text-shadow: none; + top: 0px; + + box-sizing: content-box; + width: 1em; + height: 1em; + padding: .25em .25em; + color: inherit; + background: transparent url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='#007bff' %3e%3cpath d='M.293.293a1 1 0 0 1 1.414 0L8 6.586 14.293.293a1 1 0 1 1 1.414 1.414L9.414 8l6.293 6.293a1 1 0 0 1-1.414 1.414L8 9.414l-6.293 6.293a1 1 0 0 1-1.414-1.414L6.586 8 .293 1.707a1 1 0 0 1 0-1.414z'/%3e%3c/svg%3e") center/1em auto no-repeat; + border: 0; + border-radius: .375rem; + } +} + From f467c5a8504b59947f8a8404c24d646de55fe64c Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 19 Aug 2022 12:31:33 -0700 Subject: [PATCH 18/63] Updated search Former-commit-id: 5bf13c34c4ce658bcce8d2c89677a4622f00dea4 --- .../main/resources/i18n/messages.properties | 7 + ui/public/data/properties.json | 8529 +++++++++++++++-- .../app/admin/component/ConfigurationForm.js | 141 +- .../app/admin/container/EditConfiguration.js | 10 +- .../app/admin/container/NewConfiguration.js | 35 +- .../app/admin/hoc/ConfigurationsProvider.js | 18 +- ui/src/app/admin/hoc/PropertiesProvider.js | 50 + ui/src/app/admin/hooks.js | 14 +- ui/src/app/form/component/ToggleButton.js | 23 + .../form/component/widgets/OptionWidget.js | 20 +- ui/src/theme/project/index.scss | 1 + ui/src/theme/project/typeahead.scss | 43 + 12 files changed, 8171 insertions(+), 720 deletions(-) create mode 100644 ui/src/app/admin/hoc/PropertiesProvider.js create mode 100644 ui/src/app/form/component/ToggleButton.js create mode 100644 ui/src/theme/project/typeahead.scss diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index c225aa4c3..95a496e69 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -78,6 +78,9 @@ action.select-bundle=Select Bundle action.get-latest=Get latest +action.configurations=Shibboleth configurations +action.create-new-configuration=Create Shibboleth configuration set + value.enabled=Enabled value.disabled=Disabled value.current=Current @@ -530,6 +533,10 @@ label.role-name=Role Name label.role-description=Role Description label.role=Role +label.configuration-management=Manage Shibboleth configurations +label.configuration-name=Shibboleth configuration sets +label.new-configuration=Create new configuration set + message.delete-role-title=Delete Role? message.delete-role-body=You are requesting to delete a role. If you complete this process the role will be removed. This cannot be undone. Do you wish to continue? diff --git a/ui/public/data/properties.json b/ui/public/data/properties.json index a022a4fd5..dea2860f5 100644 --- a/ui/public/data/properties.json +++ b/ui/public/data/properties.json @@ -1,659 +1,7874 @@ [ -{"note":"ex. /conf/ldap.properties, /conf/services.properties","property_name":"idp.additionalProperties","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set."}, -{"note":"","property_name":"idp.searchForProperties","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-load all files matching conf/**/*.properties"}, -{"note":"ex. https://unicon.net/idp/shibboleth","property_name":"idp.entityID","idp_vers":"all","property_default_value":"none","property_type":"URI","module_vers":"","configuration_cat":"RP","module":"","description":"The unique name of the IdP used as the iisuer in all SAML profiles"}, -{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, -{"note":"","property_name":"idp.artifact.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether to allow use of the SAML artifact bindings when sending messages"}, -{"note":"","property_name":"idp.artifact.secureChannel","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)"}, -{"note":"","property_name":"idp.artifact.endpointIndex","idp_vers":"all","property_default_value":"2","property_type":"int","module_vers":"","configuration_cat":"RP","module":"","description":"Identifies the endpoint in SAML metadata associated with artifacts issued by a server node"}, -{"note":"","property_name":"idp.artifact.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)"}, -{"note":"","property_name":"idp.bindings.inMetadataOrder","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"RP","module":"","description":"Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout."}, -{"note":"","property_name":"idp.entityID.metadataFile","idp_vers":"all","property_default_value":"%{idp.home}/metadata/idp-metadata.xml","property_type":"file pathname","module_vers":"","configuration_cat":"IDP","module":"","description":"Identifies the file to serve for requests to the IdP's well-known metadata location"}, -{"note":"","property_name":"idp.scope","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"applies a (fixed) scope typically a domain-valued suffix to an input attribute's values"}, -{"note":"","property_name":"idp.cookie.secure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will be limited to TLS"}, -{"note":"","property_name":"idp.cookie.httpOnly","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property"}, -{"note":"","property_name":"idp.cookie.domain","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the domain of any cookies issued by the IdP (not including the container)"}, -{"note":"","property_name":"idp.cookie.path","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the path of any cookies issued by the IdP (not including the container)"}, -{"note":"","property_name":"idp.cookie.maxAge","idp_vers":"all","property_default_value":"31536000","property_type":"int","module_vers":"","configuration_cat":"SEC","module":"","description":"Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)"}, -{"note":"","property_name":"idp.cookie.sameSite","idp_vers":"all","property_default_value":"None","property_type":"Null/None/Lax/Strict","module_vers":"","configuration_cat":"SEC","module":"","description":"Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified"}, -{"note":"","property_name":"idp.cookie.sameSiteCondition","idp_vers":"all","property_default_value":"shibboleth.Conditions.FALSE","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SEC","module":"","description":"Predicate condition bean controlling whether SameSite filter runs"}, -{"note":"","property_name":"idp.sealer.keyStrategy","idp_vers":"all","property_default_value":"shibboleth.DataSealerKeyStrategy","property_type":"Bean ID of DataSealerKeyStrategy","module_vers":"","configuration_cat":"SEC","module":"","description":"Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option."}, -{"note":"","property_name":"idp.sealer.storeType","idp_vers":"all","property_default_value":"JCEKS","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Type of Java keystore used for IdP's internal AES encryption key"}, -{"note":"","property_name":"idp.sealer.updateInterval","idp_vers":"all","property_default_value":"PT15M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Time between checks for a new AES key version"}, -{"note":"","property_name":"idp.sealer.aliasBase","idp_vers":"all","property_default_value":"secret","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)"}, -{"note":"","property_name":"idp.sealer.storeResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore resource containing AES encryption key usually a file path"}, -{"note":"","property_name":"idp.sealer.versionResource","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource that tracks the active AES encryption key version usually a file path"}, -{"note":"","property_name":"idp.sealer.storePassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Keystore password unlocking AES encryption keystore typically set during installation"}, -{"note":"","property_name":"idp.sealer.keyPassword","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Key password unlocking AES encryption key typically set to the same as the previous property and set during installation"}, -{"note":"","property_name":"idp.signing.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing private key for signing typically a file in the credentials directory"}, -{"note":"","property_name":"idp.signing.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.key","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a private key for decryption typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.cert","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory"}, -{"note":"","property_name":"idp.encryption.key.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate private key for decryption generally unused except while changing decryption keys"}, -{"note":"","property_name":"idp.encryption.cert.2","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"SEC","module":"","description":"Resource containing an alternate public key certificate generally unused except while changing decryption keys"}, -{"note":"","property_name":"idp.security.config","idp_vers":"all","property_default_value":"shibboleth.DefaultSecurityConfiguration","property_type":"Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SecurityConfiguration "}, -{"note":"","property_name":"idp.signing.config","idp_vers":"all","property_default_value":"shibboleth.SigningConfiguration.SHA256","property_type":"Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default SignatureSigningConfiguration"}, -{"note":"","property_name":"idp.encryption.config","idp_vers":"all","property_default_value":"shibboleth.EncryptionConfiguration.CBC","property_type":"Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean supplying the default EncryptionConfiguration"}, -{"note":"","property_name":"idp.encryption.optional","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SEC","module":"","description":"If true failure to locate an encryption key to use won't result in request failure "}, -{"note":"","property_name":"idp.encryption.keyagreement.metadata.defaultUseKeyWrap","idp_vers":"all","property_default_value":"Default","property_type":"string","module_vers":"","configuration_cat":"SEC","module":"","description":"Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration"}, -{"note":"","property_name":"idp.trust.signatures","idp_vers":"all","property_default_value":"shibboleth.ChainingSignatureTrustEngine","property_type":"Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify signatures"}, -{"note":"","property_name":"idp.trust.certificates","idp_vers":"all","property_default_value":"shibboleth.ChainingX509TrustEngine","property_type":"Bean ID of TrustEngine (org.opensaml.security.trust)","module_vers":"","configuration_cat":"SEC","module":"","description":"Name of Spring bean for the trust engine used to verify TLS certificates"}, -{"note":"","property_name":"idp.policy.messageLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped messages"}, -{"note":"","property_name":"idp.policy.assertionLifetime","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default freshness window for accepting timestamped assertions"}, -{"note":"","property_name":"idp.policy.clockSkew","idp_vers":"all","property_default_value":"PT3M","property_type":"duration","module_vers":"","configuration_cat":"SEC","module":"","description":"Default allowance for clock differences between systems"}, -{"note":"","property_name":"idp.security.basicKeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.BasicKeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the BasicKeyInfoGeneratorFactory used by default"}, -{"note":"","property_name":"idp.security.x509KeyInfoFactory","idp_vers":"4.1","property_default_value":"shibboleth.X509KeyInfoGeneratorFactory","property_type":"Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)","module_vers":"","configuration_cat":"SEC","module":"","description":"Overrides the X509KeyInfoGeneratorFactory used by default"}, -{"note":"","property_name":"idp.csrf.enabled","idp_vers":"4","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CSRF","module":"","description":"Enables CSRF protection"}, -{"note":"","property_name":"idp.csrf.token.parameter","idp_vers":"4","property_default_value":"csrf_token","property_type":"string","module_vers":"","configuration_cat":"CSRF","module":"","description":"Name of the HTTP parameter that stores the CSRF token"}, -{"note":"","property_name":"idp.hsts","idp_vers":"all","property_default_value":"max-age=0","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an HSTS response header"}, -{"note":"","property_name":"idp.frameoptions","idp_vers":"all","property_default_value":"DENY","property_type":"DENY/SAMEORIGIN","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures an X-Frame-Options response header"}, -{"note":"","property_name":"idp.csp","idp_vers":"all","property_default_value":"frame-ancestors 'none'","property_type":"string","module_vers":"","configuration_cat":"IDP","module":"","description":"Auto-configures a Content Security Policy response header"}, -{"note":"","property_name":"idp.webflows","idp_vers":"all","property_default_value":"%{idp.home}/flows","property_type":"resource path","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-supplied webflows from"}, -{"note":"","property_name":"idp.views","idp_vers":"all","property_default_value":"%{idp.home}/views","property_type":"Comma-delimited paths","module_vers":"","configuration_cat":"IDP","module":"","description":"Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading."}, -{"note":"","property_name":"idp.errors.detailed","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to expose detailed error causes in status information provided to outside parties"}, -{"note":"","property_name":"idp.errors.signed","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"ERR","module":"","description":"Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)"}, -{"note":"","property_name":"idp.errors.defaultView","idp_vers":"all","property_default_value":"error","property_type":"string","module_vers":"","configuration_cat":"ERR","module":"","description":"The default view name to render for exceptions and events"}, -{"note":"","property_name":"idp.errors.excludedExceptions","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Properties (java.util.Properties)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class)."}, -{"note":"","property_name":"idp.errors.exceptionMappings","idp_vers":"all","property_default_value":"none","property_type":"Bean ID of Collection (java.util)","module_vers":"","configuration_cat":"ERR","module":"","description":"Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)"}, -{"note":"","property_name":"idp.storage.cleanupInterval","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"STOR","module":"","description":"Interval of background thread sweeping server-side storage for expired records"}, -{"note":"","property_name":"idp.storage.htmlLocalStorage","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether to use HTML Local Storage (if available) instead of cookies"}, -{"note":"","property_name":"idp.storage.clientSessionStorageName","idp_vers":"all","property_default_value":"shib_idp_session_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default per-session instance of the client storage service"}, -{"note":"","property_name":"idp.storage.clientPersistentStorageName","idp_vers":"all","property_default_value":"shib_idp_persistent_ss","property_type":"string","module_vers":"","configuration_cat":"STOR","module":"","description":"Name of cookie or HTML storage key used by the default persistent instance of the client storage service"}, -{"note":"","property_name":"idp.replayCache.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID of a StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"STOR","module":"","description":"Storage back-end to use for message replay checking (must be server-side)"}, -{"note":"","property_name":"idp.replayCache.strict","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"STOR","module":"","description":"Whether storage errors during replay checks should be treated as a replay"}, -{"note":"","property_name":"idp.session.enabled","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to enable the IdP's session tracking feature"}, -{"note":"","property_name":"idp.session.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientSessionStorageService","property_type":"Bean ID of StorageService (org.opensaml.storage)","module_vers":"","configuration_cat":"SESS","module":"","description":"Bean name of a storage implementation/configuration to use for IdP sessions"}, -{"note":"","property_name":"idp.session.cookieName","idp_vers":"4.2","property_default_value":"shib_idp_session","property_type":"string","module_vers":"","configuration_cat":"SESS","module":"","description":"Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)"}, -{"note":"","property_name":"idp.session.idSize","idp_vers":"all","property_default_value":"32","property_type":"int","module_vers":"","configuration_cat":"SESS","module":"","description":"Number of characters in IdP session identifiers"}, -{"note":"","property_name":"idp.session.consistentAddress","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to bind IdP sessions to IP addresses"}, -{"note":"","property_name":"idp.session.consistentAddressCondition","idp_vers":"all","property_default_value":"Direct string comparison","property_type":"BiPredicate","module_vers":"","configuration_cat":"SESS","module":"","description":"A 2-argument predicate that compares a bound session's address to a client address"}, -{"note":"","property_name":"idp.session.timeout","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Inactivity timeout policy for IdP sessions (must be non-zero)"}, -{"note":"","property_name":"idp.session.slop","idp_vers":"all","property_default_value":"0","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Extra time after expiration before removing SP sessions in case a logout is invoked"}, -{"note":"","property_name":"idp.session.maskStorageFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to hide storage failures from users during session cache reads/writes"}, -{"note":"","property_name":"idp.session.trackSPSessions","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)"}, -{"note":"","property_name":"idp.session.secondaryServiceIndex","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SESS","module":"","description":"Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)"}, -{"note":"","property_name":"idp.session.defaultSPlifetime","idp_vers":"all","property_default_value":"PT2H","property_type":"duration","module_vers":"","configuration_cat":"SESS","module":"","description":"Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting"}, -{"note":" ex. Password, MA, DUO","property_name":"idp.authn.flows","idp_vers":"all","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Required expression that identifies the login flows to globally enable"}, -{"note":" measured since first usage","property_name":"idp.authn.defaultLifetime","idp_vers":"all","property_default_value":"PT60M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default amount of time to allow reuse prior authentication flows"}, -{"note":" measured since last usage","property_name":"idp.authn.defaultTimeout","idp_vers":"all","property_default_value":"PT30M","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Default inactivity timeout to prevent reuse of prior authentication flows"}, -{"note":"","property_name":"idp.authn.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication"}, -{"note":"","property_name":"idp.authn.favorSSO","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to prioritize prior authentication results when an SP requests more than one possible matching method"}, -{"note":"","property_name":"idp.authn.rpui","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to populate information about the relying party into the tree for user interfaces during login and interceptors"}, -{"note":"","property_name":"idp.authn.identitySwitchIsError","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session."}, -{"note":"","property_name":"idp.authn.discoveryURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose"}, -{"note":"","property_name":"idp.authn.overrideRequestedAuthnContext","idp_vers":"4","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set."}, -{"note":"","property_name":"idp.consent.StorageService","idp_vers":"all","property_default_value":"shibboleth.ClientPersistentStorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of storage service used to store users' consent choices"}, -{"note":"","property_name":"idp.consent.attribute-release.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, -{"note":"","property_name":"idp.consent.attribute-release.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, -{"note":"","property_name":"idp.consent.attribute-release.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of attribute-release flow along with system default behavior"}, -{"note":"","property_name":"idp.consent.attribute-release.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, -{"note":"","property_name":"idp.consent.terms-of-use.userStorageKey","idp_vers":"all","property_default_value":"shibboleth.consent.PrincipalConsentStorageKey","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Name of function used to return the String storage key representing a user defaults to the principal name"}, -{"note":"","property_name":"idp.consent.terms-of-use.userStorageKeyAttribute","idp_vers":"all","property_default_value":"uid","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Attribute whose value is the storage key representing a user"}, -{"note":"","property_name":"idp.consent.terms-of-use.consentValueMessageCodeSuffix","idp_vers":"all","property_default_value":".text","property_type":"string","module_vers":"","configuration_cat":"CONS","module":"","description":"Suffix of message property used as value of consent storage records when idp.consent.compareValues is true"}, -{"note":"","property_name":"idp.consent.terms-of-use.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"CONS","module":"","description":"Optional condition to apply to control activation of terms-of-use flow"}, -{"note":"","property_name":"idp.consent.terms-of-use.auditFormat","idp_vers":"all","property_default_value":"%T|%SP|%e|%u|%CCI|%CCV|%CCA","property_type":"logback","module_vers":"","configuration_cat":"CONS","module":"","description":"Default consent auditing formats"}, -{"note":"","property_name":"idp.consent.allowDoNotRemember","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether not remembering/storing consent is allowed"}, -{"note":"","property_name":"idp.consent.allowGlobal","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether consent to any attribute and to any relying party is allowed"}, -{"note":"","property_name":"idp.consent.allowPerAttribute","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether per-attribute consent is allowed"}, -{"note":"","property_name":"idp.consent.compareValues","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CONS","module":"","description":"Whether attribute values and terms of use text are stored and compared for equality"}, -{"note":"","property_name":"idp.consent.maxStoredRecords","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit"}, -{"note":"","property_name":"idp.consent.expandedMaxStoredRecords","idp_vers":"all","property_default_value":"0","property_type":"int","module_vers":"","configuration_cat":"CONS","module":"","description":"Maximum number of records stored when using larger/server-side storage, 0 = no limit"}, -{"note":"","property_name":"idp.consent.storageRecordLifetime","idp_vers":"4.x","property_default_value":"(v4.0=P1Y,v4.1=infinite)","property_type":"duration","module_vers":"","configuration_cat":"CONS","module":"","description":"Time in milliseconds to expire consent storage records"}, -{"note":"","property_name":"idp.logout.elaboration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to search metadata for user interface information associated with every service involved in logout propagation"}, -{"note":"","property_name":"idp.logout.authenticated","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Whether to require signed logout messages in accordance with the SAML 2.0 standard"}, -{"note":"","property_name":"idp.logout.promptUser","idp_vers":"all","property_default_value":"false","property_type":"Bean ID of Predicate","module_vers":"","configuration_cat":"SLO","module":"","description":"If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session"}, -{"note":"","property_name":"idp.logout.preserveQuery","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic"}, -{"note":"","property_name":"idp.logout.assumeAsync","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints"}, -{"note":"","property_name":"idp.logout.propagationHidden","idp_vers":"4.2","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"SLO","module":"","description":"Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user"}, -{"note":"","property_name":"idp.soap.httpClient","idp_vers":"all","property_default_value":"SOAPClient.HttpClient","property_type":"Bean ID of HttpClient to use for SOAP-based logout","module_vers":"","configuration_cat":"IDP","module":"","description":"Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)"}, -{"note":"ex. en, fr, de","property_name":"idp.ui.fallbackLanguages","idp_vers":"all","property_default_value":"none","property_type":"Comma-delimited list","module_vers":"","configuration_cat":"IDP","module":"","description":"languages to use if no match can be found with the browser-supported languages"}, -{"note":"","property_name":"idp.cas.StorageService","idp_vers":"all","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"","configuration_cat":"CAS","module":"","description":"Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)"}, -{"note":"","property_name":"idp.cas.serviceRegistryClass","idp_vers":"all","property_default_value":"net.shibboleth.idp.cas.service.PatternServiceRegistry","property_type":"?","module_vers":"","configuration_cat":"CAS","module":"","description":"CAS service registry implementation class"}, -{"note":"","property_name":"idp.cas.relyingPartyIdFromMetadata","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"CAS","module":"","description":"If true CAS services provisioned with SAML metadata are identified via entityID"}, -{"note":"","property_name":"idp.fticks.federation","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Enables F-TICKS output and specifies the value of the federation-identifier field"}, -{"note":"","property_name":"idp.fticks.condition","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"FTICK","module":"","description":"Optional bean name of a Predicate to use to decide whether to run"}, -{"note":"","property_name":"idp.fticks.algorithm","idp_vers":"all","property_default_value":"SHA-2","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"Digest algorithm used to obscure usernames"}, -{"note":"","property_name":"idp.fticks.salt","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"A salt to apply when digesting usernames (if not specified, the username will not be included)"}, -{"note":"","property_name":"idp.fticks.loghost","idp_vers":"all","property_default_value":"localhost","property_type":"string","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog host"}, -{"note":"","property_name":"idp.fticks.logport","idp_vers":"all","property_default_value":"514","property_type":"int","module_vers":"","configuration_cat":"FTICK","module":"","description":"The remote syslog port"}, -{"note":"","property_name":"idp.audit.shortenBindings","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"SERV","module":"","description":"Set false if you want SAML bindings \"spelled out\" in audit log"}, -{"note":"","property_name":"idp.velocity.runtime.strictmode","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"IDP","module":"","description":"Set to true to fail on velocity syntax errors"}, -{"note":"","property_name":"idp.intercept.External.externalPath","idp_vers":"all","property_default_value":"contextRelative:intercept.jsp","property_type":"path","module_vers":"","configuration_cat":"IDP","module":"","description":"Path to use with External interceptor flow"}, -{"note":"","property_name":"idp.impersonate.generalPolicy","idp_vers":"all","property_default_value":"GeneralImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, -{"note":"","property_name":"idp.impersonate.specificPolicy","idp_vers":"all","property_default_value":"SpecificImpersonationPolicy","property_type":"Policy ID","module_vers":"","configuration_cat":"IDP","module":"","description":"Policies to use with Impersonate interceptor flow"}, -{"note":"","property_name":"idp.authn.LDAP.authenticator","idp_vers":"all","property_default_value":"anonSearchAuthenticator","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator"}, -{"note":" ex. ldap://localhost or ldaps://localhost","property_name":"idp.authn.LDAP.ldapURL","idp_vers":"all","property_default_value":"none","property_type":"LDAP URI","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection URI for LDAP directory"}, -{"note":"","property_name":"idp.authn.LDAP.useStartTLS","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether StartTLS should be used after connecting with LDAP alone."}, -{"note":"","property_name":"idp.authn.LDAP.connectTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for the TCP connection to occur."}, -{"note":"","property_name":"idp.authn.LDAP.responseTimeout","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Time to wait for an LDAP response message"}, -{"note":"","property_name":"idp.authn.LDAP.connectionStrategy","idp_vers":"all","property_default_value":"ACTIVE_PASSIVE","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM"}, -{"note":"","property_name":"idp.authn.LDAP.sslConfig","idp_vers":"all","property_default_value":"certificateTrust","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust"}, -{"note":"ex. %{idp.home}/credentials/ldap-server.crt","property_name":"idp.authn.LDAP.trustCertificates","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load trust anchors from when using sslConfig = certificateTrust"}, -{"note":"ex. %{idp.home}/credentials/ldap-server.truststore","property_name":"idp.authn.LDAP.trustStore","idp_vers":"all","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"LDAP","module":"","description":"A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust"}, -{"note":"","property_name":"idp.authn.LDAP.returnAttributes","idp_vers":"all","property_default_value":"none","property_type":"comma-seperated strings","module_vers":"","configuration_cat":"LDAP","module":"","description":"List of attributes to request during authentication"}, -{"note":"","property_name":"idp.authn.LDAP.baseDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.subtreeSearch","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.userFilter","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.bindDN","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.bindDNCredential","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties"}, -{"note":"ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com","property_name":"idp.authn.LDAP.dnFormat","idp_vers":"all","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator"}, -{"note":"","property_name":"idp.authn.LDAP.resolveEntryOnFailure","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails."}, -{"note":"","property_name":"idp.authn.LDAP.resolveEntryWithBindDN","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user."}, -{"note":"","property_name":"idp.authn.LDAP.usePasswordPolicy","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Policy Control."}, -{"note":"","property_name":"idp.authn.LDAP.usePasswordExpiration","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to use the Password Expired Control."}, -{"note":"","property_name":"idp.authn.LDAP.activeDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types."}, -{"note":"","property_name":"idp.authn.LDAP.freeIPADirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product."}, -{"note":"","property_name":"idp.authn.LDAP.eDirectory","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product."}, -{"note":"","property_name":"idp.authn.LDAP.disablePooling","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether connection pools should be used for LDAP authentication and DN resolution"}, -{"note":"","property_name":"idp.pool.LDAP.minSize","idp_vers":"all","property_default_value":"3","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Minimum LDAP connection pool size"}, -{"note":"","property_name":"idp.pool.LDAP.maxSize","idp_vers":"all","property_default_value":"10","property_type":"int","module_vers":"","configuration_cat":"LDAP","module":"","description":"Maximum LDAP connection pool size"}, -{"note":"","property_name":"idp.pool.LDAP.validateOnCheckout","idp_vers":"all","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections when checking them out of the pool"}, -{"note":"","property_name":"idp.pool.LDAP.validatePeriodically","idp_vers":"all","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"LDAP","module":"","description":"Whether to validate connections in the background"}, -{"note":"","property_name":"idp.pool.LDAP.validatePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between validation if idp.pool.LDAP.validatePeriodically is true"}, -{"note":"","property_name":"idp.pool.LDAP.validateDN","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"DN to search with the validateFilter: defaults to the rootDSE"}, -{"note":"","property_name":"idp.pool.LDAP.validateFilter","idp_vers":"4.0.1","property_default_value":"(objectClass=*)","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Search filter to execute in order to validate a pooled connection"}, -{"note":"","property_name":"idp.pool.LDAP.prunePeriod","idp_vers":"all","property_default_value":"PT5M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration between looking for idle connections to reduce the pool back to its minimum size"}, -{"note":"","property_name":"idp.pool.LDAP.idleTime","idp_vers":"all","property_default_value":"PT10M","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration connections must be idle to be eligible for pruning"}, -{"note":"","property_name":"idp.pool.LDAP.blockWaitTime","idp_vers":"all","property_default_value":"PT3S","property_type":"duration","module_vers":"","configuration_cat":"LDAP","module":"","description":"Duration to wait for a free connection in the pool"}, -{"note":"","property_name":"idp.authn.LDAP.bindPoolPassivator","idp_vers":"4.0.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"LDAP","module":"","description":"Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind."}, -{"note":"","property_name":"idp.authn.JAAS.loginConfigNames","idp_vers":"4.1","property_default_value":"ShibUserPassAuth","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Comma-delimited set of JAAS application configuration names to use"}, -{"note":"","property_name":"idp.authn.JAAS.loginConfig","idp_vers":"4.1","property_default_value":"%{idp.home}/conf/authn/jaas.config","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Location of JAAS configuration file"}, -{"note":"","property_name":"idp.authn.Krb5.refreshConfig","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt"}, -{"note":"","property_name":"idp.authn.Krb5.preserveTicket","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set"}, -{"note":"","property_name":"idp.authn.Krb5.servicePrincipal","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it"}, -{"note":"","property_name":"idp.authn.Krb5.keytab","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal"}, -{"note":"","property_name":"idp.authn.External.externalAuthnPath","idp_vers":"4.1","property_default_value":"contextRelative:external.jsp","property_type":"string","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Spring Web Flow redirection expression for the protected resource"}, -{"note":"","property_name":"idp.authn.External.matchExpression","idp_vers":"4.1","property_default_value":"none","property_type":"regex","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Regular expression to match username against"}, -{"note":"","property_name":"idp.authn.External.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.External.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.External.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.External.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.External.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, -{"note":"","property_name":"idp.authn.External.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, -{"note":"","property_name":"idp.authn.External.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Whether to invoke IdP discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.External.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.External.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.External.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.External.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.External.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.RemoteUser.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUser.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUser","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.RemoteUserInternal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.RemoteUserInternal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.RemoteUserInternal","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.SPNEGO.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.SPNEGO.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.SPNEGO","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.X509.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.X509.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.X509","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.X509Internal.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.X509Internal.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.IPAddress.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.IPAddress.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.IPAddress","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.Function.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.Function.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.External","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.Duo.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.Duo.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.Duo","description":"Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step"}, -{"note":"","property_name":"idp.authn.SAML.inboundMessageHandlerFunction","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of Function to run at the late stages of Response decoding/processing"}, -{"note":"","property_name":"idp.authn.SAML.assertionValidator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Optional bean ID of AssertionValidator to run"}, -{"note":"","property_name":"idp.authn.SAML.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.SAML.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.SAML.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.SAML.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.SAML.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow enforces upstream IdP imposed restrictions on proxying"}, -{"note":"","property_name":"idp.authn.SAML.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying"}, -{"note":"","property_name":"idp.authn.SAML.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Whether to invoke IdP discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.SAML.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.SAML.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.SAML.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.SAML.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.SAML.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"","description":"Bean ID of BiConsumer controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.MFA.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.MFA.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"","configuration_cat":"AUTHN","module":"idp.authn.MFA","description":"Bean ID of BiConsumer to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone"}, -{"note":"","property_name":"idp.c14n.x500.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.x500.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":"","property_name":"idp.c14n.x500.trim","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to trim leading and trailing whitespace from the username"}, -{"note":"","property_name":"idp.c14n.x500.subjectAltNameTypes","idp_vers":"4.1","property_default_value":"none","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of subjectAltName extension types to look for"}, -{"note":"","property_name":"idp.c14n.x500.objectIDs","idp_vers":"4.1","property_default_value":"2.5.4.3","property_type":"List","module_vers":"","configuration_cat":"C14N","module":"","description":"Comma-delimited list of attribute OIDs to search for in the subject DN"}, -{"note":"","property_name":"idp.c14n.saml.proxy.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.saml.proxy.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":"","property_name":"idp.c14n.saml.lowercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to lowercase the username"}, -{"note":"","property_name":"idp.c14n.saml.uppercase","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"","configuration_cat":"C14N","module":"","description":"Whether to uppercase the username"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml1artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2sso","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2attrquery","idp_vers":"all","property_default_value":"AttributeQuery","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2artifact","idp_vers":"all","property_default_value":"ArtifactResolution","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.saml2slo","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.logout","idp_vers":"all","property_default_value":"Logout","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.cas","idp_vers":"all","property_default_value":"SSO","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.status","idp_vers":"all","property_default_value":"Status","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.resolvertest","idp_vers":"all","property_default_value":"ResolverTest","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":" you can use this to route different kinds of audit records to different destinations based on general function","property_name":"idp.service.logging.serviceReload","idp_vers":"all","property_default_value":"Reload","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Suffix added to audit logging category when various profiles/flows are audited"}, -{"note":"","property_name":"idp.audit.hashAlgorithm","idp_vers":"4.1","property_default_value":"SHA-256","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Hash algorithm to apply to various hashed fields"}, -{"note":"","property_name":"idp.audit.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"","configuration_cat":"SERV","module":"","description":"Salt to apply to hashed fields must be set to use those fields"}, -{"note":"","property_name":"idp.oidc.issuer","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set the Open ID Connect Issuer value "}, -{"note":"","property_name":"idp.oidc.idToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT1H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of ID token"}, -{"note":"","property_name":"idp.oidc.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token"}, -{"note":"","property_name":"idp.oidc.authorizeCode.defaultLifetime","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of authorization code"}, -{"note":"","property_name":"idp.oidc.refreshToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT2H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of refresh token"}, -{"note":"","property_name":"idp.oidc.forcePKCE","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is required to use PKCE"}, -{"note":"","property_name":"idp.oidc.allowPKCEPlain","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether client is allowed to use PKCE code challenge method plain"}, -{"note":"","property_name":"idp.oidc.encodedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests"}, -{"note":"","property_name":"idp.oidc.encodeConsentInTokens","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage"}, -{"note":"","property_name":"idp.oidc.alwaysIncludedAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to always include in ID token regardless of response_type"}, -{"note":"","property_name":"idp.oidc.deniedUserInfoAttributes","idp_vers":"4.1","property_default_value":"none","property_type":"Set","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Specifies IdPAttributes to omit from UserInfo token"}, -{"note":"","property_name":"idp.oidc.revocationCache.authorizeCode.lifetime","idp_vers":"4.1","property_default_value":"PT6H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of entries in revocation cache for authorize code"}, -{"note":"","property_name":"idp.oidc.revocationCache.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of StorageService for revocation cache requires server-side storage"}, -{"note":"","property_name":"idp.oidc.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods"}, -{"note":"","property_name":"idp.oauth2.grantTypes","idp_vers":"4.1","property_default_value":"authorization_code,refresh_token","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"OAuth grant types to allow"}, -{"note":"","property_name":"idp.oauth2.enforceRefreshTokenRotation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token."}, -{"note":"","property_name":"idp.oauth2.accessToken.type","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3.2","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Format of access token. Supported values are JWT or nothing."}, -{"note":"","property_name":"idp.oauth2.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token"}, -{"note":"","property_name":"idp.oauth2.accessToken.defaultLifetime","idp_vers":"4.1","property_default_value":"PT10M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Lifetime of access token issued to client for resource server"}, -{"note":"","property_name":"idp.oauth2.revocationMethod","idp_vers":"4.1","property_default_value":"CHAIN","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultRegistrationValidity","idp_vers":"4.1","property_default_value":"PT24H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Registration lifetime"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultScope","idp_vers":"4.1","property_default_value":"openid profile email address phone offline_access","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default scopes accepted in dynamic registration"}, -{"note":"","property_name":"idp.oidc.dynreg.defaultSubjectType","idp_vers":"4.1","property_default_value":"public","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The default subject type if not set by client in request. Maybe set to pairwise or public."}, -{"note":"","property_name":"idp.oidc.dynreg.defaultMetadataPolicyFile","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Full path to the file containing default metadata policy used for dynamic client registration"}, -{"note":"","property_name":"idp.oidc.dynreg.tokenEndpointAuthMethods","idp_vers":"4.1","property_default_value":"client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt","property_type":"Collection","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The acceptable client authentication methods when using dynamic registration"}, -{"note":"","property_name":"idp.signing.oidc.rs.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-rs.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA signing keypair"}, -{"note":"","property_name":"idp.signing.oidc.es.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-signing-es.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK EC signing keypair"}, -{"note":"","property_name":"idp.signing.oidc.rsa.enc.key","idp_vers":"4.1","property_default_value":"%{idp.home}/credentials/idp-encryption-rsa.jwk","property_type":"JWK file pathname","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"JWK RSA decryption keypair"}, -{"note":"","property_name":"idp.oidc.signing.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.SigningConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default signing configuration"}, -{"note":"","property_name":"idp.oidc.encryption.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.EncryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default encryption configuration"}, -{"note":"","property_name":"idp.oidc.rodecrypt.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectDecryptionConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request decryption configuration"}, -{"note":"one of these has the wrong name","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.requestObjectSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default request signature validation configuration"}, -{"note":"one of these has the wrong name ","property_name":"idp.oidc.rovalid.config","idp_vers":"4.1","property_default_value":"shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Allows override of default JWT token validation configuration"}, -{"note":"","property_name":"idp.authn.OAuth2Client.requireAll","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether all validators must succeed or just one"}, -{"note":"","property_name":"idp.authn.OAuth2Client.removeAfterValidation","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)"}, -{"note":"use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.","property_name":"idp.authn.OAuth2Client.retainAsPrivateCredential","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution"}, -{"note":"","property_name":"idp.authn.OAuth2Client.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.OAuth2Client.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of Predicate determining whether flow is usable for request"}, -{"note":"Subject> for subject customization","property_name":"idp.authn.OAuth2Client.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean ID of BiConsumer>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter."}, -{"note":"","property_name":"idp.service.clientinfo.failFast","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"If true any failures during initialization of any resolvers result in IdP startup failure"}, -{"note":"","property_name":"idp.service.clientinfo.checkInterval","idp_vers":"4.1","property_default_value":"PT0S","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"When non-zero enables monitoring of resources for service reload"}, -{"note":"","property_name":"idp.service.clientinfo.resources","idp_vers":"4.1","property_default_value":"shibboleth.ClientInformationResolverResources","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Name of bean used to define the resources to use in configuring this service"}, -{"note":"","property_name":"idp.oauth2.defaultAllowedScope","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function called shibboleth.oidc.AllowedScopeStrategy"}, -{"note":"","property_name":"idp.oauth2.defaultAllowedAudience","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy"}, -{"note":"","property_name":"idp.oauth2.authn.flows","idp_vers":"4.1","property_default_value":"OAuth2Client","property_type":"regex","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regular expression matching OAuth login flows to enable."}, -{"note":"","property_name":"idp.oidc.subject.sourceAttribute","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The source attribute used in generating the sub claim"}, -{"note":"","property_name":"idp.oidc.subject.algorithm","idp_vers":"4.1","property_default_value":"SHA","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The digest algorithm used in generating the sub claim"}, -{"note":"","property_name":"idp.oidc.subject.salt","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository"}, -{"note":"","property_name":"idp.authn.DuoOIDC.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.DuoOIDC.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.DuoOIDC.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.DuoOIDC.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.DuoOIDC.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, -{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.DuoOIDC.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether the flow considers itself to be proxying"}, -{"note":"","property_name":"idp.authn.DuoOIDC.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to invoke IdP-discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.DuoOIDC.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofPredicate determining whether flow is usable for request"}, -{"note":"","property_name":"idp.authn.DuoOIDC.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Bean ID ofBiConsumer for subject customization"}, -{"note":"","property_name":"idp.authn.DuoOIDC.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, -{"note":"","property_name":"idp.authn.DuoOIDC.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, -{"note":"","property_name":"idp.duo.oidc.apiHost","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"DuoOIDC API hostname assigned to the integration"}, -{"note":"","property_name":"idp.duo.oidc.clientId","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The OAuth 2.0 Client Identifier valid at the Authorization Server"}, -{"note":"ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback","property_name":"idp.duo.oidc.redirectURL","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Redirection URI to which the 2FA response will be sent"}, -{"note":"","property_name":"idp.duo.oidc.redirecturl.allowedOrigins","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection."}, -{"note":"","property_name":"idp.duo.oidc.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token)."}, -{"note":"","property_name":"idp.duo.oidc.endpoint.health","idp_vers":"4.1","property_default_value":"/oauth/v1/health_check","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 health check endpoint"}, -{"note":"","property_name":"idp.duo.oidc.endpoint.token","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 token endpoint"}, -{"note":"","property_name":"idp.duo.oidc.endpoint.authorize","idp_vers":"4.1","property_default_value":"/oauth/v1/authorize","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo's OAuth 2.0 authorization endpoint"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.clockSkew","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Leeway allowed in token expiry calculations"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.iatWindow","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum amount (in either direction from now) of duration for which a token is valid after it is issued"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.issuerPath","idp_vers":"4.1","property_default_value":"/oauth/v1/token","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+"}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.preferredUsername","idp_vers":"4.1","property_default_value":"preferred_username","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request."}, -{"note":"","property_name":"idp.duo.oidc.jwt.verifier.authLifetime","idp_vers":"4.1","property_default_value":"PT60S","property_type":"duration","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"How long the authentication is valid. Only applies to forced authentication requests."}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.apiHost","idp_vers":"4.1","property_default_value":"%{idp.duo.oidc.apiHost}","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI hostname assigned to the integration"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.integrationKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI integration key supplied by Duo"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.secretKey","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Duo AuthAPI secret key supplied by Duo"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.factor","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Factor","property_type":"strinig","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI factor"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.device","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Device","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI device ID or name"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.header.passcode","idp_vers":"4.1","property_default_value":"X-Shibboleth-Duo-Passcode","property_type":"string","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Name of HTTP request header for Duo AuthAPI passcode"}, -{"note":"","property_name":"idp.duo.oidc.nonbrowser.auto","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Allow the factor to be defaulted in as \"auto\" if no headers are received"}, -{"note":" push display","property_name":"idp.duo.oidc.nonbrowser.clientAddressTrusted","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Pass client address to Duo in API calls to support logging"}, -{"note":"","property_name":"idp.duo.oidc.connectionTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for the connection to be established"}, -{"note":"","property_name":"idp.duo.oidc.connectionRequestTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum length of time to wait for a connection to be returned from the connection manager"}, -{"note":"","property_name":"idp.duo.oidc.socketTimeout","idp_vers":"4.1","property_default_value":"PT1M","property_type":"duration","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Maximum period inactivity between two consecutive data packets"}, -{"note":"","property_name":"idp.duo.oidc.maxConnectionsTotal","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max total simultaneous connections allowed by the pooling connection manager"}, -{"note":"","property_name":"idp.duo.oidc.maxConnectionsPerRoute","idp_vers":"4.1","property_default_value":"100","property_type":"int","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"Max simultaneous connections per route allowed by the pooling connection manager"}, -{"note":"","property_name":"idp.duo.oidc.nimbus.checkRevocation","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1 (nimbus)","configuration_cat":"DUOOIDC","module":"idp.authn.DuoOIDC","description":"To enable certificate revocation checking"}, -{"note":"","property_name":"idp.authn.TOTP.headerName","idp_vers":"4.1","property_default_value":"X-Shibboleth-TOTP","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of request header to use for extracting non-browser submitted token codes"}, -{"note":"","property_name":"idp.authn.TOTP.fieldName","idp_vers":"4.1","property_default_value":"tokencode","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of HTML form field to use for locating browser-submitted token codes"}, -{"note":"","property_name":"idp.authn.TOTP.tokenSeedAttribute","idp_vers":"4.1","property_default_value":"tokenSeeds","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Name of IdPAttribute to resolve to obtain token seeds for users"}, -{"note":"","property_name":"idp.authn.TOTP.order","idp_vers":"4.1","property_default_value":"1000","property_type":"int","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Flow priority relative to other enabled login flows (lower is \"higher\" in priority)"}, -{"note":"","property_name":"idp.authn.TOTP.nonBrowserSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow should handle non-browser request profiles (e.g., ECP)"}, -{"note":"","property_name":"idp.authn.TOTP.passiveAuthenticationSupported","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow allows for passive authentication"}, -{"note":"","property_name":"idp.authn.TOTP.forcedAuthenticationSupported","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow supports forced authentication"}, -{"note":"","property_name":"idp.authn.TOTP.proxyRestrictionsEnforced","idp_vers":"4.1","property_default_value":"%{idp.authn.enforceProxyRestrictions:true}","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow enforces upstream IdP-imposed restrictions on proxying"}, -{"note":" and therefore enforces SP-signaled restrictions on proxying","property_name":"idp.authn.TOTP.proxyScopingEnforced","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether the flow considers itself to be proxying"}, -{"note":"","property_name":"idp.authn.TOTP.discoveryRequired","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to invoke IdP-discovery prior to running flow"}, -{"note":"","property_name":"idp.authn.TOTP.lifetime","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultLifetime:PT1H}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Lifetime of results produced by this flow"}, -{"note":"","property_name":"idp.authn.TOTP.inactivityTimeout","idp_vers":"4.1","property_default_value":"%{idp.authn.defaultTimeout:PT30M}","property_type":"duration","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Inactivity timeout of results produced by this flow"}, -{"note":"","property_name":"idp.authn.TOTP.reuseCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate controlling result reuse for SSO"}, -{"note":"","property_name":"idp.authn.TOTP.activationCondition","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofPredicate determining whether flow is usable for request"}, -{"note":"","property_name":"idp.authn.TOTP.subjectDecorator","idp_vers":"4.1","property_default_value":"none","property_type":"Bean ID","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Bean ID ofBiConsumer for subject customization"}, -{"note":"","property_name":"idp.authn.TOTP.supportedPrincipals","idp_vers":"4.1","property_default_value":"saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken","property_type":"string","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Comma-delimited list of protocol-specific Principalstrings associated with flow"}, -{"note":"","property_name":"idp.authn.TOTP.addDefaultPrincipals","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"1","configuration_cat":"AUTHN","module":"idp.authn.TOTP","description":"Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow"}, -{"note":"","property_name":"idp.metadata.dnsname","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier"}, -{"note":"","property_name":"idp.metadata.backchannel.cert","idp_vers":"4.1","property_default_value":"none","property_type":"resource path","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.path","idp_vers":"4.1","property_default_value":"none","property_type":"URL","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.height","idp_vers":"4.1","property_default_value":"80","property_type":"int","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The height of the logo in pixels."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.logo.width","idp_vers":"4.1","property_default_value":"80","property_type":"init","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"The width of the logo in pixels"}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.langs","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit."}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.displayname.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, -{"note":"","property_name":"idp.metadata.idpsso.mdui.description.","idp_vers":"4.1","property_default_value":"none","property_type":"string","module_vers":"1","configuration_cat":"MDGEN","module":"idp.metadatagen","description":"Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language"}, -{"note":"no doc","property_name":"idp.oidc.encryptionOptional","idp_vers":"4.1","property_default_value":"false","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.defaultSecretExpiration","idp_vers":"4.1","property_default_value":"P12M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"The validity of client secret registered"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.allowNoneForRequestSigning","idp_vers":"4.1","property_default_value":"true","property_type":"bool","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Regardless of what signing algorithms are configured allow none for request object signing"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.validateRemoteJwks","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request"}, -{"note":"no doc","property_name":"idp.oidc.dynreg.defaultMetadataPolicy","idp_vers":"4.1","property_default_value":"shibboleth.oidc.dynreg.DefaultMetadataPolicy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine the default metadata policy used for dynamic client registration"}, -{"note":"no doc","property_name":"idp.oidc.jwk.StorageService","idp_vers":"4.1","property_default_value":"shibboleth.StorageService","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Storage for storing remote jwk sets."}, -{"note":"no doc","property_name":"idp.oidc.metadata.saml","idp_vers":"4.1","property_default_value":"shibboleth.Conditions.TRUE","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution"}, -{"note":"no doc","property_name":"idp.oidc.jwksuri.fetchInterval","idp_vers":"4.1","property_default_value":"PT30M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Upgrade interval to the remote JWKs"}, -{"note":"no doc","property_name":"idp.oidc.config.minRefreshDelay","idp_vers":"4.1","property_default_value":"PT5M","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, -{"note":"no doc","property_name":"idp.oidc.config.maxRefreshDelay","idp_vers":"4.1","property_default_value":"PT4H","property_type":"duration","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bounds on the next file refresh of the OP configuration resource"}, -{"note":"no doc","property_name":"idp.oidc.LoginHintLookupStrategy","idp_vers":"4.1","property_default_value":"DefaultRequestLoginHintLookupFunction","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is."}, -{"note":"no doc","property_name":"idp.oidc.SPSessionCreationStrategy","idp_vers":"4.1","property_default_value":"DefaultSPSessionCreationStrategy","property_type":"Bean ID","module_vers":"3","configuration_cat":"OIDCOP","module":"idp.oidc.OP","description":"Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported."} + { + "property_name": "idp.searchForProperties", + "property_type": "bool", + "property_default_value": true, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Auto-load all files matching conf/**/*.properties", + "note": "" + }, + { + "property_name": "idp.additionalProperties", + "property_type": "Comma-delimited paths", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.", + "note": "ex. /conf/ldap.properties, /conf/services.properties" + }, + { + "property_name": "idp.entityID", + "property_type": "URI", + "property_default_value": "none", + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The unique name of the IdP used as the iisuer in all SAML profiles", + "note": "ex. https://unicon.net/idp/shibboleth" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "resource path", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.artifact.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to allow use of the SAML artifact bindings when sending messages", + "note": "" + }, + { + "property_name": "idp.artifact.secureChannel", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)", + "note": "" + }, + { + "property_name": "idp.artifact.endpointIndex", + "property_type": "int", + "property_default_value": 2, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the endpoint in SAML metadata associated with artifacts issued by a server node", + "note": "" + }, + { + "property_name": "idp.artifact.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)", + "note": "" + }, + { + "property_name": "idp.bindings.inMetadataOrder", + "property_type": "bool", + "property_default_value": true, + "config_category": "RelyingPartyConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Controls whether the outbound binding selection is ordered by the SP's metadata or the IdP's preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also to false to favor the front channel over back channel for Logout.", + "note": "" + }, + { + "property_name": "idp.entityID.metadataFile", + "property_type": "file pathname", + "property_default_value": "%{idp.home}/metadata/idp-metadata.xml", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the file to serve for requests to the IdP's well-known metadata location", + "note": "" + }, + { + "property_name": "idp.scope", + "property_type": "string", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "applies a (fixed) scope typically a domain-valued suffix to an input attribute's values", + "note": "" + }, + { + "property_name": "idp.cookie.secure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will be limited to TLS", + "note": "" + }, + { + "property_name": "idp.cookie.httpOnly", + "property_type": "bool", + "property_default_value": true, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property", + "note": "" + }, + { + "property_name": "idp.cookie.domain", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the domain of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.path", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Overrides the path of any cookies issued by the IdP (not including the container)", + "note": "" + }, + { + "property_name": "idp.cookie.maxAge", + "property_type": "int", + "property_default_value": 31536000, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)", + "note": "" + }, + { + "property_name": "idp.cookie.sameSite", + "property_type": "Null/None/Lax/Strict", + "property_default_value": "None", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified", + "note": "" + }, + { + "property_name": "idp.cookie.sameSiteCondition", + "property_type": "Bean ID of Predicate", + "property_default_value": "shibboleth.Conditions.FALSE", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Predicate condition bean controlling whether SameSite filter runs", + "note": "" + }, + { + "property_name": "idp.sealer.keyStrategy", + "property_type": "Bean ID of DataSealerKeyStrategy", + "property_default_value": "shibboleth.DataSealerKeyStrategy", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.", + "note": "" + }, + { + "property_name": "idp.sealer.storeType", + "property_type": "string", + "property_default_value": "JCEKS", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Type of Java keystore used for IdP's internal AES encryption key", + "note": "" + }, + { + "property_name": "idp.sealer.updateInterval", + "property_type": "duration", + "property_default_value": "PT15M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time between checks for a new AES key version", + "note": "" + }, + { + "property_name": "idp.sealer.aliasBase", + "property_type": "string", + "property_default_value": "secret", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)", + "note": "" + }, + { + "property_name": "idp.sealer.storeResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore resource containing AES encryption key usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.versionResource", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource that tracks the active AES encryption key version usually a file path", + "note": "" + }, + { + "property_name": "idp.sealer.storePassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Keystore password unlocking AES encryption keystore typically set during installation", + "note": "" + }, + { + "property_name": "idp.sealer.keyPassword", + "property_type": "string", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Key password unlocking AES encryption key typically set to the same as the previous property and set during installation", + "note": "" + }, + { + "property_name": "idp.signing.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing private key for signing typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.signing.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a private key for decryption typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory", + "note": "" + }, + { + "property_name": "idp.encryption.key.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate private key for decryption generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.encryption.cert.2", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Resource containing an alternate public key certificate generally unused except while changing decryption keys", + "note": "" + }, + { + "property_name": "idp.security.config", + "property_type": "Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)", + "property_default_value": "shibboleth.DefaultSecurityConfiguration", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SecurityConfiguration", + "note": "" + }, + { + "property_name": "idp.signing.config", + "property_type": "Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.SigningConfiguration.SHA256", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default SignatureSigningConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.config", + "property_type": "Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)", + "property_default_value": "shibboleth.EncryptionConfiguration.CBC", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean supplying the default EncryptionConfiguration", + "note": "" + }, + { + "property_name": "idp.encryption.optional", + "property_type": "bool", + "property_default_value": false, + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true failure to locate an encryption key to use won't result in request failure", + "note": "" + }, + { + "property_name": "idp.encryption.keyagreement.metadata.defaultUseKeyWrap", + "property_type": "string", + "property_default_value": "Default", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration", + "note": "" + }, + { + "property_name": "idp.trust.signatures", + "property_type": "Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)", + "property_default_value": "shibboleth.ChainingSignatureTrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify signatures", + "note": "" + }, + { + "property_name": "idp.trust.certificates", + "property_type": "Bean ID of TrustEngine (org.opensaml.security.trust)", + "property_default_value": "shibboleth.ChainingX509TrustEngine", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean for the trust engine used to verify TLS certificates", + "note": "" + }, + { + "property_name": "idp.policy.messageLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped messages", + "note": "" + }, + { + "property_name": "idp.policy.assertionLifetime", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default freshness window for accepting timestamped assertions", + "note": "" + }, + { + "property_name": "idp.policy.clockSkew", + "property_type": "duration", + "property_default_value": "PT3M", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default allowance for clock differences between systems", + "note": "" + }, + { + "property_name": "idp.security.basicKeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.BasicKeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the BasicKeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.security.x509KeyInfoFactory", + "property_type": "Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)", + "property_default_value": "shibboleth.X509KeyInfoGeneratorFactory", + "config_category": "SecurityConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the X509KeyInfoGeneratorFactory used by default", + "note": "" + }, + { + "property_name": "idp.csrf.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Enables CSRF protection", + "note": "" + }, + { + "property_name": "idp.csrf.token.parameter", + "property_type": "string", + "property_default_value": "csrf_token", + "config_category": "CSRF", + "config_file": "idp.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Name of the HTTP parameter that stores the CSRF token", + "note": "" + }, + { + "property_name": "idp.hsts", + "property_type": "string", + "property_default_value": "max-age=0", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an HSTS response header", + "note": "" + }, + { + "property_name": "idp.frameoptions", + "property_type": "DENY/SAMEORIGIN", + "property_default_value": "DENY", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures an X-Frame-Options response header", + "note": "" + }, + { + "property_name": "idp.csp", + "property_type": "string", + "property_default_value": "frame-ancestors 'none'", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Auto-configures a Content Security Policy response header", + "note": "" + }, + { + "property_name": "idp.webflows", + "property_type": "resource path", + "property_default_value": "%{idp.home}/flows", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-supplied webflows from", + "note": "" + }, + { + "property_name": "idp.views", + "property_type": "Comma-delimited paths", + "property_default_value": "%{idp.home}/views", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Location from which to load user-modifiable Velocity view templates. This can be set to include \"classpath*:/META-INF/net/shibboleth/idp/views\" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables support for template reloading.", + "note": "" + }, + { + "property_name": "idp.errors.detailed", + "property_type": "bool", + "property_default_value": false, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to expose detailed error causes in status information provided to outside parties", + "note": "" + }, + { + "property_name": "idp.errors.signed", + "property_type": "bool", + "property_default_value": true, + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)", + "note": "" + }, + { + "property_name": "idp.errors.defaultView", + "property_type": "string", + "property_default_value": "error", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The default view name to render for exceptions and events", + "note": "" + }, + { + "property_name": "idp.errors.excludedExceptions", + "property_type": "Bean ID of Properties (java.util.Properties)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it's not necessary to fully qualify the class).", + "note": "" + }, + { + "property_name": "idp.errors.exceptionMappings", + "property_type": "Bean ID of Collection (java.util)", + "property_default_value": "none", + "config_category": "ErrorHandlingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)", + "note": "" + }, + { + "property_name": "idp.storage.cleanupInterval", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Interval of background thread sweeping server-side storage for expired records", + "note": "" + }, + { + "property_name": "idp.storage.htmlLocalStorage", + "property_type": "bool", + "property_default_value": false, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use HTML Local Storage (if available) instead of cookies", + "note": "" + }, + { + "property_name": "idp.storage.clientSessionStorageName", + "property_type": "string", + "property_default_value": "shib_idp_session_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default per-session instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.storage.clientPersistentStorageName", + "property_type": "string", + "property_default_value": "shib_idp_persistent_ss", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of cookie or HTML storage key used by the default persistent instance of the client storage service", + "note": "" + }, + { + "property_name": "idp.replayCache.StorageService", + "property_type": "Bean ID of a StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.StorageService", + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage back-end to use for message replay checking (must be server-side)", + "note": "" + }, + { + "property_name": "idp.replayCache.strict", + "property_type": "bool", + "property_default_value": true, + "config_category": "StorageConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether storage errors during replay checks should be treated as a replay", + "note": "" + }, + { + "property_name": "idp.session.enabled", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to enable the IdP's session tracking feature", + "note": "" + }, + { + "property_name": "idp.session.StorageService", + "property_type": "Bean ID of StorageService (org.opensaml.storage)", + "property_default_value": "shibboleth.ClientSessionStorageService", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Bean name of a storage implementation/configuration to use for IdP sessions", + "note": "" + }, + { + "property_name": "idp.session.cookieName", + "property_type": "string", + "property_default_value": "shib_idp_session", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)", + "note": "" + }, + { + "property_name": "idp.session.idSize", + "property_type": "int", + "property_default_value": 32, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Number of characters in IdP session identifiers", + "note": "" + }, + { + "property_name": "idp.session.consistentAddress", + "property_type": "bool", + "property_default_value": true, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to bind IdP sessions to IP addresses", + "note": "" + }, + { + "property_name": "idp.session.consistentAddressCondition", + "property_type": "BiPredicate", + "property_default_value": "Direct string comparison", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A 2-argument predicate that compares a bound session's address to a client address", + "note": "" + }, + { + "property_name": "idp.session.timeout", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Inactivity timeout policy for IdP sessions (must be non-zero)", + "note": "" + }, + { + "property_name": "idp.session.slop", + "property_type": "duration", + "property_default_value": 0, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Extra time after expiration before removing SP sessions in case a logout is invoked", + "note": "" + }, + { + "property_name": "idp.session.maskStorageFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to hide storage failures from users during session cache reads/writes", + "note": "" + }, + { + "property_name": "idp.session.trackSPSessions", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)", + "note": "" + }, + { + "property_name": "idp.session.secondaryServiceIndex", + "property_type": "bool", + "property_default_value": false, + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)", + "note": "" + }, + { + "property_name": "idp.session.defaultSPlifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "SessionConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting", + "note": "" + }, + { + "property_name": "idp.authn.flows", + "property_type": "regex", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Required expression that identifies the login flows to globally enable", + "note": "ex. Password, MA, DUO" + }, + { + "property_name": "idp.authn.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT60M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default amount of time to allow reuse prior authentication flows", + "note": "measured since first usage" + }, + { + "property_name": "idp.authn.defaultTimeout", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default inactivity timeout to prevent reuse of prior authentication flows", + "note": "measured since last usage" + }, + { + "property_name": "idp.authn.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication", + "note": "" + }, + { + "property_name": "idp.authn.favorSSO", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to prioritize prior authentication results when an SP requests more than one possible matching method", + "note": "" + }, + { + "property_name": "idp.authn.rpui", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to populate information about the relying party into the tree for user interfaces during login and interceptors", + "note": "" + }, + { + "property_name": "idp.authn.identitySwitchIsError", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to fail requests if a user identity after authentication doesn't match the identity in a pre-existing session.", + "note": "" + }, + { + "property_name": "idp.authn.discoveryURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose", + "note": "" + }, + { + "property_name": "idp.authn.overrideRequestedAuthnContext", + "property_type": "bool", + "property_default_value": false, + "config_category": "AuthenticationConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4, + "module": "", + "module_vers": "", + "description": "Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global setting applying to all SPs that may have such a profile configuration set.", + "note": "" + }, + { + "property_name": "idp.consent.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientPersistentStorageService", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of storage service used to store users' consent choices", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of attribute-release flow along with system default behavior", + "note": "" + }, + { + "property_name": "idp.consent.attribute-release.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKey", + "property_type": "Bean ID", + "property_default_value": "shibboleth.consent.PrincipalConsentStorageKey", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of function used to return the String storage key representing a user defaults to the principal name", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.userStorageKeyAttribute", + "property_type": "string", + "property_default_value": "uid", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Attribute whose value is the storage key representing a user", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.consentValueMessageCodeSuffix", + "property_type": "string", + "property_default_value": ".text", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix of message property used as value of consent storage records when idp.consent.compareValues is true", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional condition to apply to control activation of terms-of-use flow", + "note": "" + }, + { + "property_name": "idp.consent.terms-of-use.auditFormat", + "property_type": "logback", + "property_default_value": "%T|%SP|%e|%u|%CCI|%CCV|%CCA", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default consent auditing formats", + "note": "" + }, + { + "property_name": "idp.consent.allowDoNotRemember", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether not remembering/storing consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowGlobal", + "property_type": "bool", + "property_default_value": true, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether consent to any attribute and to any relying party is allowed", + "note": "" + }, + { + "property_name": "idp.consent.allowPerAttribute", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether per-attribute consent is allowed", + "note": "" + }, + { + "property_name": "idp.consent.compareValues", + "property_type": "bool", + "property_default_value": false, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute values and terms of use text are stored and compared for equality", + "note": "" + }, + { + "property_name": "idp.consent.maxStoredRecords", + "property_type": "int", + "property_default_value": 10, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.expandedMaxStoredRecords", + "property_type": "int", + "property_default_value": 0, + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum number of records stored when using larger/server-side storage, 0 = no limit", + "note": "" + }, + { + "property_name": "idp.consent.storageRecordLifetime", + "property_type": "duration", + "property_default_value": "(v4.0=P1Y,v4.1=infinite)", + "config_category": "ConsentConfiguration", + "config_file": "idp.properties", + "idp_vers": "4.x", + "module": "", + "module_vers": "", + "description": "Time in milliseconds to expire consent storage records", + "note": "" + }, + { + "property_name": "idp.logout.elaboration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search metadata for user interface information associated with every service involved in logout propagation", + "note": "" + }, + { + "property_name": "idp.logout.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to require signed logout messages in accordance with the SAML 2.0 standard", + "note": "" + }, + { + "property_name": "idp.logout.promptUser", + "property_type": "Bean ID of Predicate", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session", + "note": "" + }, + { + "property_name": "idp.logout.preserveQuery", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic", + "note": "" + }, + { + "property_name": "idp.logout.assumeAsync", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints", + "note": "" + }, + { + "property_name": "idp.logout.propagationHidden", + "property_type": "bool", + "property_default_value": false, + "config_category": "LogoutConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Applies the \"display:none\" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user", + "note": "" + }, + { + "property_name": "idp.soap.httpClient", + "property_type": "Bean ID of HttpClient to use for SOAP-based logout", + "property_default_value": "SOAPClient.HttpClient", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)", + "note": "" + }, + { + "property_name": "idp.ui.fallbackLanguages", + "property_type": "Comma-delimited list", + "property_default_value": "none", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "languages to use if no match can be found with the browser-supported languages", + "note": "ex. en, fr, de" + }, + { + "property_name": "idp.cas.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed \"simple\" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)", + "note": "" + }, + { + "property_name": "idp.cas.serviceRegistryClass", + "property_type": "?", + "property_default_value": "net.shibboleth.idp.cas.service.PatternServiceRegistry", + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "CAS service registry implementation class", + "note": "" + }, + { + "property_name": "idp.cas.relyingPartyIdFromMetadata", + "property_type": "bool", + "property_default_value": false, + "config_category": "CasProtocolConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If true CAS services provisioned with SAML metadata are identified via entityID", + "note": "" + }, + { + "property_name": "idp.fticks.federation", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Enables F-TICKS output and specifies the value of the federation-identifier field", + "note": "" + }, + { + "property_name": "idp.fticks.condition", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean name of a Predicate to use to decide whether to run", + "note": "" + }, + { + "property_name": "idp.fticks.algorithm", + "property_type": "string", + "property_default_value": "SHA-2", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Digest algorithm used to obscure usernames", + "note": "" + }, + { + "property_name": "idp.fticks.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A salt to apply when digesting usernames (if not specified, the username will not be included)", + "note": "" + }, + { + "property_name": "idp.fticks.loghost", + "property_type": "string", + "property_default_value": "localhost", + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog host", + "note": "" + }, + { + "property_name": "idp.fticks.logport", + "property_type": "int", + "property_default_value": 514, + "config_category": "FTICKSLoggingConfiguration", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The remote syslog port", + "note": "" + }, + { + "property_name": "idp.audit.shortenBindings", + "property_type": "bool", + "property_default_value": true, + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set false if you want SAML bindings \"spelled out\" in audit log", + "note": "" + }, + { + "property_name": "idp.velocity.runtime.strictmode", + "property_type": "bool", + "property_default_value": false, + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set to true to fail on velocity syntax errors", + "note": "" + }, + { + "property_name": "idp.intercept.External.externalPath", + "property_type": "path", + "property_default_value": "contextRelative:intercept.jsp", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Path to use with External interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.generalPolicy", + "property_type": "Policy ID", + "property_default_value": "GeneralImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.impersonate.specificPolicy", + "property_type": "Policy ID", + "property_default_value": "SpecificImpersonationPolicy", + "config_category": "Core", + "config_file": "idp.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Policies to use with Impersonate interceptor flow", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.authenticator", + "property_type": "string", + "property_default_value": "anonSearchAuthenticator", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.ldapURL", + "property_type": "LDAP URI", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection URI for LDAP directory", + "note": "ex. ldap://localhost or ldaps://localhost" + }, + { + "property_name": "idp.authn.LDAP.useStartTLS", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether StartTLS should be used after connecting with LDAP alone.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for the TCP connection to occur.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.responseTimeout", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to wait for an LDAP response message", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.connectionStrategy", + "property_type": "string", + "property_default_value": "ACTIVE_PASSIVE", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.sslConfig", + "property_type": "string", + "property_default_value": "certificateTrust", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "How to establish trust in the server's TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.trustCertificates", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load trust anchors from when using sslConfig = certificateTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.crt" + }, + { + "property_name": "idp.authn.LDAP.trustStore", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust", + "note": "ex. %{idp.home}/credentials/ldap-server.truststore" + }, + { + "property_name": "idp.authn.LDAP.returnAttributes", + "property_type": "comma-seperated strings", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to request during authentication", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.baseDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.subtreeSearch", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.userFilter", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindDNCredential", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.dnFormat", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator", + "note": "ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryOnFailure", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be returned in the authentication response even when the user bind fails.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.resolveEntryWithBindDN", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether the user's LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordPolicy", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Policy Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.usePasswordExpiration", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to use the Password Expired Control.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.activeDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the 'adAuthenticator'. It is meant to be specified with one of the other authenticator types.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.freeIPADirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.eDirectory", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.disablePooling", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether connection pools should be used for LDAP authentication and DN resolution", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.minSize", + "property_type": "int", + "property_default_value": 3, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Minimum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.maxSize", + "property_type": "int", + "property_default_value": 10, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Maximum LDAP connection pool size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateOnCheckout", + "property_type": "bool", + "property_default_value": false, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections when checking them out of the pool", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriodically", + "property_type": "bool", + "property_default_value": true, + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether to validate connections in the background", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validatePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between validation if idp.pool.LDAP.validatePeriodically is true", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateDN", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "DN to search with the validateFilter: defaults to the rootDSE", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.validateFilter", + "property_type": "string", + "property_default_value": "(objectClass=*)", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Search filter to execute in order to validate a pooled connection", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.prunePeriod", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration between looking for idle connections to reduce the pool back to its minimum size", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.idleTime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration connections must be idle to be eligible for pruning", + "note": "" + }, + { + "property_name": "idp.pool.LDAP.blockWaitTime", + "property_type": "duration", + "property_default_value": "PT3S", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Duration to wait for a free connection in the pool", + "note": "" + }, + { + "property_name": "idp.authn.LDAP.bindPoolPassivator", + "property_type": "string", + "property_default_value": "none", + "config_category": "LDAPAuthnConfiguration", + "config_file": "v4: ldap.properties , V4.1: authn/authn.properties", + "idp_vers": "4.0.1", + "module": "", + "module_vers": "", + "description": "Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your directory requires searches to be performed by the idp.authn.LDAP.bindDN or anonymously, this property controls that behavior. one of: none, bind, anonymousBind.", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfigNames", + "property_type": "string", + "property_default_value": "ShibUserPassAuth", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited set of JAAS application configuration names to use", + "note": "" + }, + { + "property_name": "idp.authn.JAAS.loginConfig", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/authn/jaas.config", + "config_category": "JAASAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Location of JAAS configuration file", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.refreshConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.preserveTicket", + "property_type": "bool", + "property_default_value": false, + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to preserve the resulting Kerberos TGT in the Java Subject's private credential set", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.servicePrincipal", + "property_type": "string", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it", + "note": "" + }, + { + "property_name": "idp.authn.Krb5.keytab", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "KerberosAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Path to a keytab file containing keys belonging to the service principal defined in idp.authn.Krb5.servicePrincipal", + "note": "" + }, + { + "property_name": "idp.authn.External.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.External.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.External.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.External.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.External.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.External.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.External.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.External.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.External.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.External.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.External.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.External.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "ExternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.External", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUser.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUser.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUser", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkRemoteUser", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to check REMOTE_USER for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkAttributes", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited lists of request attributes to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.checkHeaders", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of request headers to check for a username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to lowercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to uppercase the username before validating it", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "A regular expression that must match the username", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.allowedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to accept while blocking all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.deniedUsernames", + "property_type": "string", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of usernames to deny while accepting all others", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:external.jsp", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.RemoteUserInternal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.RemoteUserInternal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "RemoteUserInternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.RemoteUserInternal", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.externalAuthnPath", + "property_type": "URL path", + "property_default_value": "/Authn/SPNEGO", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Servlet-relative path to the SPNEGO external authentication implementation", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.enforceRun", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to always try to run SPNEGO independent of the user's auto-login setting", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.refreshKrbConfig", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.matchExpression", + "property_type": "regex", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Regular expression to match username against", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.cookieName", + "property_type": "string", + "property_default_value": "_idp_spnego_autologin", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.2, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Name of cookie used to track auto-login state of client", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SPNEGO.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, saml1/urn:ietf:rfc:1510", + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SPNEGO.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SPNEGOAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.SPNEGO", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.externalAuthnPath", + "property_type": "string", + "property_default_value": "contextRelative:x509-prompt.jsp", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the protected resource", + "note": "" + }, + { + "property_name": "idp.authn.X509.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509AuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.X509", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.saveCertificateToCredentialSet", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to save the certificate into the Subject's public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.X509Internal.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, saml1/urn:ietf:rfc:2246", + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.X509Internal.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "X509InternalAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.IPAddress.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol", + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.IPAddress.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "IPAddressAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.IPAddress", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Function.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Function.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Function.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Function.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Function.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Function.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Function.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "FunctionAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Function", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.apiHost", + "property_type": "URL", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb API hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.applicationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, \"Generate an akey\".", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "DuoWeb secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.apiHost", + "property_type": "URL", + "property_default_value": "${idp.duo.apiHost}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI integration key (supplied by Duo as Client ID)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Duo AuthAPI secret key (supplied by Duo as Client secret)", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.factor", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Allow the factor to be defaulted to auto if no headers are received", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.duo.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/duo.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies", + "note": "this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key" + }, + { + "property_name": "idp.authn.Duo.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.Duo.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.Duo.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.Duo.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.Duo.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.Duo.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.Duo.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.Duo", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.externalAuthnPath", + "property_type": "url path", + "property_default_value": "servletRelative:/Authn/SAML2/POST/SSO", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Spring Web Flow redirection expression for the IdP's AssertionConsumerService", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyEntityID", + "property_type": "string", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Statically-defined entityID of IdP to use for authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.outboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run just prior to AuthnRequest signing/encoding step", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inboundMessageHandlerFunction", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of Function to run at the late stages of Response decoding/processing", + "note": "" + }, + { + "property_name": "idp.authn.SAML.assertionValidator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Optional bean ID of AssertionValidator to run", + "note": "" + }, + { + "property_name": "idp.authn.SAML.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.SAML.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.SAML.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.SAML.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.SAML.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.SAML.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.SAML.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "SAMLAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.validateLoginTransitions", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions", + "note": "" + }, + { + "property_name": "idp.authn.MFA.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.MFA.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow enforces upstream IdP imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.MFA.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to invoke IdP discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.MFA.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.MFA.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.MFA.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password", + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.MFA.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "MultiFactorAuthnConfiguration", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.MFA", + "module_vers": "", + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.transientId.generator", + "property_type": "Bean ID of a TransientIdGenerationStrategy", + "property_default_value": "shibboleth.CryptoTransientIdGenerator", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for generating transient IDs", + "note": "" + }, + { + "property_name": "idp.nameid.saml2.default", + "property_type": "URI", + "property_default_value": "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.nameid.saml1.default", + "property_type": "URI", + "property_default_value": "urn:mace:shibboleth:1.0:nameIdentifier", + "config_category": "NameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Default Format to generate if nothing else is indicated", + "note": "" + }, + { + "property_name": "idp.persistentId.generator", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies the strategy plugin for sourcing persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.dataSource", + "property_type": "Bean ID of a JDBC DataSource", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a data source for storage-based management of persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.computed", + "property_type": "Bean ID of a PairwiseIdStore", + "property_default_value": "shibboleth.ComputedPersistentIdGenerator", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Identifies a strategy plugin to use to generate the first persistent identifier for each subject", + "note": "used to migrate from the computed to stored strategies: can be null" + }, + { + "property_name": "idp.persistentId.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable", + "note": "" + }, + { + "property_name": "idp.persistentId.useUnfilteredAttributes", + "property_type": "boolean", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether or not the previous property has access to unreleased attributes", + "note": "" + }, + { + "property_name": "idp.persistentId.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "A secret salt for the hash when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encodedSalt", + "property_type": "Base64-encoded String", + "property_default_value": "none", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "An encoded form of the persistentId.salt", + "note": "" + }, + { + "property_name": "idp.persistentId.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The hash algorithm used when using computed persistent IDs", + "note": "" + }, + { + "property_name": "idp.persistentId.encoding", + "property_type": "string", + "property_default_value": "BASE64", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64", + "note": "" + }, + { + "property_name": "idp.persistentId.exceptionMap", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ComputedIdExceptionMap", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services", + "note": "" + }, + { + "property_name": "idp.persistentId.queryTimeout", + "property_type": "duration", + "property_default_value": "PT5S", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Query timeout for database access", + "note": "" + }, + { + "property_name": "idp.persistentId.transactionRetries", + "property_type": "int", + "property_default_value": 3, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Number of retries in the event database locking bugs cause retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.retryableErrors", + "property_type": "string", + "property_default_value": "23000,23505", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "List of error strings to identify as retryable failures", + "note": "" + }, + { + "property_name": "idp.persistentId.verifyDatabase", + "property_type": "bool", + "property_default_value": true, + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.", + "note": "" + }, + { + "property_name": "idp.persistentId.tableName", + "property_type": "string", + "property_default_value": "shibpid", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides the name of the table in the database", + "note": "" + }, + { + "property_name": "idp.persistentId.localEntityColumn", + "property_type": "string", + "property_default_value": "localEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerEntityColumn", + "property_type": "string", + "property_default_value": "peerEntity", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.principalNameColumn", + "property_type": "string", + "property_default_value": "principalName", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.sourceIdColumn", + "property_type": "string", + "property_default_value": "localId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.persistentIdColumn", + "property_type": "string", + "property_default_value": "persistentId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.peerProvidedIdColumn", + "property_type": "string", + "property_default_value": "peerProvidedId", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.createTimeColumn", + "property_type": "string", + "property_default_value": "creationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.persistentId.deactivationTimeColumn", + "property_type": "string", + "property_default_value": "deactivationDate", + "config_category": "PersistentNameIDGenerationConfiguration", + "config_file": "saml-nameid.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Overrides database column names", + "note": "" + }, + { + "property_name": "idp.service.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Set default fail-fast behavior of all services unless overridden by service", + "note": "" + }, + { + "property_name": "idp.service.logging.resource", + "property_type": "resource path", + "property_default_value": "%{idp.home}/conf/logback.xml", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Logging configuration resource to use (the reloadable service ID is shibboleth.LoggingService)", + "note": "" + }, + { + "property_name": "idp.service.logging.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if logging configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.logging.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to logging configuration and reload service. A value of 0 indicates that the logging configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.RelyingPartyResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for RelyingPartyConfiguration", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if RelyingPartyConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to RelyingPartyConfiguration and reload service. A value of 0 indicates that the relying party configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.relyingparty.ignoreUnmappedEntityAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "See MetadataDrivenConfiguration SAML Attribute Name Format Usage", + "note": "" + }, + { + "property_name": "idp.service.metadata.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MetadataResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for MetadataConfiguration", + "note": "" + }, + { + "property_name": "idp.service.metadata.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if MetadataConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.metadata.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.metadata.enableByReferenceFilters", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeRegistryConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeRegistryConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.registry.encodeType", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeResolverResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeResolverConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeResolverConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.stripNulls", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invisible to dependant attribute definitions) use a SimpleAttributeDefinition and specify ignoreNullValues", + "note": "" + }, + { + "property_name": "idp.service.attribute.resolver.suppressDisplayInfo", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": 4.2, + "module": "", + "module_vers": "", + "description": "Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so there should be no reason to revert this behavior unless using third party software which expect the IdPAttribute DisplayName and DisplayDescriptions to be pre-populated", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AttributeFilterResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AttributeFilterConfiguration", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AttributeFilterConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads", + "note": "" + }, + { + "property_name": "idp.service.attribute.filter.maskFailures", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.NameIdentifierGenerationResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for NameIDGenerationConfiguration", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if NameIDGenerationConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.nameidGeneration.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to NameIDGenerationConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.access.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.AccessControlResource", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for AccessControlConfiguration", + "note": "" + }, + { + "property_name": "idp.service.access.failFast", + "property_type": "bool", + "property_default_value": true, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if AccessControlConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.access.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice changes to AccessControlConfiguration and reload service", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.CASServiceRegistryResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for CASServiceRegistry configuration", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if CASServiceRegistry configuration is invalid", + "note": "" + }, + { + "property_name": "idp.service.cas.registry.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice CASServiceRegistry configuration changes and reload service", + "note": "" + }, + { + "property_name": "idp.service.managedBean.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ManagedBeanResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying resources to use for ManagedBeanConfiguration", + "note": "" + }, + { + "property_name": "idp.service.managedBean.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Fail at startup if ManagedBeanConfiguration is invalid", + "note": "" + }, + { + "property_name": "idp.service.managedBean.checkInterval", + "property_type": "duration", + "property_default_value": 0, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Time to notice ManagedBeanConfiguration changes and reload service", + "note": "" + }, + { + "property_name": "idp.message.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.MessageSourceResources", + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Name of Spring bean identifying Spring message property resources", + "note": "" + }, + { + "property_name": "idp.message.cacheSeconds", + "property_type": "int", + "property_default_value": 300, + "config_category": "ReloadableServices", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Seconds between reloads of message property resources", + "note": "" + }, + { + "property_name": "idp.status.logging", + "property_type": "string", + "property_default_value": "Status", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.status.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.status.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.status.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.status.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.status.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "Status", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.logging", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.reload.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.reload.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.reload.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.reload.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.reload.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataReload", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.logging", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.resolvertest.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.resolvertest.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.resolvertest.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.resolvertest.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.resolvertest.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AACLI", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.logging", + "property_type": "string", + "property_default_value": "MetadataQuery", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.mdquery.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.mdquery.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.mdquery.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.mdquery.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.mdquery.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetadataQuery", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.logging", + "property_type": "string", + "property_default_value": "Metrics", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.metrics.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.metrics.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.metrics.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.metrics.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "MetricsConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.logging", + "property_type": "string", + "property_default_value": "Hello", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.hello.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByAdminUser", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.hello.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.hello.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.hello.resolveAttributes", + "property_type": "bool", + "property_default_value": true, + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.hello.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "HelloWorldConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.logging", + "property_type": "string", + "property_default_value": "Lockout", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.lockout.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.lockout.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.lockout.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.lockout.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.lockout.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AccountLockoutManagement", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.logging", + "property_type": "string", + "property_default_value": "Storage", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.storage.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.storage.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.storage.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.storage.defaultAuthenticationMethods", + "property_type": "string", + "property_default_value": "none", + "config_category": "?", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.storage.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.logging", + "property_type": "string", + "property_default_value": "UnlockKeys", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Audit log identifier for flow", + "note": "" + }, + { + "property_name": "idp.unlock-keys.accessPolicy", + "property_type": "string", + "property_default_value": "AccessDenied", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Name of access control policy for request authorization", + "note": "" + }, + { + "property_name": "idp.unlock-keys.authenticated", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether authentication should be performed prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether the flow should allow for non-browser clients during authentication", + "note": "" + }, + { + "property_name": "idp.unlock-keys.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether attributes should be resolved prior to access control evaluation", + "note": "" + }, + { + "property_name": "idp.unlock-keys.postAuthenticationFlows", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttendedRestartConfiguration", + "config_file": "admin/admin.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "?", + "note": "" + }, + { + "property_name": "idp.c14n.simple.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.simple.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "SimplePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributesToResolve", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.attributeSourceIds", + "property_type": "string", + "property_default_value": "none", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolveFromSubject", + "property_type": "bool", + "property_default_value": false, + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service", + "note": "" + }, + { + "property_name": "idp.c14n.attribute.resolutionCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "AttributePostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone", + "note": "" + }, + { + "property_name": "idp.c14n.x500.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.trim", + "property_type": "bool", + "property_default_value": true, + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to trim leading and trailing whitespace from the username", + "note": "" + }, + { + "property_name": "idp.c14n.x500.subjectAltNameTypes", + "property_type": "List", + "property_default_value": "none", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of subjectAltName extension types to look for", + "note": "" + }, + { + "property_name": "idp.c14n.x500.objectIDs", + "property_type": "List", + "property_default_value": "2.5.4.3", + "config_category": "X500PostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Comma-delimited list of attribute OIDs to search for in the subject DN", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.proxy.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "SAML2ProxyTransformPostLoginC14NConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.lowercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to lowercase the username", + "note": "" + }, + { + "property_name": "idp.c14n.saml.uppercase", + "property_type": "bool", + "property_default_value": false, + "config_category": "NameIDConsumptionConfiguration", + "config_file": "c14n/subject-c14n.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Whether to uppercase the username", + "note": "" + }, + { + "property_name": "idp.service.logging.saml1sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml1artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2sso", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2attrquery", + "property_type": "string", + "property_default_value": "AttributeQuery", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2artifact", + "property_type": "string", + "property_default_value": "ArtifactResolution", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.saml2slo", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.logout", + "property_type": "string", + "property_default_value": "Logout", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.cas", + "property_type": "string", + "property_default_value": "SSO", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.status", + "property_type": "string", + "property_default_value": "Status", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.resolvertest", + "property_type": "string", + "property_default_value": "ResolverTest", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.service.logging.serviceReload", + "property_type": "string", + "property_default_value": "Reload", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": "all", + "module": "", + "module_vers": "", + "description": "Suffix added to audit logging category when various profiles/flows are audited", + "note": "you can use this to route different kinds of audit records to different destinations based on general function" + }, + { + "property_name": "idp.audit.hashAlgorithm", + "property_type": "string", + "property_default_value": "SHA-256", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Hash algorithm to apply to various hashed fields", + "note": "" + }, + { + "property_name": "idp.audit.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "AuditLoggingConfiguration", + "config_file": "services.properties", + "idp_vers": 4.1, + "module": "", + "module_vers": "", + "description": "Salt to apply to hashed fields must be set to use those fields", + "note": "" + }, + { + "property_name": "idp.oidc.issuer", + "property_type": "URL", + "property_default_value": "none", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set the Open ID Connect Issuer value", + "note": "" + }, + { + "property_name": "idp.oidc.idToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT1H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of ID token", + "note": "" + }, + { + "property_name": "idp.oidc.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token", + "note": "" + }, + { + "property_name": "idp.oidc.authorizeCode.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of authorization code", + "note": "" + }, + { + "property_name": "idp.oidc.refreshToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT2H", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of refresh token", + "note": "" + }, + { + "property_name": "idp.oidc.forcePKCE", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is required to use PKCE", + "note": "" + }, + { + "property_name": "idp.oidc.allowPKCEPlain", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether client is allowed to use PKCE code challenge method plain", + "note": "" + }, + { + "property_name": "idp.oidc.encodedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests", + "note": "" + }, + { + "property_name": "idp.oidc.encodeConsentInTokens", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage", + "note": "" + }, + { + "property_name": "idp.oidc.alwaysIncludedAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to always include in ID token regardless of response_type", + "note": "" + }, + { + "property_name": "idp.oidc.deniedUserInfoAttributes", + "property_type": "Set", + "property_default_value": "none", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Specifies IdPAttributes to omit from UserInfo token", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.authorizeCode.lifetime", + "property_type": "duration", + "property_default_value": "PT6H", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of entries in revocation cache for authorize code", + "note": "" + }, + { + "property_name": "idp.oidc.revocationCache.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OPAuthorization", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of StorageService for revocation cache requires server-side storage", + "note": "" + }, + { + "property_name": "idp.oidc.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods", + "note": "" + }, + { + "property_name": "idp.oauth2.grantTypes", + "property_type": "Collection", + "property_default_value": "authorization_code,refresh_token", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "OAuth grant types to allow", + "note": "" + }, + { + "property_name": "idp.oauth2.enforceRefreshTokenRotation", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.type", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3.2, + "description": "Format of access token. Supported values are JWT or nothing.", + "note": "" + }, + { + "property_name": "idp.oauth2.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token", + "note": "" + }, + { + "property_name": "idp.oauth2.accessToken.defaultLifetime", + "property_type": "duration", + "property_default_value": "PT10M", + "config_category": "OPToken", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Lifetime of access token issued to client for resource server", + "note": "" + }, + { + "property_name": "idp.oauth2.revocationMethod", + "property_type": "string", + "property_default_value": "CHAIN", + "config_category": "OPRevocation", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultRegistrationValidity", + "property_type": "duration", + "property_default_value": "PT24H", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Registration lifetime", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultScope", + "property_type": "string", + "property_default_value": "openid profile email address phone offline_access", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default scopes accepted in dynamic registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultSubjectType", + "property_type": "string", + "property_default_value": "public", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The default subject type if not set by client in request. Maybe set to pairwise or public.", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.defaultMetadataPolicyFile", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "OPMetadataPolicies", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Full path to the file containing default metadata policy used for dynamic client registration", + "note": "" + }, + { + "property_name": "idp.oidc.dynreg.tokenEndpointAuthMethods", + "property_type": "Collection", + "property_default_value": "client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The acceptable client authentication methods when using dynamic registration", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rs.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-rs.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.es.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-signing-es.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK EC signing keypair", + "note": "" + }, + { + "property_name": "idp.signing.oidc.rsa.enc.key", + "property_type": "JWK file pathname", + "property_default_value": "%{idp.home}/credentials/idp-encryption-rsa.jwk", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "JWK RSA decryption keypair", + "note": "" + }, + { + "property_name": "idp.oidc.signing.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.SigningConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default signing configuration", + "note": "" + }, + { + "property_name": "idp.oidc.encryption.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.EncryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default encryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rodecrypt.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectDecryptionConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request decryption configuration", + "note": "" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.requestObjectSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default request signature validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.oidc.rovalid.config", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.tokenEndpointJwtSignatureValidationConfiguration", + "config_category": "OPSecurity", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Allows override of default JWT token validation configuration", + "note": "one of these has the wrong name" + }, + { + "property_name": "idp.authn.OAuth2Client.requireAll", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether all validators must succeed or just one", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.removeAfterValidation", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to remove the object holding the password from the request's active state after validating it (to avoid it being preserved in the session any longer than needed)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.retainAsPrivateCredential", + "property_type": "bool", + "property_default_value": false, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution", + "note": "use with caution as it retains the password and makes it available in plaintext from within server memory at various stages." + }, + { + "property_name": "idp.authn.OAuth2Client.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of Predicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of BiConsumer for subject customization" + }, + { + "property_name": "idp.authn.OAuth2Client.supportedPrincipals", + "property_type": "string", + "property_default_value": "none", + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Comma-delimited list of protocol-specific Principal strings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.OAuth2Client.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": true, + "config_category": "OAuth2ClientAuthnConfiguration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow", + "note": "" + }, + { + "property_name": "idp.oidc.ResponseHeaderFilter", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ResponseHeaderFilter", + "config_category": "OPCustomFilterRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.template", + "property_type": "resource path", + "property_default_value": "%{idp.home}/static/openid-configuration.json", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Location of discovery template to use", + "note": "" + }, + { + "property_name": "idp.oidc.discovery.resolver", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.DefaultOpenIdConfigurationResolver", + "config_category": "OPDiscovery", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Implementation bean for discovery shouldn't require alteration", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.logging", + "property_type": "string", + "property_default_value": "IssueRegistrationAccessToken", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Audit logging label for this profile", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.nonBrowserSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Enables support for non-browser-based authentication", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.authenticated", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to enable user authentication for requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.resolveAttributes", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Whether to resolve attributes if authentication is enabled", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.defaultTokenLifetime", + "property_type": "duration", + "property_default_value": "P1D", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Default access token lifetime if not specified", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.accessPolicy", + "property_type": "string", + "property_default_value": "AccessByIPAddress", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to all requests", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyLocationPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyLocation", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.policyIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a policyId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.clientIdPolicy", + "property_type": "string", + "property_default_value": "AccessByAdmin", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of access control policy to apply to requests specifying a clientId", + "note": "" + }, + { + "property_name": "idp.oidc.admin.registration.lookup.policy", + "property_type": "Bean ID", + "property_default_value": "shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy", + "config_category": "OPDynamicClientRegistration", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.failFast", + "property_type": "bool", + "property_default_value": false, + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "If true any failures during initialization of any resolvers result in IdP startup failure", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.checkInterval", + "property_type": "duration", + "property_default_value": "PT0S", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "When non-zero enables monitoring of resources for service reload", + "note": "" + }, + { + "property_name": "idp.service.clientinfo.resources", + "property_type": "Bean ID", + "property_default_value": "shibboleth.ClientInformationResolverResources", + "config_category": "OPClientResolution", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Name of bean used to define the resources to use in configuring this service", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedScope", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function called shibboleth.oidc.AllowedScopeStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.defaultAllowedAudience", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "OPClientCredentialsGrant", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy", + "note": "" + }, + { + "property_name": "idp.oauth2.authn.flows", + "property_type": "regex", + "property_default_value": "OAuth2Client", + "config_category": "OPClientAuthentication", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regular expression matching OAuth login flows to enable.", + "note": "" + }, + { + "property_name": "idp.oidc.subject.sourceAttribute", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The source attribute used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.algorithm", + "property_type": "string", + "property_default_value": "SHA", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The digest algorithm used in generating the sub claim", + "note": "" + }, + { + "property_name": "idp.oidc.subject.salt", + "property_type": "string", + "property_default_value": "none", + "config_category": "OPSubClaim", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.DuoOIDC.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.DuoOIDC.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.duo.oidc.apiHost", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "DuoOIDC API hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.clientId", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The OAuth 2.0 Client Identifier valid at the Authorization Server", + "note": "" + }, + { + "property_name": "idp.duo.oidc.redirectURL", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Redirection URI to which the 2FA response will be sent", + "note": "ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback" + }, + { + "property_name": "idp.duo.oidc.redirecturl.allowedOrigins", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.health", + "property_type": "string", + "property_default_value": "/oauth/v1/health_check", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 health check endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.token", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 token endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.endpoint.authorize", + "property_type": "string", + "property_default_value": "/oauth/v1/authorize", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo's OAuth 2.0 authorization endpoint", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.clockSkew", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Leeway allowed in token expiry calculations", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.iatWindow", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Maximum amount (in either direction from now) of duration for which a token is valid after it is issued", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.issuerPath", + "property_type": "string", + "property_default_value": "/oauth/v1/token", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.preferredUsername", + "property_type": "string", + "property_default_value": "preferred_username", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.jwt.verifier.authLifetime", + "property_type": "duration", + "property_default_value": "PT60S", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "How long the authentication is valid. Only applies to forced authentication requests.", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.apiHost", + "property_type": "string", + "property_default_value": "%{idp.duo.oidc.apiHost}", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI hostname assigned to the integration", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.integrationKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI integration key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.secretKey", + "property_type": "string", + "property_default_value": "none", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Duo AuthAPI secret key supplied by Duo", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.factor", + "property_type": "strinig", + "property_default_value": "X-Shibboleth-Duo-Factor", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI factor", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.device", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Device", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI device ID or name", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.header.passcode", + "property_type": "string", + "property_default_value": "X-Shibboleth-Duo-Passcode", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Name of HTTP request header for Duo AuthAPI passcode", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.auto", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Allow the factor to be defaulted in as \"auto\" if no headers are received", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nonbrowser.clientAddressTrusted", + "property_type": "bool", + "property_default_value": true, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": 1, + "description": "Pass client address to Duo in API calls to support logging", + "note": "push display" + }, + { + "property_name": "idp.duo.oidc.connectionTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for the connection to be established", + "note": "" + }, + { + "property_name": "idp.duo.oidc.connectionRequestTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum length of time to wait for a connection to be returned from the connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.socketTimeout", + "property_type": "duration", + "property_default_value": "PT1M", + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Maximum period inactivity between two consecutive data packets", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsTotal", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max total simultaneous connections allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.maxConnectionsPerRoute", + "property_type": "int", + "property_default_value": 100, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "Max simultaneous connections per route allowed by the pooling connection manager", + "note": "" + }, + { + "property_name": "idp.duo.oidc.nimbus.checkRevocation", + "property_type": "bool", + "property_default_value": false, + "config_category": "DuoOIDCAuthnConfiguration", + "config_file": "authn/duo-oidc.properties", + "idp_vers": 4.1, + "module": "idp.authn.DuoOIDC", + "module_vers": "1 (nimbus)", + "description": "To enable certificate revocation checking", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.headerName", + "property_type": "string", + "property_default_value": "X-Shibboleth-TOTP", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of request header to use for extracting non-browser submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.fieldName", + "property_type": "string", + "property_default_value": "tokencode", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of HTML form field to use for locating browser-submitted token codes", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.tokenSeedAttribute", + "property_type": "string", + "property_default_value": "tokenSeeds", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Name of IdPAttribute to resolve to obtain token seeds for users", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.order", + "property_type": "int", + "property_default_value": 1000, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Flow priority relative to other enabled login flows (lower is \"higher\" in priority)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.nonBrowserSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow should handle non-browser request profiles (e.g., ECP)", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.passiveAuthenticationSupported", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow allows for passive authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.forcedAuthenticationSupported", + "property_type": "bool", + "property_default_value": true, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow supports forced authentication", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyRestrictionsEnforced", + "property_type": "bool", + "property_default_value": "%{idp.authn.enforceProxyRestrictions:true}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow enforces upstream IdP-imposed restrictions on proxying", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.proxyScopingEnforced", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether the flow considers itself to be proxying", + "note": "and therefore enforces SP-signaled restrictions on proxying" + }, + { + "property_name": "idp.authn.TOTP.discoveryRequired", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to invoke IdP-discovery prior to running flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.lifetime", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultLifetime:PT1H}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Lifetime of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.inactivityTimeout", + "property_type": "duration", + "property_default_value": "%{idp.authn.defaultTimeout:PT30M}", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Inactivity timeout of results produced by this flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.reuseCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate controlling result reuse for SSO", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.activationCondition", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofPredicate determining whether flow is usable for request", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.subjectDecorator", + "property_type": "Bean ID", + "property_default_value": "none", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Bean ID ofBiConsumer for subject customization", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.supportedPrincipals", + "property_type": "string", + "property_default_value": "saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken", + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Comma-delimited list of protocol-specific Principalstrings associated with flow", + "note": "" + }, + { + "property_name": "idp.authn.TOTP.addDefaultPrincipals", + "property_type": "bool", + "property_default_value": false, + "config_category": "TOTP", + "config_file": "authn/authn.properties", + "idp_vers": 4.1, + "module": "idp.authn.TOTP", + "module_vers": 1, + "description": "Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow", + "note": "" + }, + { + "property_name": "idp.metadata.dnsname", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier", + "note": "" + }, + { + "property_name": "idp.metadata.backchannel.cert", + "property_type": "resource path", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.path", + "property_type": "URL", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path ('/path/to/logo') is used.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.height", + "property_type": "int", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The height of the logo in pixels.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.logo.width", + "property_type": "init", + "property_default_value": 80, + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "The width of the logo in pixels", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.langs", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an and for the \"en\" language is emitted which you need to edit.", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.displayname.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Display name for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.metadata.idpsso.mdui.description.", + "property_type": "string", + "property_default_value": "none", + "config_category": "Metadatagen", + "config_file": "--propertyFiles mdgen.properties", + "idp_vers": 4.1, + "module": "idp.metadatagen", + "module_vers": 1, + "description": "Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language", + "note": "" + }, + { + "property_name": "idp.oidc.encryptionOptional", + "property_type": "bool", + "property_default_value": false, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.defaultSecretExpiration", + "property_type": "duration", + "property_default_value": "P12M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "The validity of client secret registered", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.allowNoneForRequestSigning", + "property_type": "bool", + "property_default_value": true, + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Regardless of what signing algorithms are configured allow none for request object signing", + "note": "no doc" + }, + { + "property_name": "idp.oidc.dynreg.validateRemoteJwks", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether dynamic registration should validate the remote JWK set if it's defined in the request", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwk.StorageService", + "property_type": "Bean ID", + "property_default_value": "shibboleth.StorageService", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Storage for storing remote jwk sets.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.metadata.saml", + "property_type": "Bean ID", + "property_default_value": "shibboleth.Conditions.TRUE", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution", + "note": "no doc" + }, + { + "property_name": "idp.oidc.jwksuri.fetchInterval", + "property_type": "duration", + "property_default_value": "PT30M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Upgrade interval to the remote JWKs", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.minRefreshDelay", + "property_type": "duration", + "property_default_value": "PT5M", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.config.maxRefreshDelay", + "property_type": "duration", + "property_default_value": "PT4H", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bounds on the next file refresh of the OP configuration resource", + "note": "no doc" + }, + { + "property_name": "idp.oidc.LoginHintLookupStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultRequestLoginHintLookupFunction", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.", + "note": "no doc" + }, + { + "property_name": "idp.oidc.SPSessionCreationStrategy", + "property_type": "Bean ID", + "property_default_value": "DefaultSPSessionCreationStrategy", + "config_category": "OIDC OP", + "config_file": "oidc.properties", + "idp_vers": 4.1, + "module": "idp.oidc.OP", + "module_vers": 3, + "description": "Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.", + "note": "no doc" + } ] \ No newline at end of file diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 93d9ff1d9..7229a27c3 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,26 +1,99 @@ -import React from 'react'; +import React, { Fragment } from 'react'; import Button from 'react-bootstrap/Button'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave } from '@fortawesome/free-solid-svg-icons'; +import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; import Translate from '../../i18n/components/translate'; +import { ToggleButton } from '../../form/component/ToggleButton'; -import { FormContext, setFormDataAction, setFormErrorAction } from '../../form/FormManager'; +import { useProperties, usePropertiesLoading } from '../hoc/PropertiesProvider'; +import { groupBy } from 'lodash'; +import { useCallback } from 'react'; -export function ConfigurationForm({ property = {}, errors = [], loading = false, schema, onSave, onCancel }) { +export function ConfigurationForm({ configuration = {}, errors = [], schema, onSave, onCancel }) { - const { dispatch } = React.useContext(FormContext); - const onChange = ({ formData, errors }) => { - dispatch(setFormDataAction(formData)); - dispatch(setFormErrorAction(errors)); + const properties = useProperties(); + const loading = usePropertiesLoading(); + + const select = (data) => { + console.log(data); + setSelected(data); + }; + + const [selected, setSelected] = React.useState([]); + + const [config, setConfig] = React.useState({ name: '', properties: [] }); + + // config.properties.filter(p => p.category === item.category).length === properties.filter(p => p.category === item.category).length + + const menu = useCallback((results, menuProps, state) => { + let index = 0; + const mapped = results.map(p => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); + const grouped = groupBy(mapped, 'category'); + const items = Object.keys(grouped).sort().map((item) => ( + + {index !== 0 && } + + + {item} - Add all + + + {grouped[item].map((i) => { + const item = + p.propertyName === i.propertyName) }> + + {`- ${i.propertyName}`} + + ; + index += 1; + return item; + })} + + )); + + return {items}; + }, [config.properties]); + + const token = (option, { onRemove }, index) => ( + + {`${option.propertyName}`} + + ); + + const addProperties = (props) => { + + const parsed = props.reduce((coll, prop, idx) => { + if (prop.isCategory) { + return [...coll, ...properties.filter(p => p.category === prop.category)]; + } else { + return [...coll, prop]; + } + }, []); + + setConfig({ + ...config, + properties: [ + ...config.properties, + ...parsed, + ] + }); + setSelected([]); }; + React.useEffect(() => console.log(selected), [selected]); + return (<>
+
+
+
+
+
+
+ + + + + + + + + + + {config.properties.map((p, idx) => ( + + + + + + + ))} + +
PropertyCategoryTypeValue
{ p.propertyName }
diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js index 4703cc098..131ec0383 100644 --- a/ui/src/app/admin/container/EditConfiguration.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -3,11 +3,11 @@ import React from 'react'; import { Prompt, useHistory } from 'react-router-dom'; import { useParams } from 'react-router-dom'; import Translate from '../../i18n/components/translate'; -import { useProperties } from '../hooks'; +import { useConfigurations } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; -import { PropertyProvider } from '../hoc/PropertyProvider'; +import { ConfigurationsProvider } from '../hoc/ConfigurationsProvider'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; @@ -22,7 +22,7 @@ export function EditConfiguration() { const history = useHistory(); - const { put, response, loading } = useProperties(); + const { put, response, loading } = useConfigurations(); const [blocking, setBlocking] = React.useState(false); @@ -66,7 +66,7 @@ export function EditConfiguration() {
- + {(property) => {(schema) => @@ -84,7 +84,7 @@ export function EditConfiguration() { }} } - +
diff --git a/ui/src/app/admin/container/NewConfiguration.js b/ui/src/app/admin/container/NewConfiguration.js index 5169954b1..d2ece36a9 100644 --- a/ui/src/app/admin/container/NewConfiguration.js +++ b/ui/src/app/admin/container/NewConfiguration.js @@ -2,7 +2,7 @@ import React from 'react'; import { Prompt, useHistory } from 'react-router-dom'; import Translate from '../../i18n/components/translate'; -import { useProperties } from '../hooks'; +import { useConfiguration } from '../hooks'; import { Schema } from '../../form/Schema'; import { FormManager } from '../../form/FormManager'; import { ConfigurationForm } from '../component/ConfigurationForm'; @@ -10,13 +10,14 @@ import { ConfigurationForm } from '../component/ConfigurationForm'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; +import { PropertiesProvider } from '../hoc/PropertiesProvider'; export function NewConfiguration() { const history = useHistory(); const notifier = useNotificationDispatcher(); const translator = useTranslator(); - const { post, response, loading } = useProperties({}); + const { post, response, loading } = useConfiguration({}); const [blocking, setBlocking] = React.useState(false); @@ -55,24 +56,26 @@ export function NewConfiguration() {
- Add a new property + Create new configuration set
- - {(schema) => - - {(data, errors) => - save(data)} - onCancel={() => cancel()} />} - } - + + + {(schema) => + + {(data, errors) => + save(data)} + onCancel={() => cancel()} />} + } + +
diff --git a/ui/src/app/admin/hoc/ConfigurationsProvider.js b/ui/src/app/admin/hoc/ConfigurationsProvider.js index 256805cdc..495743cc2 100644 --- a/ui/src/app/admin/hoc/ConfigurationsProvider.js +++ b/ui/src/app/admin/hoc/ConfigurationsProvider.js @@ -1,31 +1,31 @@ import React from 'react'; -import { useProperties } from '../hooks'; +import { useConfigurations } from '../hooks'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; export function ConfigurationsProvider({ children, cache = 'no-cache' }) { - const [properties, setProperties] = React.useState([]); + const [configurations, setConfigurations] = React.useState([]); const notifier = useNotificationDispatcher(); const translator = useTranslator(); - const { get, del, response, loading } = useProperties({ + const { get, del, response, loading } = useConfigurations({ cachePolicy: cache }); - async function loadProperties() { + async function loadConfigurations() { const list = await get(`assets/data/properties.json`); if (response.ok) { - setProperties(list); + setConfigurations(list); } } - async function removeProperty(id) { + async function removeConfiguration(id) { let toast; const resp = await del(`/${id}`); if (response.ok) { - loadProperties(); + loadConfigurations(); toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); } else { toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); @@ -36,7 +36,7 @@ export function ConfigurationsProvider({ children, cache = 'no-cache' }) { } /*eslint-disable react-hooks/exhaustive-deps*/ - React.useEffect(() => { loadProperties() }, []); + React.useEffect(() => { loadConfigurations() }, []); - return (<>{children(properties, removeProperty, loading)}); + return (<>{children(configurations, removeConfiguration, loading)}); } \ No newline at end of file diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js new file mode 100644 index 000000000..55dde0696 --- /dev/null +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -0,0 +1,50 @@ +import React from 'react'; +import useFetch from 'use-http'; +import API_BASE_PATH, { BASE_PATH } from '../../App.constant'; +import has from 'lodash/has'; +import { groupBy } from 'lodash'; + + +const PropertiesContext = React.createContext(); + +const { Provider, Consumer } = PropertiesContext; + +function PropertiesProvider({ children, cache = 'no-cache' }) { + + const [properties, setProperties] = React.useState([]); + + + const { get, response, loading } = useFetch('', { + cachePolicy: cache + }); + + async function loadProperties() { + const list = await get(`${API_BASE_PATH}/shib/properties`); + if (response.ok) { + setProperties(list); + } + } + + /*eslint-disable react-hooks/exhaustive-deps*/ + React.useEffect(() => { loadProperties() }, []); + + return ({children}); +} + +function useProperties() { + const { properties } = React.useContext(PropertiesContext); + return properties; +} + +function usePropertiesLoading() { + const { loading } = React.useContext(PropertiesContext); + return loading; +} + +export { + PropertiesProvider, + PropertiesContext, + Consumer as PropertiesConsumer, + useProperties, + usePropertiesLoading, +}; diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index 955c510a6..328391778 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -1,7 +1,7 @@ import useFetch from 'use-http'; import isNil from 'lodash/isNil'; import {isValidRegex} from '../core/utility/is_valid_regex'; -import API_BASE_PATH from '../App.constant'; +import API_BASE_PATH, { BASE_PATH } from '../App.constant'; export function useGroups (opts = { cachePolicy: 'no-cache' }) { return useFetch(`${API_BASE_PATH}/admin/groups`, opts); @@ -47,18 +47,18 @@ export function useRoleUiSchema() { return {}; } -export function useProperties (opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/properties`, opts); +export function useConfigurations (opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/configurations`, opts); } -export function useProperty (id, opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/property/${id}`, opts); +export function useConfiguration(id, opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/admin/configuration/${id}`, opts); } -export function usePropertyUiSchema () { +export function useConfigurationUiSchema () { return { description: { 'ui:widget': 'textarea' } }; -} +} \ No newline at end of file diff --git a/ui/src/app/form/component/ToggleButton.js b/ui/src/app/form/component/ToggleButton.js new file mode 100644 index 000000000..d45c04cd4 --- /dev/null +++ b/ui/src/app/form/component/ToggleButton.js @@ -0,0 +1,23 @@ +import Button from 'react-bootstrap/Button'; +import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; +import { faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; + +export function ToggleButton ({ isOpen, onClick, disabled, children }) { + return ( + + ); +} + +export default ToggleButton; \ No newline at end of file diff --git a/ui/src/app/form/component/widgets/OptionWidget.js b/ui/src/app/form/component/widgets/OptionWidget.js index 92fc81b3d..b4ac812c6 100644 --- a/ui/src/app/form/component/widgets/OptionWidget.js +++ b/ui/src/app/form/component/widgets/OptionWidget.js @@ -2,31 +2,17 @@ import React, { useRef } from "react"; import ListGroup from "react-bootstrap/ListGroup"; import Form from "react-bootstrap/Form"; -import Button from 'react-bootstrap/Button'; + import Translate from "../../../i18n/components/translate"; import { InfoIcon } from "../InfoIcon"; import { Typeahead } from 'react-bootstrap-typeahead'; import { FontAwesomeIcon } from "@fortawesome/react-fontawesome"; -import { faAsterisk, faCaretDown, faCaretUp } from "@fortawesome/free-solid-svg-icons"; +import { faAsterisk } from "@fortawesome/free-solid-svg-icons"; import { useTranslator } from "../../../i18n/hooks"; +import { ToggleButton } from '../ToggleButton'; -const ToggleButton = ({ isOpen, onClick, disabled, children }) => ( - -); const OptionWidget = ({ id, diff --git a/ui/src/theme/project/index.scss b/ui/src/theme/project/index.scss index 4e36779c5..6d0de6f9a 100644 --- a/ui/src/theme/project/index.scss +++ b/ui/src/theme/project/index.scss @@ -13,6 +13,7 @@ @import './utility'; @import './notifications'; @import './filters'; +@import './typeahead'; html, body { height: 100%; diff --git a/ui/src/theme/project/typeahead.scss b/ui/src/theme/project/typeahead.scss new file mode 100644 index 000000000..0fca115fa --- /dev/null +++ b/ui/src/theme/project/typeahead.scss @@ -0,0 +1,43 @@ +@import '~react-bootstrap-typeahead/css/Typeahead'; + +.rbt-token-removeable { + cursor: pointer; + padding-right: 21px; +} + +.rbt-token { + background-color: #e7f4ff; + border: 0; + border-radius: .25rem; + color: #007bff; + display: inline-block; + line-height: 1em; + margin: 1px 3px 2px 0; + padding: 4px 7px; + padding-right: 1.8em; + position: relative; + + .rbt-token-remove-button { + bottom: 0; + color: inherit; + font-size: inherit; + font-weight: normal; + opacity: 1; + outline: none; + padding: 3px 7px; + position: absolute; + right: 0; + text-shadow: none; + top: 0px; + + box-sizing: content-box; + width: 1em; + height: 1em; + padding: .25em .25em; + color: inherit; + background: transparent url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='#007bff' %3e%3cpath d='M.293.293a1 1 0 0 1 1.414 0L8 6.586 14.293.293a1 1 0 1 1 1.414 1.414L9.414 8l6.293 6.293a1 1 0 0 1-1.414 1.414L8 9.414l-6.293 6.293a1 1 0 0 1-1.414-1.414L6.586 8 .293 1.707a1 1 0 0 1 0-1.414z'/%3e%3c/svg%3e") center/1em auto no-repeat; + border: 0; + border-radius: .375rem; + } +} + From 52a4d6b6e93fdbcb505ed9e2572687ed12dccea3 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 19 Aug 2022 15:20:06 -0700 Subject: [PATCH 19/63] SHIBUI-2270 expanding backend API and services supporting the API --- .../ui/service/ShibPropertiesBootstrap.groovy | 4 +- .../CustomPropertiesConfiguration.java | 2 +- .../controller/ShibPropertiesController.java | 58 +++++- ...bPropertiesControllerExceptionHandler.java | 44 +++++ .../ShibConfigurationProperty.java | 2 +- .../shib/properties/ShibPropertySet.java | 53 ++++++ .../shib/properties/ShibPropertySetting.java | 29 +++ .../ui/exception/EntityNotFoundException.java | 3 + .../ui/repository/ProjectionIdAndName.java | 6 + .../ShibConfigurationRepository.java | 2 +- .../repository/ShibPropertySetRepository.java | 17 ++ .../ShibPropertySettingRepository.java | 10 + .../ui/service/ShibConfigurationService.java | 21 +- .../service/ShibConfigurationServiceImpl.java | 104 +++++++++- .../ShibPropertiesControllerTests.groovy | 179 ++++++++++++++++++ .../ShibPropertySetRepositoryTests.groovy | 64 +++++++ .../ShibConfigurationServiceTests.groovy | 162 ++++++++++++++++ 17 files changed, 740 insertions(+), 20 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/{ => shib/properties}/ShibConfigurationProperty.java (96%) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy index daf75b61e..d39485ca7 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy @@ -1,7 +1,7 @@ package edu.internet2.tier.shibboleth.admin.ui.service import com.opencsv.CSVReader -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty import groovy.util.logging.Slf4j import org.springframework.beans.factory.annotation.Autowired import org.springframework.boot.context.event.ApplicationStartedEvent @@ -62,7 +62,7 @@ class ShibPropertiesBootstrap { // Save anything that's left if (propertiesMap.size() > 0) { log.info("Saving/loading [" + propertiesMap.size() + "] properties to the database") - service.addAll(propertiesMap.values()) + service.addAllConfigurationProperties(propertiesMap.values()) } log.info("COMPLETED: ensuring base Shibboleth properties configuration has loaded") diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index c2a032f36..ee18f0e65 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -2,7 +2,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.IRelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index a96e2db5d..1721228d5 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -1,14 +1,28 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; +import edu.internet2.tier.shibboleth.admin.ui.domain.CustomEntityAttributeDefinition; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.annotation.Secured; import org.springframework.transaction.annotation.Transactional; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.servlet.support.ServletUriComponentsBuilder; + +import java.util.List; @RestController @RequestMapping(value = "/api/shib") @@ -19,7 +33,47 @@ public class ShibPropertiesController { @GetMapping("/properties") @Transactional(readOnly = true) - public ResponseEntity getAll() { - return ResponseEntity.ok(service.getAll()); + public ResponseEntity getAllConfigurationProperties() { + return ResponseEntity.ok(service.getAllConfigurationProperties()); + } + + /** + * @return a List of the set names and their ids + */ + @GetMapping("/property/set") + @Transactional(readOnly = true) + public ResponseEntity getAllPropertySets() { + return ResponseEntity.ok(service.getAllPropertySets()); + } + + @GetMapping("/property/set/{resourceId}") + @Transactional(readOnly = true) + public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + return ResponseEntity.ok(service.getSet(resourceId)); + } + + @DeleteMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + service.delete(resourceId); + return ResponseEntity.noContent().build(); + } + + @PostMapping("/property/set") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { + // If already defined, we won't/can't create a new one, nor will this call update on the definition + try { + ShibPropertySet set = service.getSet(newSet.getResourceId()); + throw new ObjectIdExistsException(Integer.toString(newSet.getResourceId())); + } + catch (EntityNotFoundException e) { + // we hope not to find this - do nothing + } + + ShibPropertySet result = service.save(newSet); + return ResponseEntity.status(HttpStatus.CREATED).body(result); } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java new file mode 100644 index 000000000..35adfcef0 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -0,0 +1,44 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller; + +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.context.request.WebRequest; +import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; + +@ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) +public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { + +// @ExceptionHandler({ ConcurrentModificationException.class }) +// public ResponseEntity handleConcurrentModificationException(ConcurrentModificationException e, WebRequest request) { +// return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); +// } + + @ExceptionHandler({ EntityNotFoundException.class }) + public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); + } + +// @ExceptionHandler({ ForbiddenException.class }) +// public ResponseEntity handleForbiddenAccess(ForbiddenException e, WebRequest request) { +// return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN, e.getMessage())); +// } + +// @ExceptionHandler({ InvalidPatternMatchException.class }) +// public ResponseEntity handleInvalidUrlMatchException(InvalidPatternMatchException e, WebRequest request) { +// return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorResponse(HttpStatus.BAD_REQUEST, e.getMessage())); +// } + + @ExceptionHandler({ ObjectIdExistsException.class }) + public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { + HttpHeaders headers = new HttpHeaders(); + headers.setLocation(EntityDescriptorController.getResourceUriFor(e.getMessage())); + return ResponseEntity.status(HttpStatus.CONFLICT).headers(headers).body(new ErrorResponse( + String.valueOf(HttpStatus.CONFLICT.value()), + String.format("The property set with id [%s] already exists.", e.getMessage()))); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java similarity index 96% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java index eb0f4ea77..69e860302 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java @@ -1,4 +1,4 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain; +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; import com.fasterxml.jackson.annotation.JsonIgnore; import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java new file mode 100644 index 000000000..309f7e1b6 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java @@ -0,0 +1,53 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; +import lombok.Getter; +import lombok.RequiredArgsConstructor; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Convert; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.OneToMany; +import java.util.ArrayList; +import java.util.List; + +@Entity(name = "shib_property_set") +@Audited +@Getter +@Setter +@ToString +@RequiredArgsConstructor +public class ShibPropertySet { + @Id + @GeneratedValue + private int resourceId; + + @Column(unique = true, nullable = false) + @Convert(converter = EmptyStringToNullConverter.class) + private String name; + + @OneToMany + private List properties = new ArrayList<>(); + + @Override + public boolean equals(Object o) { + if (o instanceof ShibPropertySet) { + ShibPropertySet that = (ShibPropertySet) o; + boolean result = this.name.equals(that.name) && this.resourceId == that.resourceId && this.properties.size() == that.properties.size(); + if (result == true) { + for (ShibPropertySetting thisSetting : this.properties) { + if ( !that.properties.contains(thisSetting) ) { + return false; + } + } + } + return result; + } + return false; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java new file mode 100644 index 000000000..2fa85ff2b --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java @@ -0,0 +1,29 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import lombok.Data; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.ManyToOne; + +@Entity(name = "shib_property_setting") +@Audited +@Data +public class ShibPropertySetting { + @Id + @GeneratedValue + private int resourceId; + + @Column + private String configFile; + + @Column + private String propertyName; + + @Column + private String propertyValue; + +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java index 4d0009523..212c9f990 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java @@ -1,5 +1,8 @@ package edu.internet2.tier.shibboleth.admin.ui.exception; +/** + * Generically meaning - hibernate entity, not SAML entity + */ public class EntityNotFoundException extends Exception { public EntityNotFoundException(String message) { super(message); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java new file mode 100644 index 000000000..6731aea86 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java @@ -0,0 +1,6 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +public interface ProjectionIdAndName{ + String getResourceId(); + String getName(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java index e5889b3cd..86ed4f90a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.repository; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Query; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java new file mode 100644 index 000000000..983758f32 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java @@ -0,0 +1,17 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import org.springframework.data.jpa.repository.JpaRepository; + +import java.util.List; + +/** + * Repository to manage {@link ShibPropertySet} instances. + */ +public interface ShibPropertySetRepository extends JpaRepository { + ShibPropertySet findByName(String name); + + ShibPropertySet findByResourceId(Integer id); + + List findAllBy(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java new file mode 100644 index 000000000..6dda2047b --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java @@ -0,0 +1,10 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import org.springframework.data.jpa.repository.JpaRepository; + +/** + * Repository to manage {@link ShibPropertySetting} instances. + */ +public interface ShibPropertySettingRepository extends JpaRepository { +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index e1eaf5897..d0c220962 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -1,16 +1,29 @@ package edu.internet2.tier.shibboleth.admin.ui.service; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import java.util.Collection; import java.util.List; public interface ShibConfigurationService { - void addAll(Collection newProperties); + void addAllConfigurationProperties(Collection newProperties); + + void delete(int resourceId) throws EntityNotFoundException; + + List getAllConfigurationProperties(); + + List getAllPropertySets(); List getExistingPropertyNames(); - void save(ShibConfigurationProperty prop); + ShibPropertySet getSet(int resourceId) throws EntityNotFoundException; + + ShibPropertySet getSet(String name); + + ShibPropertySet save(ShibPropertySet set); - List getAll(); + ShibConfigurationProperty save(ShibConfigurationProperty prop); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index 1fec3181d..b394caa1f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -1,35 +1,121 @@ package edu.internet2.tier.shibboleth.admin.ui.service; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import javax.transaction.Transactional; +import java.util.ArrayList; import java.util.Collection; +import java.util.HashMap; import java.util.List; +import java.util.ResourceBundle; @Service public class ShibConfigurationServiceImpl implements ShibConfigurationService { @Autowired - private ShibConfigurationRepository repository; + private ShibConfigurationRepository shibConfigurationRepository; + + @Autowired + private ShibPropertySetRepository shibPropertySetRepository; + + @Autowired + private ShibPropertySettingRepository shibPropertySettingRepository; + + @Override + public void addAllConfigurationProperties(Collection newProperties) { + shibConfigurationRepository.saveAll(newProperties); + } + + @Override + public void delete(int resourceId) throws EntityNotFoundException { + ShibPropertySet set = shibPropertySetRepository.findByResourceId(resourceId); + if (set == null) { + throw new EntityNotFoundException(String.format("The property set with id [%s] was not found for update.", resourceId)); + } + shibPropertySettingRepository.deleteAll(set.getProperties()); + shibPropertySetRepository.delete(set); + } + + @Override + public List getAllConfigurationProperties() { + return shibConfigurationRepository.findAll(); + } @Override - public void addAll(Collection newProperties) { - repository.saveAll(newProperties); + public List getAllPropertySets() { + return shibPropertySetRepository.findAllBy(); } @Override public List getExistingPropertyNames() { - return repository.getPropertyNames(); + return shibConfigurationRepository.getPropertyNames(); + } + + @Override + public ShibPropertySet getSet(int resourceId) throws EntityNotFoundException { + ShibPropertySet result = shibPropertySetRepository.findByResourceId(resourceId); + if (result == null) { + throw new EntityNotFoundException((String.format("The property set with id [%s] was not found.", resourceId))); + } + return result; } @Override - public void save(ShibConfigurationProperty prop) { - repository.save(prop); + public ShibPropertySet getSet(String name) { + return shibPropertySetRepository.findByName(name); } @Override - public List getAll() { - return repository.findAll(); + public ShibConfigurationProperty save(ShibConfigurationProperty prop) { + return shibConfigurationRepository.save(prop); } + + @Override + @Transactional + public ShibPropertySet save(ShibPropertySet incomingPropSet) { + ShibPropertySet result = new ShibPropertySet(); + List propertiesToUpdate = new ArrayList<>(); + + if (incomingPropSet.getResourceId() == 0) { + // The incoming set is new, so treat the properties as all new as well + propertiesToUpdate.addAll(shibPropertySettingRepository.saveAll(incomingPropSet.getProperties())); + result.setName(incomingPropSet.getName()); + } else { + // if the prop set exists, get the existing entity and update it + result = shibPropertySetRepository.findByResourceId(incomingPropSet.getResourceId()); + result.setName(incomingPropSet.getName()); + + HashMap existingPropMap = new HashMap<>(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + // find props that are no longer in the set and remove them + incomingPropSet.getProperties().forEach(prop -> existingPropMap.remove(prop.getPropertyName())); + shibPropertySettingRepository.deleteAll(existingPropMap.values()); + // reset our map of existing so we can find new entries + existingPropMap.clear(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + incomingPropSet.getProperties().forEach(prop -> { + if ( !existingPropMap.containsKey(prop.getPropertyName()) ) { + ShibPropertySetting updatedEntity = shibPropertySettingRepository.save(prop); + propertiesToUpdate.add(updatedEntity); + } else { + // get the entity from the map, update it, save to update list + ShibPropertySetting updatedEntity = existingPropMap.get(prop.getPropertyName()); + updatedEntity.setConfigFile(prop.getConfigFile()); + updatedEntity.setPropertyValue(prop.getPropertyValue()); + propertiesToUpdate.add(shibPropertySettingRepository.save(updatedEntity)); + } + }); + } + result.setProperties(propertiesToUpdate); + return shibPropertySetRepository.save(result); + } + } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy new file mode 100644 index 000000000..ae925f074 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy @@ -0,0 +1,179 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller + +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService +import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.test.web.servlet.setup.MockMvcBuilders +import org.springframework.web.client.RestTemplate +import spock.lang.Subject + +import javax.persistence.EntityManager +import javax.transaction.Transactional + +import static org.hamcrest.CoreMatchers.containsString +import static org.springframework.http.MediaType.APPLICATION_JSON +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status + +class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { + @Subject + def controller + + @Autowired + ObjectMapper mapper + + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository propertySetRepo + + @Autowired + ShibPropertySettingRepository propertySettingRepo + + @Autowired + ShibConfigurationService shibConfigurationService + + def defaultSetResourceId + def mockRestTemplate = Mock(RestTemplate) + def mockMvc + + @Transactional + def setup() { + controller = new ShibPropertiesController() + controller.service = shibConfigurationService + mockMvc = MockMvcBuilders.standaloneSetup(controller).build() + + ShibPropertySetting prop1 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar' + + it + } + ShibPropertySetting prop1Saved = propertySettingRepo.save(prop1) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo2' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar2' + + it + } + ShibPropertySetting prop2Saved = propertySettingRepo.save(prop2) + entityManager.flush() + entityManager.clear() + + ArrayList values = new ArrayList<>() + values.add(prop1Saved) + values.add(prop2Saved) + def set = new ShibPropertySet() + set.setName("set1") + set.setProperties(values) + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + defaultSetResourceId = savedSet.resourceId + } + + @WithMockAdmin + def "DELETE /api/shib/property/set"() { + given: + def long setCount = propertySetRepo.count() + def long propsCount = propertySettingRepo.count() + + expect: + setCount == 1 + propsCount == 2 + + try { + mockMvc.perform(delete("/api/shib/property/set/010")) + } + catch (Exception e) { + e instanceof EntityNotFoundException + } + + when: + def result = mockMvc.perform(delete("/api/shib/property/set/" + defaultSetResourceId)) + + then: + result.andExpect(status().isNoContent()) + propertySetRepo.count() == 0 + propertySettingRepo.count() == 0 + + + } + + @WithMockAdmin + def 'GET /api/shib/property/set/{resourceId} non-existent'() { + expect: + try { + mockMvc.perform(get("/api/shib/property/set/0101")) + } + catch (Exception e) { + e instanceof EntityNotFoundException + } + } + + @WithMockAdmin + def "POST /api/shib/property/set - existing set"() { + given: + def jsonBody = mapper.writeValueAsString(propertySetRepo.findByResourceId(defaultSetResourceId)) + + expect: + try { + mockMvc.perform(post('/api/shib/property/set').contentType(APPLICATION_JSON).content(jsonBody)) + } + catch (Exception e) { + e instanceof ObjectIdExistsException + } + } + + @WithMockAdmin + def "POST /api/shib/property/set - new set"() { + when: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'food2.for2.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.name = 'somerandom' + + it + } + + def jsonBody = mapper.writeValueAsString(set) + def result = mockMvc.perform(post('/api/shib/property/set').contentType(APPLICATION_JSON).content(jsonBody)) + + then: + result.andExpect(status().isCreated()).andExpect(jsonPath("\$.name").value("somerandom")) + def createdSet = propertySetRepo.findByName("somerandom") + createdSet.getProperties().size() == 2 + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy new file mode 100644 index 000000000..edcf106d9 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy @@ -0,0 +1,64 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository + +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import org.springframework.beans.factory.annotation.Autowired + +import javax.persistence.EntityManager + +/** + * Tests to validate the repo and model for ShibPropertySetRepository + * Because of how JPA works, these are pretty basic and we put "real use" tests/logic + * into the service that manages the sets + * + * @author chasegawa + */ +class ShibPropertySetRepositoryTests extends AbstractBaseDataJpaTest { + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository repo + + def "basic CRUD operations validated"() { + given: + // No properties, just a blank set + def set = new ShibPropertySet(); + set.setName("set1") + + // Confirm empty db state + when: + def allSets = repo.findAll() + + then: + allSets.size() == 0 + + // save check + when: + def savedSet = repo.save(set) + entityManager.flush() + entityManager.clear() + + then: + def allSets2 = repo.findAll() + allSets2.size() == 1 + + // fetch checks + def fetchedSet = repo.findByResourceId(savedSet.resourceId) + savedSet.equals(fetchedSet) + + def fetchedByName = repo.findByName(savedSet.name) + savedSet.equals(fetchedByName) + + // delete check + when: + repo.delete(set) + entityManager.flush() + entityManager.clear() + def noSets = repo.findAll() + + then: + noSets.size() == 0 + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy new file mode 100644 index 000000000..f98f692a5 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy @@ -0,0 +1,162 @@ +package edu.internet2.tier.shibboleth.admin.ui.service + +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository +import org.springframework.beans.factory.annotation.Autowired + +import javax.persistence.EntityManager +import javax.transaction.Transactional + +class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository propertySetRepo + + @Autowired + ShibPropertySettingRepository propertySettingRepo + + @Autowired + ShibConfigurationService service + + def defaultSetResourceId + + /** + * We use the object mapper to transform to json and then back to new objects so that what we send to the service is never + * the actual hibernate entity from the db, but an unattached copy (ie what the service would be getting as input in reality) + */ + def ObjectMapper objectMapper = new ObjectMapper(); + + @Transactional + def setup() { + ShibPropertySetting prop1 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar' + + it + } + ShibPropertySetting prop1Saved = propertySettingRepo.save(prop1) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo2' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar2' + + it + } + ShibPropertySetting prop2Saved = propertySettingRepo.save(prop2) + entityManager.flush() + entityManager.clear() + + ArrayList values = new ArrayList<>() + values.add(prop1Saved) + values.add(prop2Saved) + def set = new ShibPropertySet() + set.setName("set1") + set.setProperties(values) + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + defaultSetResourceId = savedSet.resourceId + } + + def "check delete"() { + given: + def long setCount = propertySetRepo.count() + def long propsCount = propertySettingRepo.count() + + expect: + setCount == 1 + propsCount == 2 + + when: + service.delete(defaultSetResourceId) + + then: + propertySetRepo.count() == 0 + propertySettingRepo.count() == 0 + } + + def "create new using the service"() { + when: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'food2.for2.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.name = 'somerandom' + + it + } + service.save(set) + ShibPropertySet dbSet = propertySetRepo.findByName("somerandom") + + then: + dbSet.properties.size() == 2 + } + + def "update using the service (add and delete properties)"() { + when: + def defaultSet = propertySetRepo.findByResourceId(defaultSetResourceId) + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + + defaultSet.properties.add(prop) + // create a copy of the set so they can't possibly be real db entities + def copySet = objectMapper.readValue(objectMapper.writeValueAsString(defaultSet), ShibPropertySet.class) + service.save(copySet) + def updatedSet = propertySetRepo.findByResourceId(defaultSetResourceId) + + then: + updatedSet.properties.size() == 3 + + when: + updatedSet.properties.remove(0) + service.save(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) + def updatedSet2 = propertySetRepo.findByResourceId(defaultSetResourceId) + + then: + updatedSet2.properties.size() == 2 + } + + def "fetch with the service"() { + when: + def sets = service.getAllPropertySets() + + then: + sets.size() == 1 + def set = sets.get(0) + set.getName().equals("set1") + + when: + def theSet = service.getSet(Integer.parseInt(set.getResourceId())) + + then: + theSet.getName().equals("set1") + theSet.getProperties().size() == 2 + } + +} \ No newline at end of file From abafe11a94dbe8297dbab047cb777d2c67164e8e Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 19 Aug 2022 15:20:06 -0700 Subject: [PATCH 20/63] SHIBUI-2270 expanding backend API and services supporting the API Former-commit-id: 52a4d6b6e93fdbcb505ed9e2572687ed12dccea3 --- .../ui/service/ShibPropertiesBootstrap.groovy | 4 +- .../CustomPropertiesConfiguration.java | 2 +- .../controller/ShibPropertiesController.java | 58 +++++- ...bPropertiesControllerExceptionHandler.java | 44 +++++ .../ShibConfigurationProperty.java | 2 +- .../shib/properties/ShibPropertySet.java | 53 ++++++ .../shib/properties/ShibPropertySetting.java | 29 +++ .../ui/exception/EntityNotFoundException.java | 3 + .../ui/repository/ProjectionIdAndName.java | 6 + .../ShibConfigurationRepository.java | 2 +- .../repository/ShibPropertySetRepository.java | 17 ++ .../ShibPropertySettingRepository.java | 10 + .../ui/service/ShibConfigurationService.java | 21 +- .../service/ShibConfigurationServiceImpl.java | 104 +++++++++- .../ShibPropertiesControllerTests.groovy | 179 ++++++++++++++++++ .../ShibPropertySetRepositoryTests.groovy | 64 +++++++ .../ShibConfigurationServiceTests.groovy | 162 ++++++++++++++++ 17 files changed, 740 insertions(+), 20 deletions(-) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/{ => shib/properties}/ShibConfigurationProperty.java (96%) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy create mode 100644 backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy index daf75b61e..d39485ca7 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibPropertiesBootstrap.groovy @@ -1,7 +1,7 @@ package edu.internet2.tier.shibboleth.admin.ui.service import com.opencsv.CSVReader -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty import groovy.util.logging.Slf4j import org.springframework.beans.factory.annotation.Autowired import org.springframework.boot.context.event.ApplicationStartedEvent @@ -62,7 +62,7 @@ class ShibPropertiesBootstrap { // Save anything that's left if (propertiesMap.size() > 0) { log.info("Saving/loading [" + propertiesMap.size() + "] properties to the database") - service.addAll(propertiesMap.values()) + service.addAllConfigurationProperties(propertiesMap.values()) } log.info("COMPLETED: ensuring base Shibboleth properties configuration has loaded") diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java index c2a032f36..ee18f0e65 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CustomPropertiesConfiguration.java @@ -2,7 +2,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.IRelyingPartyOverrideProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.RelyingPartyOverrideProperty; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.service.CustomEntityAttributesDefinitionService; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import edu.internet2.tier.shibboleth.admin.ui.service.events.CustomEntityAttributeDefinitionChangeEvent; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index a96e2db5d..1721228d5 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -1,14 +1,28 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; +import edu.internet2.tier.shibboleth.admin.ui.domain.CustomEntityAttributeDefinition; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; +import org.springframework.security.access.annotation.Secured; import org.springframework.transaction.annotation.Transactional; +import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.servlet.support.ServletUriComponentsBuilder; + +import java.util.List; @RestController @RequestMapping(value = "/api/shib") @@ -19,7 +33,47 @@ public class ShibPropertiesController { @GetMapping("/properties") @Transactional(readOnly = true) - public ResponseEntity getAll() { - return ResponseEntity.ok(service.getAll()); + public ResponseEntity getAllConfigurationProperties() { + return ResponseEntity.ok(service.getAllConfigurationProperties()); + } + + /** + * @return a List of the set names and their ids + */ + @GetMapping("/property/set") + @Transactional(readOnly = true) + public ResponseEntity getAllPropertySets() { + return ResponseEntity.ok(service.getAllPropertySets()); + } + + @GetMapping("/property/set/{resourceId}") + @Transactional(readOnly = true) + public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + return ResponseEntity.ok(service.getSet(resourceId)); + } + + @DeleteMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + service.delete(resourceId); + return ResponseEntity.noContent().build(); + } + + @PostMapping("/property/set") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { + // If already defined, we won't/can't create a new one, nor will this call update on the definition + try { + ShibPropertySet set = service.getSet(newSet.getResourceId()); + throw new ObjectIdExistsException(Integer.toString(newSet.getResourceId())); + } + catch (EntityNotFoundException e) { + // we hope not to find this - do nothing + } + + ShibPropertySet result = service.save(newSet); + return ResponseEntity.status(HttpStatus.CREATED).body(result); } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java new file mode 100644 index 000000000..35adfcef0 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -0,0 +1,44 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller; + +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; +import org.springframework.web.bind.annotation.ControllerAdvice; +import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.context.request.WebRequest; +import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; + +@ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) +public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { + +// @ExceptionHandler({ ConcurrentModificationException.class }) +// public ResponseEntity handleConcurrentModificationException(ConcurrentModificationException e, WebRequest request) { +// return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); +// } + + @ExceptionHandler({ EntityNotFoundException.class }) + public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); + } + +// @ExceptionHandler({ ForbiddenException.class }) +// public ResponseEntity handleForbiddenAccess(ForbiddenException e, WebRequest request) { +// return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN, e.getMessage())); +// } + +// @ExceptionHandler({ InvalidPatternMatchException.class }) +// public ResponseEntity handleInvalidUrlMatchException(InvalidPatternMatchException e, WebRequest request) { +// return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorResponse(HttpStatus.BAD_REQUEST, e.getMessage())); +// } + + @ExceptionHandler({ ObjectIdExistsException.class }) + public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { + HttpHeaders headers = new HttpHeaders(); + headers.setLocation(EntityDescriptorController.getResourceUriFor(e.getMessage())); + return ResponseEntity.status(HttpStatus.CONFLICT).headers(headers).body(new ErrorResponse( + String.valueOf(HttpStatus.CONFLICT.value()), + String.format("The property set with id [%s] already exists.", e.getMessage()))); + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java similarity index 96% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java index eb0f4ea77..69e860302 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/ShibConfigurationProperty.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibConfigurationProperty.java @@ -1,4 +1,4 @@ -package edu.internet2.tier.shibboleth.admin.ui.domain; +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; import com.fasterxml.jackson.annotation.JsonIgnore; import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java new file mode 100644 index 000000000..309f7e1b6 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySet.java @@ -0,0 +1,53 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import edu.internet2.tier.shibboleth.admin.util.EmptyStringToNullConverter; +import lombok.Getter; +import lombok.RequiredArgsConstructor; +import lombok.Setter; +import lombok.ToString; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Convert; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.OneToMany; +import java.util.ArrayList; +import java.util.List; + +@Entity(name = "shib_property_set") +@Audited +@Getter +@Setter +@ToString +@RequiredArgsConstructor +public class ShibPropertySet { + @Id + @GeneratedValue + private int resourceId; + + @Column(unique = true, nullable = false) + @Convert(converter = EmptyStringToNullConverter.class) + private String name; + + @OneToMany + private List properties = new ArrayList<>(); + + @Override + public boolean equals(Object o) { + if (o instanceof ShibPropertySet) { + ShibPropertySet that = (ShibPropertySet) o; + boolean result = this.name.equals(that.name) && this.resourceId == that.resourceId && this.properties.size() == that.properties.size(); + if (result == true) { + for (ShibPropertySetting thisSetting : this.properties) { + if ( !that.properties.contains(thisSetting) ) { + return false; + } + } + } + return result; + } + return false; + } +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java new file mode 100644 index 000000000..2fa85ff2b --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java @@ -0,0 +1,29 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import lombok.Data; +import org.hibernate.envers.Audited; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.Id; +import javax.persistence.ManyToOne; + +@Entity(name = "shib_property_setting") +@Audited +@Data +public class ShibPropertySetting { + @Id + @GeneratedValue + private int resourceId; + + @Column + private String configFile; + + @Column + private String propertyName; + + @Column + private String propertyValue; + +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java index 4d0009523..212c9f990 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java @@ -1,5 +1,8 @@ package edu.internet2.tier.shibboleth.admin.ui.exception; +/** + * Generically meaning - hibernate entity, not SAML entity + */ public class EntityNotFoundException extends Exception { public EntityNotFoundException(String message) { super(message); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java new file mode 100644 index 000000000..6731aea86 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ProjectionIdAndName.java @@ -0,0 +1,6 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +public interface ProjectionIdAndName{ + String getResourceId(); + String getName(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java index e5889b3cd..86ed4f90a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibConfigurationRepository.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.repository; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import org.springframework.data.jpa.repository.JpaRepository; import org.springframework.data.jpa.repository.Query; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java new file mode 100644 index 000000000..983758f32 --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepository.java @@ -0,0 +1,17 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import org.springframework.data.jpa.repository.JpaRepository; + +import java.util.List; + +/** + * Repository to manage {@link ShibPropertySet} instances. + */ +public interface ShibPropertySetRepository extends JpaRepository { + ShibPropertySet findByName(String name); + + ShibPropertySet findByResourceId(Integer id); + + List findAllBy(); +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java new file mode 100644 index 000000000..6dda2047b --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySettingRepository.java @@ -0,0 +1,10 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository; + +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import org.springframework.data.jpa.repository.JpaRepository; + +/** + * Repository to manage {@link ShibPropertySetting} instances. + */ +public interface ShibPropertySettingRepository extends JpaRepository { +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index e1eaf5897..d0c220962 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -1,16 +1,29 @@ package edu.internet2.tier.shibboleth.admin.ui.service; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import java.util.Collection; import java.util.List; public interface ShibConfigurationService { - void addAll(Collection newProperties); + void addAllConfigurationProperties(Collection newProperties); + + void delete(int resourceId) throws EntityNotFoundException; + + List getAllConfigurationProperties(); + + List getAllPropertySets(); List getExistingPropertyNames(); - void save(ShibConfigurationProperty prop); + ShibPropertySet getSet(int resourceId) throws EntityNotFoundException; + + ShibPropertySet getSet(String name); + + ShibPropertySet save(ShibPropertySet set); - List getAll(); + ShibConfigurationProperty save(ShibConfigurationProperty prop); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index 1fec3181d..b394caa1f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -1,35 +1,121 @@ package edu.internet2.tier.shibboleth.admin.ui.service; -import edu.internet2.tier.shibboleth.admin.ui.domain.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import javax.transaction.Transactional; +import java.util.ArrayList; import java.util.Collection; +import java.util.HashMap; import java.util.List; +import java.util.ResourceBundle; @Service public class ShibConfigurationServiceImpl implements ShibConfigurationService { @Autowired - private ShibConfigurationRepository repository; + private ShibConfigurationRepository shibConfigurationRepository; + + @Autowired + private ShibPropertySetRepository shibPropertySetRepository; + + @Autowired + private ShibPropertySettingRepository shibPropertySettingRepository; + + @Override + public void addAllConfigurationProperties(Collection newProperties) { + shibConfigurationRepository.saveAll(newProperties); + } + + @Override + public void delete(int resourceId) throws EntityNotFoundException { + ShibPropertySet set = shibPropertySetRepository.findByResourceId(resourceId); + if (set == null) { + throw new EntityNotFoundException(String.format("The property set with id [%s] was not found for update.", resourceId)); + } + shibPropertySettingRepository.deleteAll(set.getProperties()); + shibPropertySetRepository.delete(set); + } + + @Override + public List getAllConfigurationProperties() { + return shibConfigurationRepository.findAll(); + } @Override - public void addAll(Collection newProperties) { - repository.saveAll(newProperties); + public List getAllPropertySets() { + return shibPropertySetRepository.findAllBy(); } @Override public List getExistingPropertyNames() { - return repository.getPropertyNames(); + return shibConfigurationRepository.getPropertyNames(); + } + + @Override + public ShibPropertySet getSet(int resourceId) throws EntityNotFoundException { + ShibPropertySet result = shibPropertySetRepository.findByResourceId(resourceId); + if (result == null) { + throw new EntityNotFoundException((String.format("The property set with id [%s] was not found.", resourceId))); + } + return result; } @Override - public void save(ShibConfigurationProperty prop) { - repository.save(prop); + public ShibPropertySet getSet(String name) { + return shibPropertySetRepository.findByName(name); } @Override - public List getAll() { - return repository.findAll(); + public ShibConfigurationProperty save(ShibConfigurationProperty prop) { + return shibConfigurationRepository.save(prop); } + + @Override + @Transactional + public ShibPropertySet save(ShibPropertySet incomingPropSet) { + ShibPropertySet result = new ShibPropertySet(); + List propertiesToUpdate = new ArrayList<>(); + + if (incomingPropSet.getResourceId() == 0) { + // The incoming set is new, so treat the properties as all new as well + propertiesToUpdate.addAll(shibPropertySettingRepository.saveAll(incomingPropSet.getProperties())); + result.setName(incomingPropSet.getName()); + } else { + // if the prop set exists, get the existing entity and update it + result = shibPropertySetRepository.findByResourceId(incomingPropSet.getResourceId()); + result.setName(incomingPropSet.getName()); + + HashMap existingPropMap = new HashMap<>(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + // find props that are no longer in the set and remove them + incomingPropSet.getProperties().forEach(prop -> existingPropMap.remove(prop.getPropertyName())); + shibPropertySettingRepository.deleteAll(existingPropMap.values()); + // reset our map of existing so we can find new entries + existingPropMap.clear(); + result.getProperties().forEach(prop -> existingPropMap.put(prop.getPropertyName(), prop)); + incomingPropSet.getProperties().forEach(prop -> { + if ( !existingPropMap.containsKey(prop.getPropertyName()) ) { + ShibPropertySetting updatedEntity = shibPropertySettingRepository.save(prop); + propertiesToUpdate.add(updatedEntity); + } else { + // get the entity from the map, update it, save to update list + ShibPropertySetting updatedEntity = existingPropMap.get(prop.getPropertyName()); + updatedEntity.setConfigFile(prop.getConfigFile()); + updatedEntity.setPropertyValue(prop.getPropertyValue()); + propertiesToUpdate.add(shibPropertySettingRepository.save(updatedEntity)); + } + }); + } + result.setProperties(propertiesToUpdate); + return shibPropertySetRepository.save(result); + } + } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy new file mode 100644 index 000000000..ae925f074 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy @@ -0,0 +1,179 @@ +package edu.internet2.tier.shibboleth.admin.ui.controller + +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository +import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService +import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin +import org.springframework.beans.factory.annotation.Autowired +import org.springframework.test.web.servlet.setup.MockMvcBuilders +import org.springframework.web.client.RestTemplate +import spock.lang.Subject + +import javax.persistence.EntityManager +import javax.transaction.Transactional + +import static org.hamcrest.CoreMatchers.containsString +import static org.springframework.http.MediaType.APPLICATION_JSON +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath +import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status + +class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { + @Subject + def controller + + @Autowired + ObjectMapper mapper + + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository propertySetRepo + + @Autowired + ShibPropertySettingRepository propertySettingRepo + + @Autowired + ShibConfigurationService shibConfigurationService + + def defaultSetResourceId + def mockRestTemplate = Mock(RestTemplate) + def mockMvc + + @Transactional + def setup() { + controller = new ShibPropertiesController() + controller.service = shibConfigurationService + mockMvc = MockMvcBuilders.standaloneSetup(controller).build() + + ShibPropertySetting prop1 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar' + + it + } + ShibPropertySetting prop1Saved = propertySettingRepo.save(prop1) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo2' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar2' + + it + } + ShibPropertySetting prop2Saved = propertySettingRepo.save(prop2) + entityManager.flush() + entityManager.clear() + + ArrayList values = new ArrayList<>() + values.add(prop1Saved) + values.add(prop2Saved) + def set = new ShibPropertySet() + set.setName("set1") + set.setProperties(values) + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + defaultSetResourceId = savedSet.resourceId + } + + @WithMockAdmin + def "DELETE /api/shib/property/set"() { + given: + def long setCount = propertySetRepo.count() + def long propsCount = propertySettingRepo.count() + + expect: + setCount == 1 + propsCount == 2 + + try { + mockMvc.perform(delete("/api/shib/property/set/010")) + } + catch (Exception e) { + e instanceof EntityNotFoundException + } + + when: + def result = mockMvc.perform(delete("/api/shib/property/set/" + defaultSetResourceId)) + + then: + result.andExpect(status().isNoContent()) + propertySetRepo.count() == 0 + propertySettingRepo.count() == 0 + + + } + + @WithMockAdmin + def 'GET /api/shib/property/set/{resourceId} non-existent'() { + expect: + try { + mockMvc.perform(get("/api/shib/property/set/0101")) + } + catch (Exception e) { + e instanceof EntityNotFoundException + } + } + + @WithMockAdmin + def "POST /api/shib/property/set - existing set"() { + given: + def jsonBody = mapper.writeValueAsString(propertySetRepo.findByResourceId(defaultSetResourceId)) + + expect: + try { + mockMvc.perform(post('/api/shib/property/set').contentType(APPLICATION_JSON).content(jsonBody)) + } + catch (Exception e) { + e instanceof ObjectIdExistsException + } + } + + @WithMockAdmin + def "POST /api/shib/property/set - new set"() { + when: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'food2.for2.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.name = 'somerandom' + + it + } + + def jsonBody = mapper.writeValueAsString(set) + def result = mockMvc.perform(post('/api/shib/property/set').contentType(APPLICATION_JSON).content(jsonBody)) + + then: + result.andExpect(status().isCreated()).andExpect(jsonPath("\$.name").value("somerandom")) + def createdSet = propertySetRepo.findByName("somerandom") + createdSet.getProperties().size() == 2 + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy new file mode 100644 index 000000000..edcf106d9 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/ShibPropertySetRepositoryTests.groovy @@ -0,0 +1,64 @@ +package edu.internet2.tier.shibboleth.admin.ui.repository + +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import org.springframework.beans.factory.annotation.Autowired + +import javax.persistence.EntityManager + +/** + * Tests to validate the repo and model for ShibPropertySetRepository + * Because of how JPA works, these are pretty basic and we put "real use" tests/logic + * into the service that manages the sets + * + * @author chasegawa + */ +class ShibPropertySetRepositoryTests extends AbstractBaseDataJpaTest { + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository repo + + def "basic CRUD operations validated"() { + given: + // No properties, just a blank set + def set = new ShibPropertySet(); + set.setName("set1") + + // Confirm empty db state + when: + def allSets = repo.findAll() + + then: + allSets.size() == 0 + + // save check + when: + def savedSet = repo.save(set) + entityManager.flush() + entityManager.clear() + + then: + def allSets2 = repo.findAll() + allSets2.size() == 1 + + // fetch checks + def fetchedSet = repo.findByResourceId(savedSet.resourceId) + savedSet.equals(fetchedSet) + + def fetchedByName = repo.findByName(savedSet.name) + savedSet.equals(fetchedByName) + + // delete check + when: + repo.delete(set) + entityManager.flush() + entityManager.clear() + def noSets = repo.findAll() + + then: + noSets.size() == 0 + } +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy new file mode 100644 index 000000000..f98f692a5 --- /dev/null +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy @@ -0,0 +1,162 @@ +package edu.internet2.tier.shibboleth.admin.ui.service + +import com.fasterxml.jackson.databind.ObjectMapper +import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository +import org.springframework.beans.factory.annotation.Autowired + +import javax.persistence.EntityManager +import javax.transaction.Transactional + +class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { + @Autowired + EntityManager entityManager + + @Autowired + ShibPropertySetRepository propertySetRepo + + @Autowired + ShibPropertySettingRepository propertySettingRepo + + @Autowired + ShibConfigurationService service + + def defaultSetResourceId + + /** + * We use the object mapper to transform to json and then back to new objects so that what we send to the service is never + * the actual hibernate entity from the db, but an unattached copy (ie what the service would be getting as input in reality) + */ + def ObjectMapper objectMapper = new ObjectMapper(); + + @Transactional + def setup() { + ShibPropertySetting prop1 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar' + + it + } + ShibPropertySetting prop1Saved = propertySettingRepo.save(prop1) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'foo2' + it.configFile = 'defaults.properties' + it.propertyValue = 'bar2' + + it + } + ShibPropertySetting prop2Saved = propertySettingRepo.save(prop2) + entityManager.flush() + entityManager.clear() + + ArrayList values = new ArrayList<>() + values.add(prop1Saved) + values.add(prop2Saved) + def set = new ShibPropertySet() + set.setName("set1") + set.setProperties(values) + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + defaultSetResourceId = savedSet.resourceId + } + + def "check delete"() { + given: + def long setCount = propertySetRepo.count() + def long propsCount = propertySettingRepo.count() + + expect: + setCount == 1 + propsCount == 2 + + when: + service.delete(defaultSetResourceId) + + then: + propertySetRepo.count() == 0 + propertySettingRepo.count() == 0 + } + + def "create new using the service"() { + when: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'food2.for2.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.name = 'somerandom' + + it + } + service.save(set) + ShibPropertySet dbSet = propertySetRepo.findByName("somerandom") + + then: + dbSet.properties.size() == 2 + } + + def "update using the service (add and delete properties)"() { + when: + def defaultSet = propertySetRepo.findByResourceId(defaultSetResourceId) + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'food.for.thought' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + + it + } + + defaultSet.properties.add(prop) + // create a copy of the set so they can't possibly be real db entities + def copySet = objectMapper.readValue(objectMapper.writeValueAsString(defaultSet), ShibPropertySet.class) + service.save(copySet) + def updatedSet = propertySetRepo.findByResourceId(defaultSetResourceId) + + then: + updatedSet.properties.size() == 3 + + when: + updatedSet.properties.remove(0) + service.save(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) + def updatedSet2 = propertySetRepo.findByResourceId(defaultSetResourceId) + + then: + updatedSet2.properties.size() == 2 + } + + def "fetch with the service"() { + when: + def sets = service.getAllPropertySets() + + then: + sets.size() == 1 + def set = sets.get(0) + set.getName().equals("set1") + + when: + def theSet = service.getSet(Integer.parseInt(set.getResourceId())) + + then: + theSet.getName().equals("set1") + theSet.getProperties().size() == 2 + } + +} \ No newline at end of file From 375522a7f81024283d926833c3a8479487b88676 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 19 Aug 2022 16:15:53 -0700 Subject: [PATCH 21/63] SHIBUI-2270 expanding backend API and services supporting the API --- .../controller/ShibPropertiesController.java | 20 ++++++------ ...bPropertiesControllerExceptionHandler.java | 16 ---------- .../ui/service/ShibConfigurationService.java | 9 +++--- .../service/ShibConfigurationServiceImpl.java | 28 +++++++++++------ .../ShibPropertiesControllerTests.groovy | 31 +++++++++++++++++++ .../ShibConfigurationServiceTests.groovy | 6 ++-- 6 files changed, 68 insertions(+), 42 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index 1721228d5..8b3952954 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -64,16 +65,15 @@ public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) thr @Secured("ROLE_ADMIN") @Transactional public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { - // If already defined, we won't/can't create a new one, nor will this call update on the definition - try { - ShibPropertySet set = service.getSet(newSet.getResourceId()); - throw new ObjectIdExistsException(Integer.toString(newSet.getResourceId())); - } - catch (EntityNotFoundException e) { - // we hope not to find this - do nothing - } - - ShibPropertySet result = service.save(newSet); + ShibPropertySet result = service.create(newSet); return ResponseEntity.status(HttpStatus.CREATED).body(result); } + + @PutMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws EntityNotFoundException { + ShibPropertySet result = service.update(setToUpdate); + return ResponseEntity.status(HttpStatus.OK).body(result); + } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java index 35adfcef0..bc16bb739 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -12,27 +12,11 @@ @ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { - -// @ExceptionHandler({ ConcurrentModificationException.class }) -// public ResponseEntity handleConcurrentModificationException(ConcurrentModificationException e, WebRequest request) { -// return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); -// } - @ExceptionHandler({ EntityNotFoundException.class }) public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } -// @ExceptionHandler({ ForbiddenException.class }) -// public ResponseEntity handleForbiddenAccess(ForbiddenException e, WebRequest request) { -// return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN, e.getMessage())); -// } - -// @ExceptionHandler({ InvalidPatternMatchException.class }) -// public ResponseEntity handleInvalidUrlMatchException(InvalidPatternMatchException e, WebRequest request) { -// return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorResponse(HttpStatus.BAD_REQUEST, e.getMessage())); -// } - @ExceptionHandler({ ObjectIdExistsException.class }) public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { HttpHeaders headers = new HttpHeaders(); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index d0c220962..64c029d96 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -3,6 +3,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import java.util.Collection; @@ -11,6 +12,8 @@ public interface ShibConfigurationService { void addAllConfigurationProperties(Collection newProperties); + ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException; + void delete(int resourceId) throws EntityNotFoundException; List getAllConfigurationProperties(); @@ -21,9 +24,7 @@ public interface ShibConfigurationService { ShibPropertySet getSet(int resourceId) throws EntityNotFoundException; - ShibPropertySet getSet(String name); - - ShibPropertySet save(ShibPropertySet set); - ShibConfigurationProperty save(ShibConfigurationProperty prop); + + ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException; } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index b394caa1f..74d9e3637 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -4,6 +4,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; @@ -11,12 +12,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import javax.transaction.Transactional; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.List; -import java.util.ResourceBundle; @Service public class ShibConfigurationServiceImpl implements ShibConfigurationService { @@ -34,6 +33,18 @@ public void addAllConfigurationProperties(Collection shibConfigurationRepository.saveAll(newProperties); } + @Override + public ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException { + try { + getSet(set.getResourceId()); + throw new ObjectIdExistsException(Integer.toString(set.getResourceId())); + } + catch (EntityNotFoundException e) { + // we don't want to find the object + } + return save(set); + } + @Override public void delete(int resourceId) throws EntityNotFoundException { ShibPropertySet set = shibPropertySetRepository.findByResourceId(resourceId); @@ -68,19 +79,18 @@ public ShibPropertySet getSet(int resourceId) throws EntityNotFoundException { return result; } - @Override - public ShibPropertySet getSet(String name) { - return shibPropertySetRepository.findByName(name); - } - @Override public ShibConfigurationProperty save(ShibConfigurationProperty prop) { return shibConfigurationRepository.save(prop); } @Override - @Transactional - public ShibPropertySet save(ShibPropertySet incomingPropSet) { + public ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException { + getSet(setToUpdate.getResourceId()); // check that it exists, if not it'll throw an exception + return save(setToUpdate); + } + + private ShibPropertySet save(ShibPropertySet incomingPropSet) { ShibPropertySet result = new ShibPropertySet(); List propertiesToUpdate = new ArrayList<>(); diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy index ae925f074..e5c418f9d 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy @@ -23,6 +23,7 @@ import static org.springframework.http.MediaType.APPLICATION_JSON import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath @@ -176,4 +177,34 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { def createdSet = propertySetRepo.findByName("somerandom") createdSet.getProperties().size() == 2 } + + @WithMockAdmin + def "PUT /api/shib/property/set update set that doesn't exist"() { + when: + ShibPropertySet set = propertySetRepo.findByResourceId(defaultSetResourceId) + set.resourceId = 1234 + def jsonBody = mapper.writeValueAsString(set) + + then: + try { + mockMvc.perform(put('/api/shib/property/set/1234').contentType(APPLICATION_JSON).content(jsonBody)) + } + catch (Exception e) { + e instanceof EntityNotFoundException + } + } + + @WithMockAdmin + def "PUT /api/shib/property/set update set"() { + when: + ShibPropertySet set = propertySetRepo.findByResourceId(defaultSetResourceId) + set.name = "newName" + def jsonBody = mapper.writeValueAsString(set) + def url = "/api/shib/property/set/{resourceId}" + def result = mockMvc.perform(put(url, defaultSetResourceId).contentType(APPLICATION_JSON).content(jsonBody)) + + then: + result.andExpect(status().isOk()).andExpect(jsonPath("\$.name").value("newName")) + propertySetRepo.findByResourceId(defaultSetResourceId).name.equals("newName") + } } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy index f98f692a5..36f548215 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy @@ -106,7 +106,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { it } - service.save(set) + service.create(set) ShibPropertySet dbSet = propertySetRepo.findByName("somerandom") then: @@ -127,7 +127,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { defaultSet.properties.add(prop) // create a copy of the set so they can't possibly be real db entities def copySet = objectMapper.readValue(objectMapper.writeValueAsString(defaultSet), ShibPropertySet.class) - service.save(copySet) + service.update(copySet) def updatedSet = propertySetRepo.findByResourceId(defaultSetResourceId) then: @@ -135,7 +135,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { when: updatedSet.properties.remove(0) - service.save(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) + service.update(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) def updatedSet2 = propertySetRepo.findByResourceId(defaultSetResourceId) then: From 4fa685456dd99415bb1b5765aca54400a8cc409f Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 19 Aug 2022 16:15:53 -0700 Subject: [PATCH 22/63] SHIBUI-2270 expanding backend API and services supporting the API Former-commit-id: 375522a7f81024283d926833c3a8479487b88676 --- .../controller/ShibPropertiesController.java | 20 ++++++------ ...bPropertiesControllerExceptionHandler.java | 16 ---------- .../ui/service/ShibConfigurationService.java | 9 +++--- .../service/ShibConfigurationServiceImpl.java | 28 +++++++++++------ .../ShibPropertiesControllerTests.groovy | 31 +++++++++++++++++++ .../ShibConfigurationServiceTests.groovy | 6 ++-- 6 files changed, 68 insertions(+), 42 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index 1721228d5..8b3952954 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -17,6 +17,7 @@ import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PostMapping; +import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -64,16 +65,15 @@ public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) thr @Secured("ROLE_ADMIN") @Transactional public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { - // If already defined, we won't/can't create a new one, nor will this call update on the definition - try { - ShibPropertySet set = service.getSet(newSet.getResourceId()); - throw new ObjectIdExistsException(Integer.toString(newSet.getResourceId())); - } - catch (EntityNotFoundException e) { - // we hope not to find this - do nothing - } - - ShibPropertySet result = service.save(newSet); + ShibPropertySet result = service.create(newSet); return ResponseEntity.status(HttpStatus.CREATED).body(result); } + + @PutMapping("/property/set/{resourceId}") + @Secured("ROLE_ADMIN") + @Transactional + public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws EntityNotFoundException { + ShibPropertySet result = service.update(setToUpdate); + return ResponseEntity.status(HttpStatus.OK).body(result); + } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java index 35adfcef0..bc16bb739 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -12,27 +12,11 @@ @ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { - -// @ExceptionHandler({ ConcurrentModificationException.class }) -// public ResponseEntity handleConcurrentModificationException(ConcurrentModificationException e, WebRequest request) { -// return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); -// } - @ExceptionHandler({ EntityNotFoundException.class }) public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } -// @ExceptionHandler({ ForbiddenException.class }) -// public ResponseEntity handleForbiddenAccess(ForbiddenException e, WebRequest request) { -// return ResponseEntity.status(HttpStatus.FORBIDDEN).body(new ErrorResponse(HttpStatus.FORBIDDEN, e.getMessage())); -// } - -// @ExceptionHandler({ InvalidPatternMatchException.class }) -// public ResponseEntity handleInvalidUrlMatchException(InvalidPatternMatchException e, WebRequest request) { -// return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(new ErrorResponse(HttpStatus.BAD_REQUEST, e.getMessage())); -// } - @ExceptionHandler({ ObjectIdExistsException.class }) public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { HttpHeaders headers = new HttpHeaders(); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index d0c220962..64c029d96 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -3,6 +3,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import java.util.Collection; @@ -11,6 +12,8 @@ public interface ShibConfigurationService { void addAllConfigurationProperties(Collection newProperties); + ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException; + void delete(int resourceId) throws EntityNotFoundException; List getAllConfigurationProperties(); @@ -21,9 +24,7 @@ public interface ShibConfigurationService { ShibPropertySet getSet(int resourceId) throws EntityNotFoundException; - ShibPropertySet getSet(String name); - - ShibPropertySet save(ShibPropertySet set); - ShibConfigurationProperty save(ShibConfigurationProperty prop); + + ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException; } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index b394caa1f..74d9e3637 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -4,6 +4,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; @@ -11,12 +12,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import javax.transaction.Transactional; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; import java.util.List; -import java.util.ResourceBundle; @Service public class ShibConfigurationServiceImpl implements ShibConfigurationService { @@ -34,6 +33,18 @@ public void addAllConfigurationProperties(Collection shibConfigurationRepository.saveAll(newProperties); } + @Override + public ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException { + try { + getSet(set.getResourceId()); + throw new ObjectIdExistsException(Integer.toString(set.getResourceId())); + } + catch (EntityNotFoundException e) { + // we don't want to find the object + } + return save(set); + } + @Override public void delete(int resourceId) throws EntityNotFoundException { ShibPropertySet set = shibPropertySetRepository.findByResourceId(resourceId); @@ -68,19 +79,18 @@ public ShibPropertySet getSet(int resourceId) throws EntityNotFoundException { return result; } - @Override - public ShibPropertySet getSet(String name) { - return shibPropertySetRepository.findByName(name); - } - @Override public ShibConfigurationProperty save(ShibConfigurationProperty prop) { return shibConfigurationRepository.save(prop); } @Override - @Transactional - public ShibPropertySet save(ShibPropertySet incomingPropSet) { + public ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException { + getSet(setToUpdate.getResourceId()); // check that it exists, if not it'll throw an exception + return save(setToUpdate); + } + + private ShibPropertySet save(ShibPropertySet incomingPropSet) { ShibPropertySet result = new ShibPropertySet(); List propertiesToUpdate = new ArrayList<>(); diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy index ae925f074..e5c418f9d 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy @@ -23,6 +23,7 @@ import static org.springframework.http.MediaType.APPLICATION_JSON import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post +import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath @@ -176,4 +177,34 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { def createdSet = propertySetRepo.findByName("somerandom") createdSet.getProperties().size() == 2 } + + @WithMockAdmin + def "PUT /api/shib/property/set update set that doesn't exist"() { + when: + ShibPropertySet set = propertySetRepo.findByResourceId(defaultSetResourceId) + set.resourceId = 1234 + def jsonBody = mapper.writeValueAsString(set) + + then: + try { + mockMvc.perform(put('/api/shib/property/set/1234').contentType(APPLICATION_JSON).content(jsonBody)) + } + catch (Exception e) { + e instanceof EntityNotFoundException + } + } + + @WithMockAdmin + def "PUT /api/shib/property/set update set"() { + when: + ShibPropertySet set = propertySetRepo.findByResourceId(defaultSetResourceId) + set.name = "newName" + def jsonBody = mapper.writeValueAsString(set) + def url = "/api/shib/property/set/{resourceId}" + def result = mockMvc.perform(put(url, defaultSetResourceId).contentType(APPLICATION_JSON).content(jsonBody)) + + then: + result.andExpect(status().isOk()).andExpect(jsonPath("\$.name").value("newName")) + propertySetRepo.findByResourceId(defaultSetResourceId).name.equals("newName") + } } \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy index f98f692a5..36f548215 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy @@ -106,7 +106,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { it } - service.save(set) + service.create(set) ShibPropertySet dbSet = propertySetRepo.findByName("somerandom") then: @@ -127,7 +127,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { defaultSet.properties.add(prop) // create a copy of the set so they can't possibly be real db entities def copySet = objectMapper.readValue(objectMapper.writeValueAsString(defaultSet), ShibPropertySet.class) - service.save(copySet) + service.update(copySet) def updatedSet = propertySetRepo.findByResourceId(defaultSetResourceId) then: @@ -135,7 +135,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { when: updatedSet.properties.remove(0) - service.save(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) + service.update(objectMapper.readValue(objectMapper.writeValueAsString(updatedSet), ShibPropertySet.class)) def updatedSet2 = propertySetRepo.findByResourceId(defaultSetResourceId) then: From 5e181da23ad2f721f58cf4c5fd5e2bfefd6050b1 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 19 Aug 2022 16:32:05 -0700 Subject: [PATCH 23/63] SHIBUI-2270 expanding backend API and services supporting the API --- .../ui/controller/ShibPropertiesController.java | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index 8b3952954..e81a872b8 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -1,14 +1,13 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; -import edu.internet2.tier.shibboleth.admin.ui.domain.CustomEntityAttributeDefinition; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; +import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.annotation.Secured; @@ -21,9 +20,6 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.servlet.support.ServletUriComponentsBuilder; - -import java.util.List; @RestController @RequestMapping(value = "/api/shib") @@ -34,6 +30,8 @@ public class ShibPropertiesController { @GetMapping("/properties") @Transactional(readOnly = true) + @Operation(description = "Return all the configuration properties - used to populate the UI with the know configuration properties", + summary = "Return all the configuration properties - used to populate the UI with the know configuration properties", method = "GET") public ResponseEntity getAllConfigurationProperties() { return ResponseEntity.ok(service.getAllConfigurationProperties()); } @@ -43,12 +41,16 @@ public ResponseEntity getAllConfigurationProperties() { */ @GetMapping("/property/set") @Transactional(readOnly = true) + @Operation(description = "Return a list of all the set names and their resourceId", + summary = "Return a list of all the set names and their resourceId", method = "GET") public ResponseEntity getAllPropertySets() { return ResponseEntity.ok(service.getAllPropertySets()); } @GetMapping("/property/set/{resourceId}") @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId", + summary = "Return the property set with the given resourceId", method = "GET") public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { return ResponseEntity.ok(service.getSet(resourceId)); } @@ -64,6 +66,8 @@ public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) thr @PostMapping("/property/set") @Secured("ROLE_ADMIN") @Transactional + @Operation(description = "Create a property set with all new information - must not be an existing set", + summary = "Create a property set with all new information - must not be an existing set", method = "POST") public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { ShibPropertySet result = service.create(newSet); return ResponseEntity.status(HttpStatus.CREATED).body(result); @@ -72,6 +76,8 @@ public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) @PutMapping("/property/set/{resourceId}") @Secured("ROLE_ADMIN") @Transactional + @Operation(description = "Update a property set with with the matching resourceId - must exist", + summary = "Update an existing property set with the matching resourceId - must exist", method = "PUT") public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws EntityNotFoundException { ShibPropertySet result = service.update(setToUpdate); return ResponseEntity.status(HttpStatus.OK).body(result); From ba36424dbd67566d63aaba88a4d8fce0b17d6af3 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 19 Aug 2022 16:32:05 -0700 Subject: [PATCH 24/63] SHIBUI-2270 expanding backend API and services supporting the API Former-commit-id: 5e181da23ad2f721f58cf4c5fd5e2bfefd6050b1 --- .../ui/controller/ShibPropertiesController.java | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index 8b3952954..e81a872b8 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -1,14 +1,13 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; -import edu.internet2.tier.shibboleth.admin.ui.domain.CustomEntityAttributeDefinition; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; +import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.access.annotation.Secured; @@ -21,9 +20,6 @@ import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.servlet.support.ServletUriComponentsBuilder; - -import java.util.List; @RestController @RequestMapping(value = "/api/shib") @@ -34,6 +30,8 @@ public class ShibPropertiesController { @GetMapping("/properties") @Transactional(readOnly = true) + @Operation(description = "Return all the configuration properties - used to populate the UI with the know configuration properties", + summary = "Return all the configuration properties - used to populate the UI with the know configuration properties", method = "GET") public ResponseEntity getAllConfigurationProperties() { return ResponseEntity.ok(service.getAllConfigurationProperties()); } @@ -43,12 +41,16 @@ public ResponseEntity getAllConfigurationProperties() { */ @GetMapping("/property/set") @Transactional(readOnly = true) + @Operation(description = "Return a list of all the set names and their resourceId", + summary = "Return a list of all the set names and their resourceId", method = "GET") public ResponseEntity getAllPropertySets() { return ResponseEntity.ok(service.getAllPropertySets()); } @GetMapping("/property/set/{resourceId}") @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId", + summary = "Return the property set with the given resourceId", method = "GET") public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { return ResponseEntity.ok(service.getSet(resourceId)); } @@ -64,6 +66,8 @@ public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) thr @PostMapping("/property/set") @Secured("ROLE_ADMIN") @Transactional + @Operation(description = "Create a property set with all new information - must not be an existing set", + summary = "Create a property set with all new information - must not be an existing set", method = "POST") public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) throws ObjectIdExistsException { ShibPropertySet result = service.create(newSet); return ResponseEntity.status(HttpStatus.CREATED).body(result); @@ -72,6 +76,8 @@ public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) @PutMapping("/property/set/{resourceId}") @Secured("ROLE_ADMIN") @Transactional + @Operation(description = "Update a property set with with the matching resourceId - must exist", + summary = "Update an existing property set with the matching resourceId - must exist", method = "PUT") public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws EntityNotFoundException { ShibPropertySet result = service.update(setToUpdate); return ResponseEntity.status(HttpStatus.OK).body(result); From d4ea0ffd3f55b66c4c17467abe26e6659e9ec683 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 22 Aug 2022 15:05:18 -0700 Subject: [PATCH 25/63] SHIBUI-2270 expanding backend API to download zip file for a file set --- .../controller/ShibPropertiesController.java | 57 ++++++++++++++++++- ...bPropertiesControllerExceptionHandler.java | 9 ++- 2 files changed, 64 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index e81a872b8..e4d4112b1 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -1,12 +1,14 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; +import org.apache.tomcat.util.http.fileupload.IOUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -21,6 +23,15 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.zip.ZipEntry; +import java.util.zip.ZipOutputStream; + @RestController @RequestMapping(value = "/api/shib") @Tags(value = {@Tag(name = "Shibboleth Properties")}) @@ -47,7 +58,7 @@ public ResponseEntity getAllPropertySets() { return ResponseEntity.ok(service.getAllPropertySets()); } - @GetMapping("/property/set/{resourceId}") + @GetMapping(value="/property/set/{resourceId}", produces="applcation/json") @Transactional(readOnly = true) @Operation(description = "Return the property set with the given resourceId", summary = "Return the property set with the given resourceId", method = "GET") @@ -55,6 +66,50 @@ public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws return ResponseEntity.ok(service.getSet(resourceId)); } + @GetMapping(value="/property/set/{resourceId}", produces="application/zip") + @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId as a zip file of the properties files", + summary = "Return the property set with the given resourceId as a zip file of the properties files", method = "GET") + public ResponseEntity getPropertySetAsZip(@PathVariable Integer resourceId) throws EntityNotFoundException, IOException { + ShibPropertySet set = service.getSet(resourceId); + StringBuilder sb = new StringBuilder("attachment; filename=\"").append(set.getName()).append(".zip\""); + return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZip(convertPropertiesToMaps(set.getProperties()))); + } + + private Map> convertPropertiesToMaps(List properties) { + HashMap> result = new HashMap<>(); + for (ShibPropertySetting setting:properties){ + String confFile = setting.getConfigFile(); + if (!result.containsKey(confFile)) { + Map props = new HashMap<>(); + result.put(confFile,props); + } + Map props = result.get(confFile); + props.put(setting.getPropertyName(), setting.getPropertyValue()); +// result.put(confFile,props); + } + return result; + } + + private byte[] prepDownloadAsZip(Map> propertiesFiles) throws IOException { + ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); + ZipOutputStream zipOutputStream = new ZipOutputStream(byteOutputStream); + + for (String filename : propertiesFiles.keySet()) { + zipOutputStream.putNextEntry(new ZipEntry(filename)); + Map properties = propertiesFiles.get(filename); + StringBuilder props = new StringBuilder(); + for (String key : properties.keySet()) { + props.append(key).append("=").append(properties.get(key)).append("\n"); + } + ByteArrayInputStream inputStream = new ByteArrayInputStream(props.toString().getBytes()); + IOUtils.copy(inputStream, zipOutputStream); + zipOutputStream.closeEntry(); + } + zipOutputStream.close(); + return byteOutputStream.toByteArray(); + } + @DeleteMapping("/property/set/{resourceId}") @Secured("ROLE_ADMIN") @Transactional diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java index bc16bb739..cbc9cb133 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -10,13 +10,20 @@ import org.springframework.web.context.request.WebRequest; import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; +import java.io.IOException; + @ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { @ExceptionHandler({ EntityNotFoundException.class }) public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } - + + @ExceptionHandler({ IOException.class }) + public ResponseEntity handleIOException(EntityNotFoundException e, WebRequest request) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Error creating file"); + } + @ExceptionHandler({ ObjectIdExistsException.class }) public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { HttpHeaders headers = new HttpHeaders(); From 996d221bd8e98cc004e82b2c9e3f32614f16cd0a Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 22 Aug 2022 15:05:18 -0700 Subject: [PATCH 26/63] SHIBUI-2270 expanding backend API to download zip file for a file set Former-commit-id: d4ea0ffd3f55b66c4c17467abe26e6659e9ec683 --- .../controller/ShibPropertiesController.java | 57 ++++++++++++++++++- ...bPropertiesControllerExceptionHandler.java | 9 ++- 2 files changed, 64 insertions(+), 2 deletions(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index e81a872b8..e4d4112b1 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -1,12 +1,14 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; +import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; +import org.apache.tomcat.util.http.fileupload.IOUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -21,6 +23,15 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.zip.ZipEntry; +import java.util.zip.ZipOutputStream; + @RestController @RequestMapping(value = "/api/shib") @Tags(value = {@Tag(name = "Shibboleth Properties")}) @@ -47,7 +58,7 @@ public ResponseEntity getAllPropertySets() { return ResponseEntity.ok(service.getAllPropertySets()); } - @GetMapping("/property/set/{resourceId}") + @GetMapping(value="/property/set/{resourceId}", produces="applcation/json") @Transactional(readOnly = true) @Operation(description = "Return the property set with the given resourceId", summary = "Return the property set with the given resourceId", method = "GET") @@ -55,6 +66,50 @@ public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws return ResponseEntity.ok(service.getSet(resourceId)); } + @GetMapping(value="/property/set/{resourceId}", produces="application/zip") + @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId as a zip file of the properties files", + summary = "Return the property set with the given resourceId as a zip file of the properties files", method = "GET") + public ResponseEntity getPropertySetAsZip(@PathVariable Integer resourceId) throws EntityNotFoundException, IOException { + ShibPropertySet set = service.getSet(resourceId); + StringBuilder sb = new StringBuilder("attachment; filename=\"").append(set.getName()).append(".zip\""); + return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZip(convertPropertiesToMaps(set.getProperties()))); + } + + private Map> convertPropertiesToMaps(List properties) { + HashMap> result = new HashMap<>(); + for (ShibPropertySetting setting:properties){ + String confFile = setting.getConfigFile(); + if (!result.containsKey(confFile)) { + Map props = new HashMap<>(); + result.put(confFile,props); + } + Map props = result.get(confFile); + props.put(setting.getPropertyName(), setting.getPropertyValue()); +// result.put(confFile,props); + } + return result; + } + + private byte[] prepDownloadAsZip(Map> propertiesFiles) throws IOException { + ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); + ZipOutputStream zipOutputStream = new ZipOutputStream(byteOutputStream); + + for (String filename : propertiesFiles.keySet()) { + zipOutputStream.putNextEntry(new ZipEntry(filename)); + Map properties = propertiesFiles.get(filename); + StringBuilder props = new StringBuilder(); + for (String key : properties.keySet()) { + props.append(key).append("=").append(properties.get(key)).append("\n"); + } + ByteArrayInputStream inputStream = new ByteArrayInputStream(props.toString().getBytes()); + IOUtils.copy(inputStream, zipOutputStream); + zipOutputStream.closeEntry(); + } + zipOutputStream.close(); + return byteOutputStream.toByteArray(); + } + @DeleteMapping("/property/set/{resourceId}") @Secured("ROLE_ADMIN") @Transactional diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java index bc16bb739..cbc9cb133 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -10,13 +10,20 @@ import org.springframework.web.context.request.WebRequest; import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; +import java.io.IOException; + @ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { @ExceptionHandler({ EntityNotFoundException.class }) public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } - + + @ExceptionHandler({ IOException.class }) + public ResponseEntity handleIOException(EntityNotFoundException e, WebRequest request) { + return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Error creating file"); + } + @ExceptionHandler({ ObjectIdExistsException.class }) public ResponseEntity handleObjectIdExistsException(ObjectIdExistsException e, WebRequest request) { HttpHeaders headers = new HttpHeaders(); From fd68ec9408a39bef2980e2f9d22074519d4d15c8 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 22 Aug 2022 15:06:51 -0700 Subject: [PATCH 27/63] SHIBUI-2270 cleanup --- .../shibboleth/admin/ui/controller/ShibPropertiesController.java | 1 - 1 file changed, 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index e4d4112b1..b5895db41 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -86,7 +86,6 @@ private Map> convertPropertiesToMaps(List props = result.get(confFile); props.put(setting.getPropertyName(), setting.getPropertyValue()); -// result.put(confFile,props); } return result; } From 5161791209c587352c1f86ee2e1a134c21a757e7 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 22 Aug 2022 15:06:51 -0700 Subject: [PATCH 28/63] SHIBUI-2270 cleanup Former-commit-id: fd68ec9408a39bef2980e2f9d22074519d4d15c8 --- .../shibboleth/admin/ui/controller/ShibPropertiesController.java | 1 - 1 file changed, 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index e4d4112b1..b5895db41 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -86,7 +86,6 @@ private Map> convertPropertiesToMaps(List props = result.get(confFile); props.put(setting.getPropertyName(), setting.getPropertyValue()); -// result.put(confFile,props); } return result; } From 705bc5770431f72a4e393cc704996d753b60575e Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 22 Aug 2022 15:15:02 -0700 Subject: [PATCH 29/63] SHIBUI-2270 cleanup removing sql file --- .../src/main/resources/db/changelog/temp.sql | 656 ------------------ 1 file changed, 656 deletions(-) delete mode 100644 backend/src/main/resources/db/changelog/temp.sql diff --git a/backend/src/main/resources/db/changelog/temp.sql b/backend/src/main/resources/db/changelog/temp.sql deleted file mode 100644 index 927ab6522..000000000 --- a/backend/src/main/resources/db/changelog/temp.sql +++ /dev/null @@ -1,656 +0,0 @@ -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('17', 'SecurityConfiguration', 'idp.properties', 'Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified', 'all', null, null, null, null, 'idp.cookie.sameSite', 'SELECTION_LIST', 'None,Lax,Strict', null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('3', 'RelyingPartyConfiguration', 'idp.properties', 'The unique name of the IdP used as the iisuer in all SAML profiles', 'all', null, null, 'ex. https://unicon.net/idp/shibboleth', null, 'idp.entityID', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('7', 'RelyingPartyConfiguration', 'idp.properties', 'Identifies the endpoint in SAML metadata associated with artifacts issued by a server node', 'all', null, null, null, '2', 'idp.artifact.endpointIndex', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('16', 'SecurityConfiguration', 'idp.properties', 'Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)', 'all', null, null, null, '31536000', 'idp.cookie.maxAge', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('21', 'SecurityConfiguration', 'idp.properties', 'Time between checks for a new AES key version', 'all', null, null, null, 'PT15M', 'idp.sealer.updateInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('394', 'ReloadableServices', 'services.properties', 'Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads', 'all', null, null, null, '0', 'idp.service.metadata.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('537', 'OPDynamicClientRegistration', 'oidc.properties', 'Registration lifetime', '4.1', 'idp.oidc.OP', '3', null, 'PT24H', 'idp.oidc.dynreg.defaultRegistrationValidity', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('602', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Leeway allowed in token expiry calculations', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.clockSkew', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('603', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum amount (in either direction from now) of duration for which a token is valid after it is issued', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.iatWindow', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('606', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'How long the authentication is valid. Only applies to forced authentication requests.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.authLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('131', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustStore', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('10', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, 'file pathname', '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('4', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, null, '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('2', 'Core', 'idp.properties', 'Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.', 'all', null, null, 'Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties', null, 'idp.additionalProperties', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('23', 'SecurityConfiguration', 'idp.properties', 'Keystore resource containing AES encryption key usually a file path', 'all', null, null, 'resource path', null, 'idp.sealer.storeResource', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('12', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will be limited to TLS', 'all', null, null, null, 'false', 'idp.cookie.secure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('71', 'SessionConfiguration', 'idp.properties', 'Whether to hide storage failures from users during session cache reads/writes', 'all', null, null, null, 'false', 'idp.session.maskStorageFailure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('130', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load trust anchors from when using sslConfig = certificateTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustCertificates', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('11', 'Core', 'idp.properties', 'applies a (fixed) scope typically a domain-valued suffix to an input attribute''s values', 'all', null, null, null, null, 'idp.scope', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('14', 'SecurityConfiguration', 'idp.properties', 'Overrides the domain of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.domain', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('33', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SecurityConfiguration', 'all', null, null, 'Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)', 'shibboleth.DefaultSecurityConfiguration', 'idp.security.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('34', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SignatureSigningConfiguration', 'all', null, null, 'Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)', 'shibboleth.SigningConfiguration.SHA256', 'idp.signing.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('8', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.artifact.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('18', 'SecurityConfiguration', 'idp.properties', 'Predicate condition bean controlling whether SameSite filter runs', 'all', null, null, 'Bean ID of Predicate', 'shibboleth.Conditions.FALSE', 'idp.cookie.sameSiteCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('15', 'SecurityConfiguration', 'idp.properties', 'Overrides the path of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.path', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('20', 'SecurityConfiguration', 'idp.properties', 'Type of Java keystore used for IdP''s internal AES encryption key', 'all', null, null, null, 'JCEKS', 'idp.sealer.storeType', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('40', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped messages', 'all', null, null, null, 'PT3M', 'idp.policy.messageLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('41', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped assertions', 'all', null, null, null, 'PT3M', 'idp.policy.assertionLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('42', 'SecurityConfiguration', 'idp.properties', 'Default allowance for clock differences between systems', 'all', null, null, null, 'PT3M', 'idp.policy.clockSkew', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('57', 'StorageConfiguration', 'idp.properties', 'Interval of background thread sweeping server-side storage for expired records', 'all', null, null, null, 'PT10M', 'idp.storage.cleanupInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('69', 'SessionConfiguration', 'idp.properties', 'Inactivity timeout policy for IdP sessions (must be non-zero)', 'all', null, null, null, 'PT60M', 'idp.session.timeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('70', 'SessionConfiguration', 'idp.properties', 'Extra time after expiration before removing SP sessions in case a logout is invoked', 'all', null, null, null, '0', 'idp.session.slop', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('24', 'SecurityConfiguration', 'idp.properties', 'Resource that tracks the active AES encryption key version usually a file path', 'all', null, null, null, null, 'idp.sealer.versionResource', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('66', 'SessionConfiguration', 'idp.properties', 'Number of characters in IdP session identifiers', 'all', null, null, null, '32', 'idp.session.idSize', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('27', 'SecurityConfiguration', 'idp.properties', 'Resource containing private key for signing typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('50', 'Core', 'idp.properties', 'Location from which to load user-supplied webflows from', 'all', null, null, 'resource path', '%{idp.home}/flows', 'idp.webflows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('22', 'SecurityConfiguration', 'idp.properties', 'Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)', 'all', null, null, null, 'secret', 'idp.sealer.aliasBase', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('37', 'SecurityConfiguration', 'idp.properties', 'Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration', 'all', null, null, null, 'Default', 'idp.encryption.keyagreement.metadata.defaultUseKeyWrap', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('46', 'CSRF', 'idp.properties', 'Name of the HTTP parameter that stores the CSRF token', '4', null, null, null, 'csrf_token', 'idp.csrf.token.parameter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('61', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for message replay checking (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.replayCache.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('38', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify signatures', 'all', null, null, 'Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)', 'shibboleth.ChainingSignatureTrustEngine', 'idp.trust.signatures', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('36', 'SecurityConfiguration', 'idp.properties', 'If true failure to locate an encryption key to use won''t result in request failure', 'all', null, null, null, 'false', 'idp.encryption.optional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('52', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to expose detailed error causes in status information provided to outside parties', 'all', null, null, null, 'false', 'idp.errors.detailed', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('58', 'StorageConfiguration', 'idp.properties', 'Whether to use HTML Local Storage (if available) instead of cookies', 'all', null, null, null, 'false', 'idp.storage.htmlLocalStorage', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('47', 'Core', 'idp.properties', 'Auto-configures an HSTS response header', 'all', null, null, null, 'max-age=0', 'idp.hsts', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('49', 'Core', 'idp.properties', 'Auto-configures a Content Security Policy response header', 'all', null, null, null, 'frame-ancestors ''none''', 'idp.csp', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('25', 'SecurityConfiguration', 'idp.properties', 'Keystore password unlocking AES encryption keystore typically set during installation', 'all', null, null, null, null, 'idp.sealer.storePassword', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('54', 'ErrorHandlingConfiguration', 'idp.properties', 'The default view name to render for exceptions and events', 'all', null, null, null, 'error', 'idp.errors.defaultView', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('59', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default per-session instance of the client storage service', 'all', null, null, null, 'shib_idp_session_ss', 'idp.storage.clientSessionStorageName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('51', 'Core', 'idp.properties', 'Location from which to load user-modifiable Velocity view templates. This can be set to include "classpath*:/META-INF/net/shibboleth/idp/views" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor', 'all', null, null, 'Comma seperated list of values', '%{idp.home}/views', 'idp.views', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('48', 'Core', 'idp.properties', 'Auto-configures an X-Frame-Options response header', 'all', null, null, null, 'DENY', 'idp.frameoptions', 'SELECTION_LIST', 'DENY,SAMEORIGIN', null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('74', 'SessionConfiguration', 'idp.properties', 'Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting', 'all', null, null, null, 'PT2H', 'idp.session.defaultSPlifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('76', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default amount of time to allow reuse prior authentication flows', 'all', null, null, 'measured since first usage', 'PT60M', 'idp.authn.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('77', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default inactivity timeout to prevent reuse of prior authentication flows', 'all', null, null, 'measured since last usage', 'PT30M', 'idp.authn.defaultTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('86', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.attribute-release.userStorageKeyAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('98', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit', 'all', null, null, null, '10', 'idp.consent.maxStoredRecords', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('28', 'SecurityConfiguration', 'idp.properties', 'Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('100', 'ConsentConfiguration', 'idp.properties', 'Time in milliseconds to expire consent storage records', '4.x', null, null, '(v4.0=P1Y,v4.1=infinite)', null, 'idp.consent.storageRecordLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('90', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.terms-of-use.userStorageKeyAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('91', 'ConsentConfiguration', 'idp.properties', 'Suffix of message property used as value of consent storage records when idp.consent.compareValues is true', 'all', null, null, null, '.text', 'idp.consent.terms-of-use.consentValueMessageCodeSuffix', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('31', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate private key for decryption generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.key.2', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('84', 'ConsentConfiguration', 'idp.properties', 'Name of storage service used to store users'' consent choices', 'all', null, null, null, 'shibboleth.ClientPersistentStorageService', 'idp.consent.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('85', 'ConsentConfiguration', 'idp.properties', 'Name of function used to return the String storage key representing a user defaults to the principal name', 'all', null, null, null, 'shibboleth.consent.PrincipalConsentStorageKey', 'idp.consent.attribute-release.userStorageKey', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('72', 'SessionConfiguration', 'idp.properties', 'Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)', 'all', null, null, null, 'false', 'idp.session.trackSPSessions', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('73', 'SessionConfiguration', 'idp.properties', 'Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)', 'all', null, null, null, 'false', 'idp.session.secondaryServiceIndex', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('55', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it''s not necessary to fully qualify the class).', 'all', null, null, 'Bean ID of Properties (java.util.Properties)', null, 'idp.errors.excludedExceptions', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('56', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)', 'all', null, null, 'Bean ID of Collection (java.util)', null, 'idp.errors.exceptionMappings', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('79', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to prioritize prior authentication results when an SP requests more than one possible matching method', 'all', null, null, null, 'false', 'idp.authn.favorSSO', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('81', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to fail requests if a user identity after authentication doesn''t match the identity in a pre-existing session.', 'all', null, null, null, 'false', 'idp.authn.identitySwitchIsError', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('32', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate public key certificate generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.cert.2', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('30', 'SecurityConfiguration', 'idp.properties', 'Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('29', 'SecurityConfiguration', 'idp.properties', 'Resource containing a private key for decryption typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('75', 'AuthenticationConfiguration', 'authn/authn.properties', 'Required expression that identifies the login flows to globally enable', 'all', null, null, 'ex. Password, MA, DUO', null, 'idp.authn.flows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('60', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default persistent instance of the client storage service', 'all', null, null, null, 'shib_idp_persistent_ss', 'idp.storage.clientPersistentStorageName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('26', 'SecurityConfiguration', 'idp.properties', 'Key password unlocking AES encryption key typically set to the same as the previous property and set during installation', 'all', null, null, null, null, 'idp.sealer.keyPassword', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('65', 'SessionConfiguration', 'idp.properties', 'Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)', '4.2', null, null, null, 'shib_idp_session', 'idp.session.cookieName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('82', 'AuthenticationConfiguration', 'authn/authn.properties', 'Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose', '4.1', null, null, null, null, 'idp.authn.discoveryURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('99', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using larger/server-side storage, 0 = no limit', 'all', null, null, null, '0', 'idp.consent.expandedMaxStoredRecords', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('88', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.attribute-release.auditFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('93', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.terms-of-use.auditFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('121', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'GeneralImpersonationPolicy', 'idp.impersonate.generalPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('152', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to search with the validateFilter: defaults to the rootDSE', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.pool.LDAP.validateDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('122', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'SpecificImpersonationPolicy', 'idp.impersonate.specificPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('124', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection URI for LDAP directory', 'all', null, null, 'LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.ldapURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('114', 'FTICKSLoggingConfiguration', 'idp.properties', 'Digest algorithm used to obscure usernames', 'all', null, null, null, 'SHA-2', 'idp.fticks.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('116', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog host', 'all', null, null, null, 'localhost', 'idp.fticks.loghost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('112', 'FTICKSLoggingConfiguration', 'idp.properties', 'Enables F-TICKS output and specifies the value of the federation-identifier field', 'all', null, null, null, null, 'idp.fticks.federation', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('137', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDNCredential', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('115', 'FTICKSLoggingConfiguration', 'idp.properties', 'A salt to apply when digesting usernames (if not specified, the username will not be included)', 'all', null, null, null, null, 'idp.fticks.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('138', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator', 'all', null, null, 'ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.dnFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('109', 'CasProtocolConfiguration', 'idp.properties', 'Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed "simple" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)', 'all', null, null, null, 'shibboleth.StorageService', 'idp.cas.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('113', 'FTICKSLoggingConfiguration', 'idp.properties', 'Optional bean name of a Predicate to use to decide whether to run', '4.1', null, null, null, null, 'idp.fticks.condition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('110', 'CasProtocolConfiguration', 'idp.properties', 'CAS service registry implementation class', 'all', null, null, null, 'net.shibboleth.idp.cas.service.PatternServiceRegistry', 'idp.cas.serviceRegistryClass', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('107', 'Core', 'idp.properties', 'Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)', 'all', null, null, 'Bean ID of HttpClient to use for SOAP-based logout', 'SOAPClient.HttpClient', 'idp.soap.httpClient', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('106', 'LogoutConfiguration', 'idp.properties', 'Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user', '4.2', null, null, null, 'false', 'idp.logout.propagationHidden', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('119', 'Core', 'idp.properties', 'Set to true to fail on velocity syntax errors', 'all', null, null, null, 'false', 'idp.velocity.runtime.strictmode', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('162', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it', '4.1', null, null, null, null, 'idp.authn.Krb5.servicePrincipal', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('117', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog port', 'all', null, null, null, '514', 'idp.fticks.logport', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('120', 'Core', 'idp.properties', 'Path to use with External interceptor flow', 'all', null, null, null, 'contextRelative:intercept.jsp', 'idp.intercept.External.externalPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('108', 'Core', 'idp.properties', 'languages to use if no match can be found with the browser-supported languages', 'all', null, null, 'Comma seperated list of values ex. en, fr, de', null, 'idp.ui.fallbackLanguages', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('154', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between looking for idle connections to reduce the pool back to its minimum size', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.prunePeriod', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('151', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between validation if idp.pool.LDAP.validatePeriodically is true', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.validatePeriod', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('166', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.External', null, null, '1000', 'idp.authn.External.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('141', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Policy Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordPolicy', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('321', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('176', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('153', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Search filter to execute in order to validate a pooled connection', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', '(objectClass=*)', 'idp.pool.LDAP.validateFilter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('191', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('192', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('184', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('185', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('187', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('181', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUser', null, 'regex expected', null, 'idp.authn.RemoteUser.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('202', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'A regular expression that must match the username', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('158', 'JAASAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited set of JAAS application configuration names to use', '4.1', null, null, null, 'ShibUserPassAuth', 'idp.authn.JAAS.loginConfigNames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('164', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.External', null, null, 'contextRelative:external.jsp', 'idp.authn.External.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('221', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Servlet-relative path to the SPNEGO external authentication implementation', '4.1', 'idp.authn.SPNEGO', null, 'URL path', '/Authn/SPNEGO', 'idp.authn.SPNEGO.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('207', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.RemoteUserInternal', null, null, '1000', 'idp.authn.RemoteUserInternal.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('224', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.SPNEGO', null, 'regex expected', null, 'idp.authn.SPNEGO.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('211', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.RemoteUserInternal.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('206', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('214', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.RemoteUserInternal.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('216', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('217', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('230', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SPNEGO.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('208', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('215', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.RemoteUserInternal.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('540', 'OPMetadataPolicies', 'oidc.properties', 'Full path to the file containing default metadata policy used for dynamic client registration', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.dynreg.defaultMetadataPolicyFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('205', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'contextRelative:external.jsp', 'idp.authn.RemoteUserInternal.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('225', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Name of cookie used to track auto-login state of client', '4.2', 'idp.authn.SPNEGO', null, null, '_idp_spnego_autologin', 'idp.authn.SPNEGO.cookieName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('303', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('304', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('197', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited lists of request attributes to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('226', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.SPNEGO', null, null, '1000', 'idp.authn.SPNEGO.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('218', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('236', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('250', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('251', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('242', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('234', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SPNEGO.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('248', 'X509AuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('249', 'X509AuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('263', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509Internal.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('243', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('244', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('399', 'ReloadableServices', 'services.properties', 'Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry', 'all', null, null, null, 'true', 'idp.service.attribute.registry.encodeType', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('403', 'ReloadableServices', 'services.properties', 'Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.resolver.maskFailures', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('405', 'ReloadableServices', 'services.properties', 'Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther', '4.2', null, null, null, 'true', 'idp.service.attribute.resolver.suppressDisplayInfo', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('264', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509Internal.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('198', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of request headers to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkHeaders', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('203', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to accept while blocking all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.allowedUsernames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('204', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to deny while accepting all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.deniedUsernames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('219', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.RemoteUserInternal.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('360', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:mace:shibboleth:1.0:nameIdentifier', 'idp.nameid.saml1.default', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('241', 'X509AuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.X509', null, null, '1000', 'idp.authn.X509.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('256', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.X509Internal.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('237', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step', '4.1', null, null, null, null, 'idp.authn.SAML.outboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('265', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('266', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('291', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.Function.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('292', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.Function.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('579', 'OPSubClaim', 'oidc.properties', 'Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('598', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('608', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI integration key supplied by Duo', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.nonbrowser.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('643', 'Metadatagen', 'mdgen.properties', 'A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.displayname.', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('279', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('280', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('293', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('294', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('319', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('320', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('353', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('314', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.Duo.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('311', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('336', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.SAML.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('358', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for generating transient IDs', 'all', null, null, 'Bean ID of a TransientIdGenerationStrategy', 'shibboleth.CryptoTransientIdGenerator', 'idp.transientId.generator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('333', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', null, null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SAML.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('348', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.MFA.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('327', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of Function to run at the late stages of Response decoding/processing', '4.1', null, null, null, null, 'idp.authn.SAML.inboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('328', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of AssertionValidator to run', '4.1', null, null, null, null, 'idp.authn.SAML.assertionValidator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('338', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('339', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('337', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SAML.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('351', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.MFA.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('352', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.MFA.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('330', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.SAML.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('296', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Function', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.Function.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('305', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Factor', 'idp.duo.nonbrowser.header.factor', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('306', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Device', 'idp.duo.nonbrowser.header.device', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('331', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('332', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('335', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.SAML.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('307', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Passcode', 'idp.duo.nonbrowser.header.passcode', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('299', 'DuoAuthnConfiguration', 'authn/duo.properties', 'A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, "Generate an akey".', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.applicationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('300', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('322', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Duo', null, null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.Duo.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('301', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('325', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Statically-defined entityID of IdP to use for authentication', '4.1', null, null, null, null, 'idp.authn.SAML.proxyEntityID', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('359', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'idp.nameid.saml2.default', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('329', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.SAML.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('344', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.MFA', null, null, '1000', 'idp.authn.MFA.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('340', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('370', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services', 'all', null, null, null, 'shibboleth.ComputedIdExceptionMap', 'idp.persistentId.exceptionMap', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('388', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for RelyingPartyConfiguration', 'all', null, null, null, 'shibboleth.RelyingPartyResolverResources', 'idp.service.relyingparty.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('367', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'An encoded form of the persistentId.salt', 'all', null, null, null, null, 'idp.persistentId.encodedSalt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('389', 'ReloadableServices', 'services.properties', 'Fail at startup if RelyingPartyConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.relyingparty.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('362', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies a data source for storage-based management of persistent IDs', 'all', null, null, 'Bean ID of a JDBC DataSource', null, 'idp.persistentId.dataSource', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('361', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for sourcing persistent IDs', 'all', null, null, 'Bean ID of a PairwiseIdStore', 'shibboleth.ComputedPersistentIdGenerator', 'idp.persistentId.generator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('391', 'ReloadableServices', 'services.properties', 'See MetadataDrivenConfiguration SAML Attribute Name Format Usage', 'all', null, null, null, 'false', 'idp.service.relyingparty.ignoreUnmappedEntityAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('393', 'ReloadableServices', 'services.properties', 'Fail at startup if MetadataConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.metadata.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('368', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The hash algorithm used when using computed persistent IDs', 'all', null, null, null, 'SHA', 'idp.persistentId.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('423', 'ReloadableServices', 'services.properties', 'Seconds between reloads of message property resources', 'all', null, null, null, '300', 'idp.message.cacheSeconds', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('392', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for MetadataConfiguration', 'all', null, null, null, 'shibboleth.MetadataResolverResources', 'idp.service.metadata.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('396', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeRegistryConfiguration', 'all', null, null, null, 'shibboleth.AttributeRegistryResources', 'idp.service.attribute.registry.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('400', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeResolverConfiguration', 'all', null, null, null, 'shibboleth.AttributeResolverResources', 'idp.service.attribute.resolver.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('398', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.registry.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('406', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeFilterConfiguration', 'all', null, null, null, 'shibboleth.AttributeFilterResources', 'idp.service.attribute.filter.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('402', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.resolver.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('410', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for NameIDGenerationConfiguration', 'all', null, null, null, 'shibboleth.NameIdentifierGenerationResources', 'idp.service.nameidGeneration.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('413', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AccessControlConfiguration', 'all', null, null, null, 'shibboleth.AccessControlResource', 'idp.service.access.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('416', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for CASServiceRegistry configuration', 'all', null, null, null, 'shibboleth.CASServiceRegistryResources', 'idp.service.cas.registry.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('408', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.filter.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('412', 'ReloadableServices', 'services.properties', 'Time to notice changes to NameIDGenerationConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.nameidGeneration.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('415', 'ReloadableServices', 'services.properties', 'Time to notice changes to AccessControlConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.access.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('418', 'ReloadableServices', 'services.properties', 'Time to notice CASServiceRegistry configuration changes and reload service', 'all', null, null, null, '0', 'idp.service.cas.registry.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('421', 'ReloadableServices', 'services.properties', 'Time to notice ManagedBeanConfiguration changes and reload service', 'all', null, null, null, '0', 'idp.service.managedBean.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('369', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64', 'all', null, null, null, 'BASE64', 'idp.persistentId.encoding', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('397', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeRegistryConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.registry.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('401', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeResolverConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('404', 'ReloadableServices', 'services.properties', 'Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.stripNulls', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('407', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeFilterConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.filter.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('411', 'ReloadableServices', 'services.properties', 'Fail at startup if NameIDGenerationConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.nameidGeneration.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('417', 'ReloadableServices', 'services.properties', 'Fail at startup if CASServiceRegistry configuration is invalid', 'all', null, null, null, 'false', 'idp.service.cas.registry.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('373', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of error strings to identify as retryable failures', '4.1', null, null, null, '23000,23505', 'idp.persistentId.retryableErrors', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('364', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable', 'all', null, null, null, null, 'idp.persistentId.sourceAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('375', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides the name of the table in the database', '4.1', null, null, null, 'shibpid', 'idp.persistentId.tableName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('376', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localEntity', 'idp.persistentId.localEntityColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('377', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerEntity', 'idp.persistentId.peerEntityColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('378', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'principalName', 'idp.persistentId.principalNameColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('379', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localId', 'idp.persistentId.sourceIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('380', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'persistentId', 'idp.persistentId.persistentIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('381', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerProvidedId', 'idp.persistentId.peerProvidedIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('419', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for ManagedBeanConfiguration', 'all', null, null, null, 'shibboleth.ManagedBeanResources', 'idp.service.managedBean.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('422', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying Spring message property resources', 'all', null, null, null, 'shibboleth.MessageSourceResources', 'idp.message.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('560', 'OPDiscovery', 'oidc.properties', 'Implementation bean for discovery shouldn''t require alteration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.DefaultOpenIdConfigurationResolver', 'idp.oidc.discovery.resolver', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('574', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function called shibboleth.oidc.AllowedScopeStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedScope', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('575', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedAudience', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('570', 'OPDynamicClientRegistration', 'oidc.properties', 'Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy', 'idp.oidc.admin.registration.lookup.policy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('382', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'creationDate', 'idp.persistentId.createTimeColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('383', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'deactivationDate', 'idp.persistentId.deactivationTimeColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('573', 'OPClientResolution', 'oidc.properties', 'Name of bean used to define the resources to use in configuring this service', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ClientInformationResolverResources', 'idp.service.clientinfo.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('650', 'OIDC OP', 'oidc.properties', 'Storage for storing remote jwk sets.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.StorageService', 'idp.oidc.jwk.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('433', 'MetadataReload', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('434', 'MetadataReload', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.reload.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('366', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'A secret salt for the hash when using computed persistent IDs', 'all', null, null, null, null, 'idp.persistentId.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('428', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('430', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('424', 'Status', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Status', 'idp.status.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('425', 'Status', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.status.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('431', 'MetadataReload', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Reload', 'idp.reload.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('435', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('438', 'AACLI', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'ResolverTest', 'idp.resolvertest.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('437', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('497', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of subjectAltName extension types to look for', '4.1', null, null, 'Comma seperated list of integer values', null, 'idp.c14n.x500.subjectAltNameTypes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('439', 'AACLI', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.resolvertest.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('442', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('444', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('445', 'MetadataQuery', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'MetadataQuery', 'idp.mdquery.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('498', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attribute OIDs to search for in the subject DN', '4.1', null, null, 'Comma seperated list of integer values', '2,5,4,3', 'idp.c14n.x500.objectIDs', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('493', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.c14n.attribute.resolutionCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('651', 'OIDC OP', 'oidc.properties', 'Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.metadata.saml', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('655', 'OIDC OP', 'oidc.properties', 'Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultRequestLoginHintLookupFunction', 'idp.oidc.LoginHintLookupStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('656', 'OIDC OP', 'oidc.properties', 'Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultSPSessionCreationStrategy', 'idp.oidc.SPSessionCreationStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('19', 'SecurityConfiguration', 'idp.properties', 'Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.', 'all', null, null, 'Bean ID of DataSealerKeyStrategy', 'shibboleth.DataSealerKeyStrategy', 'idp.sealer.keyStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('103', 'LogoutConfiguration', 'idp.properties', 'If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session', 'all', null, null, 'Bean ID of Predicate', 'false', 'idp.logout.promptUser', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('44', 'SecurityConfiguration', 'idp.properties', 'Overrides the X509KeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.X509KeyInfoGeneratorFactory', 'idp.security.x509KeyInfoFactory', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('64', 'SessionConfiguration', 'idp.properties', 'Bean name of a storage implementation/configuration to use for IdP sessions', 'all', null, null, 'Bean ID of StorageService (org.opensaml.storage)', 'shibboleth.ClientSessionStorageService', 'idp.session.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('312', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('446', 'MetadataQuery', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.mdquery.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('313', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('484', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('517', 'OIDC OP', 'oidc.properties', 'Set the Open ID Connect Issuer value', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.issuer', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('68', 'SessionConfiguration', 'idp.properties', 'A 2-argument predicate that compares a bound session''s address to a client address', 'all', null, null, 'BiPredicate', 'Direct string comparison', 'idp.session.consistentAddressCondition', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('518', 'OPToken', 'oidc.properties', 'Lifetime of ID token', '4.1', 'idp.oidc.OP', '3', null, 'PT1H', 'idp.oidc.idToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('524', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.encodedAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('529', 'OPAuthorization', 'oidc.properties', 'Bean ID of StorageService for revocation cache requires server-side storage', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.StorageService', 'idp.oidc.revocationCache.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('545', 'OPSecurity', 'oidc.properties', 'Allows override of default signing configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.SigningConfiguration', 'idp.oidc.signing.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('546', 'OPSecurity', 'oidc.properties', 'Allows override of default encryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.EncryptionConfiguration', 'idp.oidc.encryption.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('547', 'OPSecurity', 'oidc.properties', 'Allows override of default request decryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.requestObjectDecryptionConfiguration', 'idp.oidc.rodecrypt.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('519', 'OPToken', 'oidc.properties', 'Lifetime of access token', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oidc.accessToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('520', 'OPAuthorization', 'oidc.properties', 'Lifetime of authorization code', '4.1', 'idp.oidc.OP', '3', null, 'PT5M', 'idp.oidc.authorizeCode.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('521', 'OPToken', 'oidc.properties', 'Lifetime of refresh token', '4.1', 'idp.oidc.OP', '3', null, 'PT2H', 'idp.oidc.refreshToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('528', 'OPRevocation', 'oidc.properties', 'Lifetime of entries in revocation cache for authorize code', '4.1', 'idp.oidc.OP', '3', null, 'PT6H', 'idp.oidc.revocationCache.authorizeCode.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('535', 'OPToken', 'oidc.properties', 'Lifetime of access token issued to client for resource server', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oauth2.accessToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('544', 'OPSecurity', 'oidc.properties', 'JWK RSA decryption keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-encryption-rsa.jwk', 'idp.signing.oidc.rsa.enc.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('543', 'OPSecurity', 'oidc.properties', 'JWK EC signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-es.jwk', 'idp.signing.oidc.es.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('449', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('451', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('455', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('542', 'OPSecurity', 'oidc.properties', 'JWK RSA signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-rs.jwk', 'idp.signing.oidc.rs.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('452', 'MetricsConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Metrics', 'idp.metrics.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('457', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('462', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('464', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('458', 'HelloWorldConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Hello', 'idp.hello.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('459', 'HelloWorldConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByAdminUser', 'idp.hello.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('527', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to omit from UserInfo token', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.deniedUserInfoAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('526', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to always include in ID token regardless of response_type', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.alwaysIncludedAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('541', 'OPDynamicClientRegistration', 'oidc.properties', 'The acceptable client authentication methods when using dynamic registration', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.dynreg.tokenEndpointAuthMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('530', 'OPToken', 'oidc.properties', 'The acceptable client authentication methods', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.tokenEndpointAuthMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('531', 'OPToken', 'oidc.properties', 'OAuth grant types to allow', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'authorization_code,refresh_token', 'idp.oauth2.grantTypes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('553', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.oidc.OP', '3', null, '1000', 'idp.authn.OAuth2Client.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('565', 'OPDynamicClientRegistration', 'oidc.properties', 'Default access token lifetime if not specified', '4.1', 'idp.oidc.OP', '3', null, 'P1D', 'idp.oidc.admin.registration.defaultTokenLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('572', 'OPClientResolution', 'oidc.properties', 'When non-zero enables monitoring of resources for service reload', '4.1', 'idp.oidc.OP', '3', null, 'PT0S', 'idp.service.clientinfo.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('555', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.Conditions.TRUE', 'idp.authn.OAuth2Client.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('558', 'OPCustomFilterRegistration', 'oidc.properties', 'By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ResponseHeaderFilter', 'idp.oidc.ResponseHeaderFilter', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('35', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default EncryptionConfiguration', 'all', null, null, 'Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)', 'shibboleth.EncryptionConfiguration.CBC', 'idp.encryption.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('43', 'SecurityConfiguration', 'idp.properties', 'Overrides the BasicKeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.BasicKeyInfoGeneratorFactory', 'idp.security.basicKeyInfoFactory', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('39', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify TLS certificates', 'all', null, null, 'Bean ID of TrustEngine (org.opensaml.security.trust)', 'shibboleth.ChainingX509TrustEngine', 'idp.trust.certificates', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('550', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether all validators must succeed or just one', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.authn.OAuth2Client.requireAll', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('552', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution', '4.1', 'idp.oidc.OP', '3', 'use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.', 'false', 'idp.authn.OAuth2Client.retainAsPrivateCredential', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('563', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to enable user authentication for requests', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('466', 'AccountLockoutManagement', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.lockout.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('472', '?', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Storage', 'idp.storage.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('473', '?', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.storage.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('478', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'UnlockKeys', 'idp.unlock-keys.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('561', 'OPDynamicClientRegistration', 'oidc.properties', 'Audit logging label for this profile', '4.1', 'idp.oidc.OP', '3', null, 'IssueRegistrationAccessToken', 'idp.oidc.admin.registration.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('566', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to all requests', '4.1', 'idp.oidc.OP', '3', null, 'AccessByIPAddress', 'idp.oidc.admin.registration.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('584', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.DuoOIDC.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('610', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Factor', 'idp.duo.oidc.nonbrowser.header.factor', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('580', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.DuoOIDC', '1', null, '1000', 'idp.authn.DuoOIDC.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('587', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.DuoOIDC.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('479', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.unlock-keys.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('483', 'AttendedRestartConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.unlock-keys.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('490', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)', '4.1', null, null, null, null, 'idp.c14n.attribute.attributesToResolve', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('588', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.DuoOIDC.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('491', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue', '4.1', null, null, null, null, 'idp.c14n.attribute.attributeSourceIds', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('503', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml1sso', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('591', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.authn.DuoOIDC.subjectDecorator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('589', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('590', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('315', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('316', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('481', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.unlock-keys.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('482', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.unlock-keys.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('485', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('581', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('45', 'CSRF', 'idp.properties', 'Enables CSRF protection', '4', null, null, null, 'true', 'idp.csrf.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('522', 'OPToken', 'oidc.properties', 'Whether client is required to use PKCE', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.forcePKCE', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('615', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for the connection to be established', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('612', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Passcode', 'idp.duo.oidc.nonbrowser.header.passcode', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('642', 'Metadatagen', 'mdgen.properties', 'The width of the logo in pixels', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.width', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('635', 'TOTP', 'authn/authn.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.TOTP', '1', null, null, 'idp.authn.TOTP.subjectDecorator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('633', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('616', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for a connection to be returned from the connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionRequestTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('617', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum period inactivity between two consecutive data packets', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.socketTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('631', 'TOTP', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.TOTP.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('632', 'TOTP', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.TOTP.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('641', 'Metadatagen', 'mdgen.properties', 'The height of the logo in pixels.', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.height', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('634', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('628', 'TOTP', 'authn/authn.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.TOTP.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('620', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'To enable certificate revocation checking', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'false', 'idp.duo.oidc.nimbus.checkRevocation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('625', 'TOTP', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('626', 'TOTP', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('53', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)', 'all', null, null, null, 'true', 'idp.errors.signed', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('504', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml1attrquery', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('505', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml1artifact', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('506', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml2sso', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('618', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max total simultaneous connections allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsTotal', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('619', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max simultaneous connections per route allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsPerRoute', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('624', 'TOTP', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.TOTP', '1', null, '1000', 'idp.authn.TOTP.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('640', 'Metadatagen', 'mdgen.properties', 'Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path (''/path/to/logo'') is use', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.logo.path', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('639', 'Metadatagen', 'mdgen.properties', 'Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.backchannel.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('638', 'Metadatagen', 'mdgen.properties', 'Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.dnsname', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('647', 'OIDC OP', 'oidc.properties', 'The validity of client secret registered', '4.1', 'idp.oidc.OP', '3', 'no doc', 'P12M', 'idp.oidc.dynreg.defaultSecretExpiration', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('652', 'OIDC OP', 'oidc.properties', 'Upgrade interval to the remote JWKs', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT30M', 'idp.oidc.jwksuri.fetchInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('653', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT5M', 'idp.oidc.config.minRefreshDelay', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('654', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT4H', 'idp.oidc.config.maxRefreshDelay', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('507', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml2attrquery', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('508', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml2artifact', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('509', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.saml2slo', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('510', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.logout', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('511', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.cas', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('512', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Status', 'idp.service.logging.status', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('513', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ResolverTest', 'idp.service.logging.resolvertest', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('514', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Reload', 'idp.service.logging.serviceReload', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('515', 'AuditLoggingConfiguration', 'services.properties', 'Hash algorithm to apply to various hashed fields', '4.1', null, null, null, 'SHA-256', 'idp.audit.hashAlgorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('516', 'AuditLoggingConfiguration', 'services.properties', 'Salt to apply to hashed fields must be set to use those fields', '4.1', null, null, null, null, 'idp.audit.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('536', 'OPRevocation', 'oidc.properties', 'The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token', '4.1', 'idp.oidc.OP', '3', null, 'CHAIN', 'idp.oauth2.revocationMethod', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('538', 'OPDynamicClientRegistration', 'oidc.properties', 'The default scopes accepted in dynamic registration', '4.1', 'idp.oidc.OP', '3', null, 'openid profile email address phone offline_access', 'idp.oidc.dynreg.defaultScope', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('539', 'OPDynamicClientRegistration', 'oidc.properties', 'The default subject type if not set by client in request. Maybe set to pairwise or public.', '4.1', 'idp.oidc.OP', '3', null, 'public', 'idp.oidc.dynreg.defaultSubjectType', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('533', 'OPToken', 'oidc.properties', 'Format of access token. Supported values are JWT or nothing.', '4.1', 'idp.oidc.OP', '3.2', null, null, 'idp.oauth2.accessToken.type', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('567', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyLocation', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyLocationPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('568', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyIdPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('569', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a clientId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.clientIdPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('577', 'OPSubClaim', 'oidc.properties', 'The source attribute used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.sourceAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('578', 'OPSubClaim', 'oidc.properties', 'The digest algorithm used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, 'SHA', 'idp.oidc.subject.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('594', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'DuoOIDC API hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.apiHost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('649', 'OIDC OP', 'oidc.properties', 'Bean to determine whether dynamic registration should validate the remote JWK set if it''s defined in the request', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.dynreg.validateRemoteJwks', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('1', 'Core', 'idp.properties', 'Auto-load all files matching conf/**/*.properties', '4', null, null, null, 'true', 'idp.searchForProperties', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('5', 'RelyingPartyConfiguration', 'idp.properties', 'Whether to allow use of the SAML artifact bindings when sending messages', 'all', null, null, null, 'true', 'idp.artifact.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('6', 'RelyingPartyConfiguration', 'idp.properties', 'Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)', 'all', null, null, null, 'true', 'idp.artifact.secureChannel', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('9', 'RelyingPartyConfiguration', 'idp.properties', 'Controls whether the outbound binding selection is ordered by the SP''s metadata or the IdP''s preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also', '4.1', null, null, null, 'true', 'idp.bindings.inMetadataOrder', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('13', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property', 'all', null, null, null, 'true', 'idp.cookie.httpOnly', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('595', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The OAuth 2.0 Client Identifier valid at the Authorization Server', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.clientId', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('596', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Redirection URI to which the 2FA response will be sent', '4.1', 'idp.authn.DuoOIDC', '1', 'ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback', null, 'idp.duo.oidc.redirectURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('592', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.DuoOIDC.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('597', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.redirecturl.allowedOrigins', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('599', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 health check endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/health_check', 'idp.duo.oidc.endpoint.health', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('600', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 token endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.endpoint.token', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('601', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 authorization endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/authorize', 'idp.duo.oidc.endpoint.authorize', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('604', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.jwt.verifier.issuerPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('605', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'preferred_username', 'idp.duo.oidc.jwt.verifier.preferredUsername', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('607', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.duo.oidc.apiHost}', 'idp.duo.oidc.nonbrowser.apiHost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('611', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Device', 'idp.duo.oidc.nonbrowser.header.device', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('621', 'TOTP', 'authn/authn.properties', 'Name of request header to use for extracting non-browser submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'X-Shibboleth-TOTP', 'idp.authn.TOTP.headerName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('622', 'TOTP', 'authn/authn.properties', 'Name of HTML form field to use for locating browser-submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'tokencode', 'idp.authn.TOTP.fieldName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('623', 'TOTP', 'authn/authn.properties', 'Name of IdPAttribute to resolve to obtain token seeds for users', '4.1', 'idp.authn.TOTP', '1', null, 'tokenSeeds', 'idp.authn.TOTP.tokenSeedAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('636', 'TOTP', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.TOTP', '1', null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken', 'idp.authn.TOTP.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('645', 'Metadatagen', 'mdgen.properties', 'Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.description.', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('365', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Whether or not the previous property has access to unreleased attributes', 'all', null, null, null, 'true', 'idp.persistentId.useUnfilteredAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('150', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections in the background', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.pool.LDAP.validatePeriodically', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('142', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Expired Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordExpiration', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('614', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Pass client address to Duo in API calls to support logging', '4.1', 'idp.authn.DuoOIDC', '1', 'push display', 'true', 'idp.duo.oidc.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('140', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryWithBindDN', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('129', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'How to establish trust in the server''s TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'certificateTrust', 'idp.authn.LDAP.sslConfig', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('125', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether StartTLS should be used after connecting with LDAP alone.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.authn.LDAP.useStartTLS', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('149', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections when checking them out of the pool', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.pool.LDAP.validateOnCheckout', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('144', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.freeIPADirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('143', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the ''adAuthenticator''. It is meant to be specified with one of the other authenticator types.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.activeDirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('146', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether connection pools should be used for LDAP authentication and DN resolution', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.disablePooling', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('145', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.eDirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('126', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for the TCP connection to occur.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.connectTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('157', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindPoolPassivator', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('128', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'ACTIVE_PASSIVE', 'idp.authn.LDAP.connectionStrategy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('127', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for an LDAP response message', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.responseTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('123', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'anonSearchAuthenticator', 'idp.authn.LDAP.authenticator', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('136', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('139', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be returned in the authentication response even when the user bind fails.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryOnFailure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('133', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.baseDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('132', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'List of attributes to request during authentication', 'all', null, null, 'Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.returnAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('135', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.userFilter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('134', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.subtreeSearch', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('62', 'StorageConfiguration', 'idp.properties', 'Whether storage errors during replay checks should be treated as a replay', 'all', null, null, null, 'true', 'idp.replayCache.strict', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('63', 'SessionConfiguration', 'idp.properties', 'Whether to enable the IdP''s session tracking feature', 'all', null, null, null, 'true', 'idp.session.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('67', 'SessionConfiguration', 'idp.properties', 'Whether to bind IdP sessions to IP addresses', 'all', null, null, null, 'true', 'idp.session.consistentAddress', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('78', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication', '4.1', null, null, null, 'true', 'idp.authn.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('80', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to populate information about the relying party into the tree for user interfaces during login and interceptors', 'all', null, null, null, 'true', 'idp.authn.rpui', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('94', 'ConsentConfiguration', 'idp.properties', 'Whether not remembering/storing consent is allowed', 'all', null, null, null, 'true', 'idp.consent.allowDoNotRemember', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('95', 'ConsentConfiguration', 'idp.properties', 'Whether consent to any attribute and to any relying party is allowed', 'all', null, null, null, 'true', 'idp.consent.allowGlobal', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('102', 'LogoutConfiguration', 'idp.properties', 'Whether to require signed logout messages in accordance with the SAML 2.0 standard', 'all', null, null, null, 'true', 'idp.logout.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('118', 'AuditLoggingConfiguration', 'services.properties', 'Set false if you want SAML bindings "spelled out" in audit log', 'all', null, null, null, 'true', 'idp.audit.shortenBindings', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('179', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.External', null, null, 'true', 'idp.authn.External.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('195', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUser', null, null, 'true', 'idp.authn.RemoteUser.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('196', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to check REMOTE_USER for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.checkRemoteUser', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('199', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to trim leading and trailing whitespace from the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('220', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('646', 'OIDC OP', 'oidc.properties', 'Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides', '4.1', 'idp.oidc.OP', '3', 'no doc', 'false', 'idp.oidc.encryptionOptional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('239', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, 'true', 'idp.authn.SPNEGO.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('254', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.X509', null, null, 'true', 'idp.authn.X509.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('255', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to save the certificate into the Subject''s public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.saveCertificateToCredentialSet', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('269', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('283', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.IPAddress', null, null, 'true', 'idp.authn.IPAddress.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('297', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Function', null, null, 'true', 'idp.authn.Function.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('308', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Allow the factor to be defaulted to auto if no headers are received', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.auto', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('309', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('323', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Duo', null, null, 'true', 'idp.authn.Duo.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('342', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.SAML.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('343', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions', '4.1', null, null, null, 'true', 'idp.authn.MFA.validateLoginTransitions', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('357', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.MFA', null, null, 'true', 'idp.authn.MFA.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('374', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.', '4.1', null, null, null, 'true', 'idp.persistentId.verifyDatabase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('386', 'ReloadableServices', 'services.properties', 'Fail at startup if logging configuration is invalid', 'all', null, null, null, 'true', 'idp.service.logging.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('395', 'ReloadableServices', 'services.properties', 'Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost', 'all', null, null, null, 'true', 'idp.service.metadata.enableByReferenceFilters', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('409', 'ReloadableServices', 'services.properties', 'Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.filter.maskFailures', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('414', 'ReloadableServices', 'services.properties', 'Fail at startup if AccessControlConfiguration is invalid', 'all', null, null, null, 'true', 'idp.service.access.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('460', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('463', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('480', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.unlock-keys.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('486', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.simple.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('489', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.attribute.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('496', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.x500.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('551', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to remove the object holding the password from the request''s active state after validating it (to avoid it being preserved in the session any longer than needed)', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.removeAfterValidation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('557', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('562', 'OPDynamicClientRegistration', 'oidc.properties', 'Enables support for non-browser-based authentication', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.oidc.admin.registration.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('583', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.authn.DuoOIDC.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('613', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Allow the factor to be defaulted in as "auto" if no headers are received', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.duo.oidc.nonbrowser.auto', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('627', 'TOTP', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.TOTP', '1', null, 'true', 'idp.authn.TOTP.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('648', 'OIDC OP', 'oidc.properties', 'Regardless of what signing algorithms are configured allow none for request object signing', '4.1', 'idp.oidc.OP', '3', 'no doc', 'true', 'idp.oidc.dynreg.allowNoneForRequestSigning', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('83', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set', '4', null, null, null, 'false', 'idp.authn.overrideRequestedAuthnContext', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('96', 'ConsentConfiguration', 'idp.properties', 'Whether per-attribute consent is allowed', 'all', null, null, null, 'false', 'idp.consent.allowPerAttribute', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('97', 'ConsentConfiguration', 'idp.properties', 'Whether attribute values and terms of use text are stored and compared for equality', 'all', null, null, null, 'false', 'idp.consent.compareValues', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('101', 'LogoutConfiguration', 'idp.properties', 'Whether to search metadata for user interface information associated with every service involved in logout propagation', 'all', null, null, null, 'false', 'idp.logout.elaboration', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('104', 'LogoutConfiguration', 'idp.properties', 'Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic', '4.1', null, null, null, 'false', 'idp.logout.preserveQuery', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('105', 'LogoutConfiguration', 'idp.properties', 'When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints', '4.2', null, null, null, 'false', 'idp.logout.assumeAsync', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('111', 'CasProtocolConfiguration', 'idp.properties', 'If true CAS services provisioned with SAML metadata are identified via entityID', 'all', null, null, null, 'false', 'idp.cas.relyingPartyIdFromMetadata', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('160', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', null, null, null, 'false', 'idp.authn.Krb5.refreshConfig', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('523', 'OPToken', 'oidc.properties', 'Whether client is allowed to use PKCE code challenge method plain', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.allowPKCEPlain', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('161', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to preserve the resulting Kerberos TGT in the Java Subject''s private credential set', '4.1', null, null, null, 'false', 'idp.authn.Krb5.preserveTicket', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('167', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('168', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('169', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('171', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('172', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('188', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('200', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to lowercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('201', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to uppercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('209', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('210', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('212', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('213', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('222', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to always try to run SPNEGO independent of the user''s auto-login setting', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.enforceRun', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('223', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.refreshKrbConfig', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('227', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('228', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('229', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('231', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('232', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('246', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('247', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('257', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('258', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('259', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('261', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('262', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('273', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('275', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('276', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('285', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('286', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('287', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('289', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('290', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('334', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.SAML.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('345', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('346', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('347', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('349', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('350', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('420', 'ReloadableServices', 'services.properties', 'Fail at startup if ManagedBeanConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.managedBean.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('426', 'Status', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('427', 'Status', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.status.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('429', 'Status', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('436', 'MetadataReload', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('440', 'AACLI', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('441', 'AACLI', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.resolvertest.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('443', 'AACLI', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('447', 'MetadataQuery', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('448', 'MetadataQuery', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.mdquery.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('450', 'MetadataQuery', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('453', 'MetricsConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('454', 'MetricsConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.metrics.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('456', 'MetricsConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('461', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.hello.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('467', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('468', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.lockout.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('470', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('474', '?', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('475', '?', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.storage.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('477', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('487', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('488', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('492', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service', '4.1', null, null, null, 'false', 'idp.c14n.attribute.resolveFromSubject', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('494', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('495', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('499', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('500', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('501', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('502', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('525', 'OPAuthorization', 'oidc.properties', 'Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.encodeConsentInTokens', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('532', 'OPToken', 'oidc.properties', 'Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.', '4.1', 'idp.oidc.OP', '3.2', null, 'false', 'idp.oauth2.enforceRefreshTokenRotation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('534', 'OPToken', 'oidc.properties', 'Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oauth2.encryptionOptional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('564', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to resolve attributes if authentication is enabled', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('571', 'OPClientResolution', 'oidc.properties', 'If true any failures during initialization of any resolvers result in IdP startup failure', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.service.clientinfo.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('582', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('585', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.DuoOIDC', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.DuoOIDC.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('586', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('593', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('629', 'TOTP', 'authn/authn.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.TOTP', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.TOTP.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('630', 'TOTP', 'authn/authn.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('637', 'TOTP', 'authn/authn.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.addDefaultPrincipals', 'BOOLEAN', null, null); \ No newline at end of file From 887cc2446709a20a4be2856c3700308890bbb47c Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 22 Aug 2022 15:15:02 -0700 Subject: [PATCH 30/63] SHIBUI-2270 cleanup removing sql file Former-commit-id: 705bc5770431f72a4e393cc704996d753b60575e --- .../src/main/resources/db/changelog/temp.sql | 656 ------------------ 1 file changed, 656 deletions(-) delete mode 100644 backend/src/main/resources/db/changelog/temp.sql diff --git a/backend/src/main/resources/db/changelog/temp.sql b/backend/src/main/resources/db/changelog/temp.sql deleted file mode 100644 index 927ab6522..000000000 --- a/backend/src/main/resources/db/changelog/temp.sql +++ /dev/null @@ -1,656 +0,0 @@ -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('17', 'SecurityConfiguration', 'idp.properties', 'Default SameSite value to apply to cookies via servlet filter if no explicit rule for the named cookie is specified', 'all', null, null, null, null, 'idp.cookie.sameSite', 'SELECTION_LIST', 'None,Lax,Strict', null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('3', 'RelyingPartyConfiguration', 'idp.properties', 'The unique name of the IdP used as the iisuer in all SAML profiles', 'all', null, null, 'ex. https://unicon.net/idp/shibboleth', null, 'idp.entityID', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('7', 'RelyingPartyConfiguration', 'idp.properties', 'Identifies the endpoint in SAML metadata associated with artifacts issued by a server node', 'all', null, null, null, '2', 'idp.artifact.endpointIndex', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('16', 'SecurityConfiguration', 'idp.properties', 'Lifetime in seconds of cookies issued by the IdP that are meant to span sessions (365 days)', 'all', null, null, null, '31536000', 'idp.cookie.maxAge', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('21', 'SecurityConfiguration', 'idp.properties', 'Time between checks for a new AES key version', 'all', null, null, null, 'PT15M', 'idp.sealer.updateInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('394', 'ReloadableServices', 'services.properties', 'Time to notice changes to MetadataConfiguration and reload service. A value of 0 indicates that the metadata configuration never reloads', 'all', null, null, null, '0', 'idp.service.metadata.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('537', 'OPDynamicClientRegistration', 'oidc.properties', 'Registration lifetime', '4.1', 'idp.oidc.OP', '3', null, 'PT24H', 'idp.oidc.dynreg.defaultRegistrationValidity', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('602', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Leeway allowed in token expiry calculations', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.clockSkew', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('603', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum amount (in either direction from now) of duration for which a token is valid after it is issued', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.iatWindow', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('606', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'How long the authentication is valid. Only applies to forced authentication requests.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'PT60S', 'idp.duo.oidc.jwt.verifier.authLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('131', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load a Java keystore containing trust anchors when using sslConfig = keyStoreTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.truststore - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustStore', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('10', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, 'file pathname', '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('4', 'Core', 'idp.properties', 'Identifies the file to serve for requests to the IdP''s well-known metadata location', 'all', null, null, null, '%{idp.home}/metadata/idp-metadata.xml', 'idp.entityID.metadataFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('2', 'Core', 'idp.properties', 'Used to point to additional property files to load. All properties must be unique and are ultimately pooled into a single unordered set.', 'all', null, null, 'Comma seperated list of values ex. /conf/ldap.properties, /conf/services.properties', null, 'idp.additionalProperties', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('23', 'SecurityConfiguration', 'idp.properties', 'Keystore resource containing AES encryption key usually a file path', 'all', null, null, 'resource path', null, 'idp.sealer.storeResource', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('12', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will be limited to TLS', 'all', null, null, null, 'false', 'idp.cookie.secure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('71', 'SessionConfiguration', 'idp.properties', 'Whether to hide storage failures from users during session cache reads/writes', 'all', null, null, null, 'false', 'idp.session.maskStorageFailure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('130', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A resource to load trust anchors from when using sslConfig = certificateTrust', 'all', null, null, 'resource path ex. %{idp.home}/credentials/ldap-server.crt - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.trustCertificates', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('11', 'Core', 'idp.properties', 'applies a (fixed) scope typically a domain-valued suffix to an input attribute''s values', 'all', null, null, null, null, 'idp.scope', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('14', 'SecurityConfiguration', 'idp.properties', 'Overrides the domain of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.domain', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('33', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SecurityConfiguration', 'all', null, null, 'Bean ID of SecurityConfiguration (net.shibboleth.idp.profile.config.SecurityConfiguration)', 'shibboleth.DefaultSecurityConfiguration', 'idp.security.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('34', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default SignatureSigningConfiguration', 'all', null, null, 'Bean ID of SignatureSigningConfiguration (org.opensaml.xmlsec)', 'shibboleth.SigningConfiguration.SHA256', 'idp.signing.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('8', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for short-lived SAML Artifact mappings (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.artifact.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('18', 'SecurityConfiguration', 'idp.properties', 'Predicate condition bean controlling whether SameSite filter runs', 'all', null, null, 'Bean ID of Predicate', 'shibboleth.Conditions.FALSE', 'idp.cookie.sameSiteCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('15', 'SecurityConfiguration', 'idp.properties', 'Overrides the path of any cookies issued by the IdP (not including the container)', 'all', null, null, null, null, 'idp.cookie.path', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('20', 'SecurityConfiguration', 'idp.properties', 'Type of Java keystore used for IdP''s internal AES encryption key', 'all', null, null, null, 'JCEKS', 'idp.sealer.storeType', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('40', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped messages', 'all', null, null, null, 'PT3M', 'idp.policy.messageLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('41', 'SecurityConfiguration', 'idp.properties', 'Default freshness window for accepting timestamped assertions', 'all', null, null, null, 'PT3M', 'idp.policy.assertionLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('42', 'SecurityConfiguration', 'idp.properties', 'Default allowance for clock differences between systems', 'all', null, null, null, 'PT3M', 'idp.policy.clockSkew', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('57', 'StorageConfiguration', 'idp.properties', 'Interval of background thread sweeping server-side storage for expired records', 'all', null, null, null, 'PT10M', 'idp.storage.cleanupInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('69', 'SessionConfiguration', 'idp.properties', 'Inactivity timeout policy for IdP sessions (must be non-zero)', 'all', null, null, null, 'PT60M', 'idp.session.timeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('70', 'SessionConfiguration', 'idp.properties', 'Extra time after expiration before removing SP sessions in case a logout is invoked', 'all', null, null, null, '0', 'idp.session.slop', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('24', 'SecurityConfiguration', 'idp.properties', 'Resource that tracks the active AES encryption key version usually a file path', 'all', null, null, null, null, 'idp.sealer.versionResource', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('66', 'SessionConfiguration', 'idp.properties', 'Number of characters in IdP session identifiers', 'all', null, null, null, '32', 'idp.session.idSize', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('27', 'SecurityConfiguration', 'idp.properties', 'Resource containing private key for signing typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('50', 'Core', 'idp.properties', 'Location from which to load user-supplied webflows from', 'all', null, null, 'resource path', '%{idp.home}/flows', 'idp.webflows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('22', 'SecurityConfiguration', 'idp.properties', 'Case insensitive name of keystore alias prefix used in AES keystore (the entries will be suffixed by the key version number)', 'all', null, null, null, 'secret', 'idp.sealer.aliasBase', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('37', 'SecurityConfiguration', 'idp.properties', 'Sets the default strategy for key agreement key wrap usage for credentials from metadata if not otherwise configured on the security configuration', 'all', null, null, null, 'Default', 'idp.encryption.keyagreement.metadata.defaultUseKeyWrap', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('46', 'CSRF', 'idp.properties', 'Name of the HTTP parameter that stores the CSRF token', '4', null, null, null, 'csrf_token', 'idp.csrf.token.parameter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('61', 'StorageConfiguration', 'idp.properties', 'Storage back-end to use for message replay checking (must be server-side)', 'all', null, null, 'Bean ID of a StorageService (org.opensaml.storage)', 'shibboleth.StorageService', 'idp.replayCache.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('38', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify signatures', 'all', null, null, 'Bean ID of SignatureTrustEngine (org.opensaml.xmlsec.signature.support)', 'shibboleth.ChainingSignatureTrustEngine', 'idp.trust.signatures', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('36', 'SecurityConfiguration', 'idp.properties', 'If true failure to locate an encryption key to use won''t result in request failure', 'all', null, null, null, 'false', 'idp.encryption.optional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('52', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to expose detailed error causes in status information provided to outside parties', 'all', null, null, null, 'false', 'idp.errors.detailed', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('58', 'StorageConfiguration', 'idp.properties', 'Whether to use HTML Local Storage (if available) instead of cookies', 'all', null, null, null, 'false', 'idp.storage.htmlLocalStorage', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('47', 'Core', 'idp.properties', 'Auto-configures an HSTS response header', 'all', null, null, null, 'max-age=0', 'idp.hsts', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('49', 'Core', 'idp.properties', 'Auto-configures a Content Security Policy response header', 'all', null, null, null, 'frame-ancestors ''none''', 'idp.csp', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('25', 'SecurityConfiguration', 'idp.properties', 'Keystore password unlocking AES encryption keystore typically set during installation', 'all', null, null, null, null, 'idp.sealer.storePassword', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('54', 'ErrorHandlingConfiguration', 'idp.properties', 'The default view name to render for exceptions and events', 'all', null, null, null, 'error', 'idp.errors.defaultView', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('59', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default per-session instance of the client storage service', 'all', null, null, null, 'shib_idp_session_ss', 'idp.storage.clientSessionStorageName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('51', 'Core', 'idp.properties', 'Location from which to load user-modifiable Velocity view templates. This can be set to include "classpath*:/META-INF/net/shibboleth/idp/views" (or equivalent) to load templates from the classpath, such as from extension jars, but doing so disables suppor', 'all', null, null, 'Comma seperated list of values', '%{idp.home}/views', 'idp.views', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('48', 'Core', 'idp.properties', 'Auto-configures an X-Frame-Options response header', 'all', null, null, null, 'DENY', 'idp.frameoptions', 'SELECTION_LIST', 'DENY,SAMEORIGIN', null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('74', 'SessionConfiguration', 'idp.properties', 'Default length of time to maintain record of an SP session (must be non-zero), overridable by relying-party-specific setting', 'all', null, null, null, 'PT2H', 'idp.session.defaultSPlifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('76', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default amount of time to allow reuse prior authentication flows', 'all', null, null, 'measured since first usage', 'PT60M', 'idp.authn.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('77', 'AuthenticationConfiguration', 'authn/authn.properties', 'Default inactivity timeout to prevent reuse of prior authentication flows', 'all', null, null, 'measured since last usage', 'PT30M', 'idp.authn.defaultTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('86', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.attribute-release.userStorageKeyAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('98', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using space-limited storage (e.g. cookies), 0 = no limit', 'all', null, null, null, '10', 'idp.consent.maxStoredRecords', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('28', 'SecurityConfiguration', 'idp.properties', 'Resource containing the public key certificate inserted into signed messages typically a file in the credentials directory', 'all', null, null, null, null, 'idp.signing.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('100', 'ConsentConfiguration', 'idp.properties', 'Time in milliseconds to expire consent storage records', '4.x', null, null, '(v4.0=P1Y,v4.1=infinite)', null, 'idp.consent.storageRecordLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('90', 'ConsentConfiguration', 'idp.properties', 'Attribute whose value is the storage key representing a user', 'all', null, null, null, 'uid', 'idp.consent.terms-of-use.userStorageKeyAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('91', 'ConsentConfiguration', 'idp.properties', 'Suffix of message property used as value of consent storage records when idp.consent.compareValues is true', 'all', null, null, null, '.text', 'idp.consent.terms-of-use.consentValueMessageCodeSuffix', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('31', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate private key for decryption generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.key.2', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('84', 'ConsentConfiguration', 'idp.properties', 'Name of storage service used to store users'' consent choices', 'all', null, null, null, 'shibboleth.ClientPersistentStorageService', 'idp.consent.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('85', 'ConsentConfiguration', 'idp.properties', 'Name of function used to return the String storage key representing a user defaults to the principal name', 'all', null, null, null, 'shibboleth.consent.PrincipalConsentStorageKey', 'idp.consent.attribute-release.userStorageKey', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('72', 'SessionConfiguration', 'idp.properties', 'Whether to save a record of every SP accessed during an IdP session (requires a server-side session store or HTML LocalStorage)', 'all', null, null, null, 'false', 'idp.session.trackSPSessions', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('73', 'SessionConfiguration', 'idp.properties', 'Whether to track SPs on the basis of the SAML subject ID used, for logout purposes (requires SP session tracking be on)', 'all', null, null, null, 'false', 'idp.session.secondaryServiceIndex', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('55', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defing Properties mapping exception class names to error views. The matching by class name does not support wildcards, but does do substring matches (so it''s not necessary to fully qualify the class).', 'all', null, null, 'Bean ID of Properties (java.util.Properties)', null, 'idp.errors.excludedExceptions', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('56', 'ErrorHandlingConfiguration', 'idp.properties', 'Bean defining Collection identifying exception classes to ignore (causing them to bubble outward, so use with caution)', 'all', null, null, 'Bean ID of Collection (java.util)', null, 'idp.errors.exceptionMappings', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('79', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to prioritize prior authentication results when an SP requests more than one possible matching method', 'all', null, null, null, 'false', 'idp.authn.favorSSO', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('81', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to fail requests if a user identity after authentication doesn''t match the identity in a pre-existing session.', 'all', null, null, null, 'false', 'idp.authn.identitySwitchIsError', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('32', 'SecurityConfiguration', 'idp.properties', 'Resource containing an alternate public key certificate generally unused except while changing decryption keys', 'all', null, null, null, null, 'idp.encryption.cert.2', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('30', 'SecurityConfiguration', 'idp.properties', 'Resource containing a public key certificate given to others needing to encrypt data for the IdP typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('29', 'SecurityConfiguration', 'idp.properties', 'Resource containing a private key for decryption typically a file in the credentials directory', 'all', null, null, 'resource path', null, 'idp.encryption.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('75', 'AuthenticationConfiguration', 'authn/authn.properties', 'Required expression that identifies the login flows to globally enable', 'all', null, null, 'ex. Password, MA, DUO', null, 'idp.authn.flows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('60', 'StorageConfiguration', 'idp.properties', 'Name of cookie or HTML storage key used by the default persistent instance of the client storage service', 'all', null, null, null, 'shib_idp_persistent_ss', 'idp.storage.clientPersistentStorageName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('26', 'SecurityConfiguration', 'idp.properties', 'Key password unlocking AES encryption key typically set to the same as the previous property and set during installation', 'all', null, null, null, null, 'idp.sealer.keyPassword', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('65', 'SessionConfiguration', 'idp.properties', 'Name of cookie containing IdP session ID (note this is not the same as the cookie the Java container uses to track its own sessions)', '4.2', null, null, null, 'shib_idp_session', 'idp.session.cookieName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('82', 'AuthenticationConfiguration', 'authn/authn.properties', 'Provides a static discovery URL to use for external discovery this property replaces the need for the XML-defined bean used in V4.0 for this purpose', '4.1', null, null, null, null, 'idp.authn.discoveryURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('99', 'ConsentConfiguration', 'idp.properties', 'Maximum number of records stored when using larger/server-side storage, 0 = no limit', 'all', null, null, null, '0', 'idp.consent.expandedMaxStoredRecords', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('88', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.attribute-release.auditFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('93', 'ConsentConfiguration', 'idp.properties', 'Default consent auditing formats', 'all', null, null, 'Logback logging pattern', '%T|%SP|%e|%u|%CCI|%CCV|%CCA', 'idp.consent.terms-of-use.auditFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('121', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'GeneralImpersonationPolicy', 'idp.impersonate.generalPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('152', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to search with the validateFilter: defaults to the rootDSE', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.pool.LDAP.validateDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('122', 'Core', 'idp.properties', 'Policies to use with Impersonate interceptor flow', 'all', null, null, 'Policy ID', 'SpecificImpersonationPolicy', 'idp.impersonate.specificPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('124', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection URI for LDAP directory', 'all', null, null, 'LDAP URI ex. ldap://localhost or ldaps://localhost - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.ldapURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('114', 'FTICKSLoggingConfiguration', 'idp.properties', 'Digest algorithm used to obscure usernames', 'all', null, null, null, 'SHA-2', 'idp.fticks.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('116', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog host', 'all', null, null, null, 'localhost', 'idp.fticks.loghost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('112', 'FTICKSLoggingConfiguration', 'idp.properties', 'Enables F-TICKS output and specifies the value of the federation-identifier field', 'all', null, null, null, null, 'idp.fticks.federation', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('137', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Password to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator usually set via %{idp.home}/credentials/secrets.properties', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDNCredential', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('115', 'FTICKSLoggingConfiguration', 'idp.properties', 'A salt to apply when digesting usernames (if not specified, the username will not be included)', 'all', null, null, null, null, 'idp.fticks.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('138', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'A formatting string to generate the user DNs to authenticate when using an LDAP.authenticator of directAuthenticator or adAuthenticator', 'all', null, null, 'ex. uid=%s,ou=people,dc=example,dc=org or for AD %s@domain.com - The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.dnFormat', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('109', 'CasProtocolConfiguration', 'idp.properties', 'Storage service used by CAS protocol for chained proxy-granting tickets and when using server-managed "simple" TicketService. MUST be server-side storage (e.g. in-memory, memcached, database)', 'all', null, null, null, 'shibboleth.StorageService', 'idp.cas.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('113', 'FTICKSLoggingConfiguration', 'idp.properties', 'Optional bean name of a Predicate to use to decide whether to run', '4.1', null, null, null, null, 'idp.fticks.condition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('110', 'CasProtocolConfiguration', 'idp.properties', 'CAS service registry implementation class', 'all', null, null, null, 'net.shibboleth.idp.cas.service.PatternServiceRegistry', 'idp.cas.serviceRegistryClass', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('107', 'Core', 'idp.properties', 'Allows the HttpClient used for SOAP communication to be overriden (applies to SAML logout via SOAP)', 'all', null, null, 'Bean ID of HttpClient to use for SOAP-based logout', 'SOAPClient.HttpClient', 'idp.soap.httpClient', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('106', 'LogoutConfiguration', 'idp.properties', 'Applies the "display:none" style to the list of SPs and logout status reporting images so that logout status is not visibly reported to the user', '4.2', null, null, null, 'false', 'idp.logout.propagationHidden', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('119', 'Core', 'idp.properties', 'Set to true to fail on velocity syntax errors', 'all', null, null, null, 'false', 'idp.velocity.runtime.strictmode', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('162', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Name of a service principal to use to verify the KDC supplying the TGT by requesting and verifying a service ticket issued for it', '4.1', null, null, null, null, 'idp.authn.Krb5.servicePrincipal', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('117', 'FTICKSLoggingConfiguration', 'idp.properties', 'The remote syslog port', 'all', null, null, null, '514', 'idp.fticks.logport', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('120', 'Core', 'idp.properties', 'Path to use with External interceptor flow', 'all', null, null, null, 'contextRelative:intercept.jsp', 'idp.intercept.External.externalPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('108', 'Core', 'idp.properties', 'languages to use if no match can be found with the browser-supported languages', 'all', null, null, 'Comma seperated list of values ex. en, fr, de', null, 'idp.ui.fallbackLanguages', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('154', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between looking for idle connections to reduce the pool back to its minimum size', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.prunePeriod', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('151', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Duration between validation if idp.pool.LDAP.validatePeriodically is true', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT5M', 'idp.pool.LDAP.validatePeriod', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('166', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.External', null, null, '1000', 'idp.authn.External.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('141', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Policy Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordPolicy', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('321', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('176', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.External', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.External.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('153', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Search filter to execute in order to validate a pooled connection', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', '(objectClass=*)', 'idp.pool.LDAP.validateFilter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('191', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('192', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUser', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUser.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('184', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('185', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('187', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('181', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUser', null, 'regex expected', null, 'idp.authn.RemoteUser.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('202', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'A regular expression that must match the username', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('158', 'JAASAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited set of JAAS application configuration names to use', '4.1', null, null, null, 'ShibUserPassAuth', 'idp.authn.JAAS.loginConfigNames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('164', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.External', null, null, 'contextRelative:external.jsp', 'idp.authn.External.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('221', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Servlet-relative path to the SPNEGO external authentication implementation', '4.1', 'idp.authn.SPNEGO', null, 'URL path', '/Authn/SPNEGO', 'idp.authn.SPNEGO.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('207', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.RemoteUserInternal', null, null, '1000', 'idp.authn.RemoteUserInternal.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('224', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.SPNEGO', null, 'regex expected', null, 'idp.authn.SPNEGO.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('211', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.RemoteUserInternal.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('206', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Regular expression to match username against', '4.1', 'idp.authn.RemoteUserInternal', null, 'regex expected', null, 'idp.authn.RemoteUserInternal.matchExpression', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('214', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.RemoteUserInternal.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('216', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('217', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.RemoteUserInternal.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('230', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SPNEGO.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('208', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('215', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.RemoteUserInternal.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('540', 'OPMetadataPolicies', 'oidc.properties', 'Full path to the file containing default metadata policy used for dynamic client registration', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.dynreg.defaultMetadataPolicyFile', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('205', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Spring Web Flow redirection expression for the protected resource', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'contextRelative:external.jsp', 'idp.authn.RemoteUserInternal.externalAuthnPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('225', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Name of cookie used to track auto-login state of client', '4.2', 'idp.authn.SPNEGO', null, null, '_idp_spnego_autologin', 'idp.authn.SPNEGO.cookieName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('303', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('304', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Duo AuthAPI secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.nonbrowser.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('197', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited lists of request attributes to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('226', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.SPNEGO', null, null, '1000', 'idp.authn.SPNEGO.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('218', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer controlling result reuse for SSO', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('236', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.SPNEGO', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SPNEGO.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('250', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('251', 'X509AuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.X509', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('242', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('234', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SPNEGO.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('248', 'X509AuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('249', 'X509AuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.X509', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('263', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.X509Internal.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('243', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('244', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('399', 'ReloadableServices', 'services.properties', 'Shortcut for controlling the encoding of xsi:type information for all SAML transcoding rules in the registry', 'all', null, null, null, 'true', 'idp.service.attribute.registry.encodeType', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('403', 'ReloadableServices', 'services.properties', 'Whether attribute resolution failure should silently produce no attributes or cause an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.resolver.maskFailures', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('405', 'ReloadableServices', 'services.properties', 'Setting this to false re-enables the legacy behavior of looking up the display information for the resolved attributes during resolution. As from 4.2 this the display information is looked up at point of use (during the attribute consent flow) and so ther', '4.2', null, null, null, 'true', 'idp.service.attribute.resolver.suppressDisplayInfo', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('264', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.X509Internal.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('198', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of request headers to check for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.checkHeaders', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('203', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to accept while blocking all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.allowedUsernames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('204', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of usernames to deny while accepting all others', '4.1', 'idp.authn.RemoteUserInternal', null, null, null, 'idp.authn.RemoteUserInternal.deniedUsernames', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('219', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.RemoteUserInternal.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('360', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:mace:shibboleth:1.0:nameIdentifier', 'idp.nameid.saml1.default', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('241', 'X509AuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.X509', null, null, '1000', 'idp.authn.X509.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('256', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.X509Internal.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('237', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer to run just prior to AuthnRequest signing/encoding step', '4.1', null, null, null, null, 'idp.authn.SAML.outboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('265', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('266', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.X509Internal.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('291', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.Function.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('292', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.Function', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.Function.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('579', 'OPSubClaim', 'oidc.properties', 'Salt to inject for randomness should generally be moved into credentials/secrets.properties to avoid committing to configuration repository', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('598', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The client secret used to verify the client in exchanging the authorization code for a Duo 2FA result token (id_token).', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('608', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI integration key supplied by Duo', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.nonbrowser.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('643', 'Metadatagen', 'mdgen.properties', 'A space separated list of languages used to lookup values formed appending each one to the name and description properties idp.metadata.idpsso.mdui.displayname. and idp.metadata.idpsso.mdui.description.. If this is absent then an is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.displayname.', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('279', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('280', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.IPAddress', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.IPAddress.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('293', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('294', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Function', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Function.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('319', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('320', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', 'idp.authn.Duo', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.Duo.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('353', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('314', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.Duo.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('311', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('336', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.SAML.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('358', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for generating transient IDs', 'all', null, null, 'Bean ID of a TransientIdGenerationStrategy', 'shibboleth.CryptoTransientIdGenerator', 'idp.transientId.generator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('333', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', null, null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.SAML.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('348', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow enforces upstream IdP imposed restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.MFA.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('327', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of Function to run at the late stages of Response decoding/processing', '4.1', null, null, null, null, 'idp.authn.SAML.inboundMessageHandlerFunction', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('328', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Optional bean ID of AssertionValidator to run', '4.1', null, null, null, null, 'idp.authn.SAML.assertionValidator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('338', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate controlling result reuse for SSO', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('339', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of Predicate determining whether flow is usable for request', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.SAML.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('337', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', null, null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.SAML.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('351', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.MFA.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('352', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.MFA', null, null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.MFA.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('330', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.SAML.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('296', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Function', null, null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport,saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password,saml1/urn:oasis:names:tc:SAML:1.0:am:password', 'idp.authn.Function.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('305', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Factor', 'idp.duo.nonbrowser.header.factor', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('306', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Device', 'idp.duo.nonbrowser.header.device', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('331', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('332', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.SAML.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('335', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.SAML.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('307', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'X-Shibboleth-Duo-Passcode', 'idp.duo.nonbrowser.header.passcode', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('299', 'DuoAuthnConfiguration', 'authn/duo.properties', 'A secret supplied by you and not shared with Duo; see https://duo.com/docs/duoweb-v2, "Generate an akey".', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.applicationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('300', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb integration key (supplied by Duo as Client ID)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.integrationKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('322', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principal strings associated with flow', '4.1', 'idp.authn.Duo', null, null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.Duo.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('301', 'DuoAuthnConfiguration', 'authn/duo.properties', 'DuoWeb secret key (supplied by Duo as Client secret)', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', null, 'idp.duo.secretKey', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('325', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Statically-defined entityID of IdP to use for authentication', '4.1', null, null, null, null, 'idp.authn.SAML.proxyEntityID', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('359', 'NameIDGenerationConfiguration', 'saml-nameid.properties', 'Default Format to generate if nothing else is indicated', 'all', null, null, null, 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient', 'idp.nameid.saml2.default', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('329', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', null, null, null, '1000', 'idp.authn.SAML.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('344', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.MFA', null, null, '1000', 'idp.authn.MFA.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('340', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.authn.MFA', null, null, 'shibboleth.Conditions.TRUE', 'idp.authn.MFA.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('370', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Advanced feature allowing revocation or regeneration of computed persistent IDs for specific subjects or services', 'all', null, null, null, 'shibboleth.ComputedIdExceptionMap', 'idp.persistentId.exceptionMap', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('388', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for RelyingPartyConfiguration', 'all', null, null, null, 'shibboleth.RelyingPartyResolverResources', 'idp.service.relyingparty.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('367', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'An encoded form of the persistentId.salt', 'all', null, null, null, null, 'idp.persistentId.encodedSalt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('389', 'ReloadableServices', 'services.properties', 'Fail at startup if RelyingPartyConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.relyingparty.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('362', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies a data source for storage-based management of persistent IDs', 'all', null, null, 'Bean ID of a JDBC DataSource', null, 'idp.persistentId.dataSource', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('361', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Identifies the strategy plugin for sourcing persistent IDs', 'all', null, null, 'Bean ID of a PairwiseIdStore', 'shibboleth.ComputedPersistentIdGenerator', 'idp.persistentId.generator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('391', 'ReloadableServices', 'services.properties', 'See MetadataDrivenConfiguration SAML Attribute Name Format Usage', 'all', null, null, null, 'false', 'idp.service.relyingparty.ignoreUnmappedEntityAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('393', 'ReloadableServices', 'services.properties', 'Fail at startup if MetadataConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.metadata.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('368', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The hash algorithm used when using computed persistent IDs', 'all', null, null, null, 'SHA', 'idp.persistentId.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('423', 'ReloadableServices', 'services.properties', 'Seconds between reloads of message property resources', 'all', null, null, null, '300', 'idp.message.cacheSeconds', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('392', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for MetadataConfiguration', 'all', null, null, null, 'shibboleth.MetadataResolverResources', 'idp.service.metadata.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('396', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeRegistryConfiguration', 'all', null, null, null, 'shibboleth.AttributeRegistryResources', 'idp.service.attribute.registry.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('400', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeResolverConfiguration', 'all', null, null, null, 'shibboleth.AttributeResolverResources', 'idp.service.attribute.resolver.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('398', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeRegistryConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.registry.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('406', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AttributeFilterConfiguration', 'all', null, null, null, 'shibboleth.AttributeFilterResources', 'idp.service.attribute.filter.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('402', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeResolverConfiguration and reload service. A value of 0 indicates that the service configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.resolver.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('410', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for NameIDGenerationConfiguration', 'all', null, null, null, 'shibboleth.NameIdentifierGenerationResources', 'idp.service.nameidGeneration.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('413', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for AccessControlConfiguration', 'all', null, null, null, 'shibboleth.AccessControlResource', 'idp.service.access.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('416', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for CASServiceRegistry configuration', 'all', null, null, null, 'shibboleth.CASServiceRegistryResources', 'idp.service.cas.registry.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('408', 'ReloadableServices', 'services.properties', 'Time to notice changes to AttributeFilterConfiguration and reload service A value of 0 indicates that the attribute filter configuration never reloads', 'all', null, null, null, '0', 'idp.service.attribute.filter.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('412', 'ReloadableServices', 'services.properties', 'Time to notice changes to NameIDGenerationConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.nameidGeneration.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('415', 'ReloadableServices', 'services.properties', 'Time to notice changes to AccessControlConfiguration and reload service', 'all', null, null, null, '0', 'idp.service.access.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('418', 'ReloadableServices', 'services.properties', 'Time to notice CASServiceRegistry configuration changes and reload service', 'all', null, null, null, '0', 'idp.service.cas.registry.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('421', 'ReloadableServices', 'services.properties', 'Time to notice ManagedBeanConfiguration changes and reload service', 'all', null, null, null, '0', 'idp.service.managedBean.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('369', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'The final encoding applied to the hash generated when using computed persistent IDs: one of BASE32 or BASE64', 'all', null, null, null, 'BASE64', 'idp.persistentId.encoding', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('397', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeRegistryConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.registry.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('401', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeResolverConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('404', 'ReloadableServices', 'services.properties', 'Whether null values should be stripped from the results of the attribute resolution. This filtering happens prior to filtering and encoding, but after attribute resolution is complete. To strip nulls during attribute resolution (so that they will be invis', 'all', null, null, null, 'false', 'idp.service.attribute.resolver.stripNulls', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('407', 'ReloadableServices', 'services.properties', 'Fail at startup if AttributeFilterConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.attribute.filter.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('411', 'ReloadableServices', 'services.properties', 'Fail at startup if NameIDGenerationConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.nameidGeneration.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('417', 'ReloadableServices', 'services.properties', 'Fail at startup if CASServiceRegistry configuration is invalid', 'all', null, null, null, 'false', 'idp.service.cas.registry.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('373', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of error strings to identify as retryable failures', '4.1', null, null, null, '23000,23505', 'idp.persistentId.retryableErrors', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('364', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'List of attributes to search for a value to uniquely identify the subject of a persistent identifier that MUST be stable long-lived and non-reassignable', 'all', null, null, null, null, 'idp.persistentId.sourceAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('375', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides the name of the table in the database', '4.1', null, null, null, 'shibpid', 'idp.persistentId.tableName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('376', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localEntity', 'idp.persistentId.localEntityColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('377', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerEntity', 'idp.persistentId.peerEntityColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('378', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'principalName', 'idp.persistentId.principalNameColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('379', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'localId', 'idp.persistentId.sourceIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('380', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'persistentId', 'idp.persistentId.persistentIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('381', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'peerProvidedId', 'idp.persistentId.peerProvidedIdColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('419', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying resources to use for ManagedBeanConfiguration', 'all', null, null, null, 'shibboleth.ManagedBeanResources', 'idp.service.managedBean.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('422', 'ReloadableServices', 'services.properties', 'Name of Spring bean identifying Spring message property resources', 'all', null, null, null, 'shibboleth.MessageSourceResources', 'idp.message.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('560', 'OPDiscovery', 'oidc.properties', 'Implementation bean for discovery shouldn''t require alteration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.DefaultOpenIdConfigurationResolver', 'idp.oidc.discovery.resolver', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('574', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function called shibboleth.oidc.AllowedScopeStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedScope', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('575', 'OPClientCredentialsGrant', 'oidc.properties', 'bean of type Function> called shibboleth.oidc.AllowedAudienceStrategy', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oauth2.defaultAllowedAudience', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('570', 'OPDynamicClientRegistration', 'oidc.properties', 'Bean ID of type Function>, used to locate metadata policy based on the policyLocation parameter. Defaults to a caching resolver locating server resources to load based on policyLocation parameter.', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.admin.DefaultMetadataPolicyLookupStrategy', 'idp.oidc.admin.registration.lookup.policy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('382', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'creationDate', 'idp.persistentId.createTimeColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('383', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Overrides database column names', '4.1', null, null, null, 'deactivationDate', 'idp.persistentId.deactivationTimeColumn', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('573', 'OPClientResolution', 'oidc.properties', 'Name of bean used to define the resources to use in configuring this service', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ClientInformationResolverResources', 'idp.service.clientinfo.resources', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('650', 'OIDC OP', 'oidc.properties', 'Storage for storing remote jwk sets.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.StorageService', 'idp.oidc.jwk.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('433', 'MetadataReload', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('434', 'MetadataReload', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.reload.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('366', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'A secret salt for the hash when using computed persistent IDs', 'all', null, null, null, null, 'idp.persistentId.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('428', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('430', 'Status', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.status.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('424', 'Status', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Status', 'idp.status.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('425', 'Status', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.status.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('431', 'MetadataReload', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Reload', 'idp.reload.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('435', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('438', 'AACLI', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'ResolverTest', 'idp.resolvertest.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('437', 'MetadataReload', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.reload.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('497', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of subjectAltName extension types to look for', '4.1', null, null, 'Comma seperated list of integer values', null, 'idp.c14n.x500.subjectAltNameTypes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('439', 'AACLI', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.resolvertest.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('442', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('444', 'AACLI', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.resolvertest.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('445', 'MetadataQuery', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'MetadataQuery', 'idp.mdquery.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('498', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attribute OIDs to search for in the subject DN', '4.1', null, null, 'Comma seperated list of integer values', '2,5,4,3', 'idp.c14n.x500.objectIDs', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('493', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Bean ID of a Predicate to evaluate to determine whether to run the Attribute Resolver or go directly to the Subject alone', '4.1', null, null, null, 'shibboleth.Conditions.TRUE', 'idp.c14n.attribute.resolutionCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('651', 'OIDC OP', 'oidc.properties', 'Bean to determine whether SAML metadata should be exploited for trusted OIDC RP resolution', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.metadata.saml', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('655', 'OIDC OP', 'oidc.properties', 'Bean used for extracting login_hint from the authentication request. The default function parses login_hint as is.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultRequestLoginHintLookupFunction', 'idp.oidc.LoginHintLookupStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('656', 'OIDC OP', 'oidc.properties', 'Bean used for creating SPSessions needed for SLO. By default builds protocol-independent BasicSPSession as SLO is not yet supported.', '4.1', 'idp.oidc.OP', '3', 'no doc', 'DefaultSPSessionCreationStrategy', 'idp.oidc.SPSessionCreationStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('19', 'SecurityConfiguration', 'idp.properties', 'Bean ID supporting the DataSealerKeyStrategy interface to use in place of the built-in option.', 'all', null, null, 'Bean ID of DataSealerKeyStrategy', 'shibboleth.DataSealerKeyStrategy', 'idp.sealer.keyStrategy', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('103', 'LogoutConfiguration', 'idp.properties', 'If the bean returns true the user is given the option to actually cancel the IdP logout outright and prevent removal of the session', 'all', null, null, 'Bean ID of Predicate', 'false', 'idp.logout.promptUser', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('44', 'SecurityConfiguration', 'idp.properties', 'Overrides the X509KeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.X509KeyInfoGeneratorFactory', 'idp.security.x509KeyInfoFactory', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('64', 'SessionConfiguration', 'idp.properties', 'Bean name of a storage implementation/configuration to use for IdP sessions', 'all', null, null, 'Bean ID of StorageService (org.opensaml.storage)', 'shibboleth.ClientSessionStorageService', 'idp.session.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('312', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('446', 'MetadataQuery', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByIPAddress', 'idp.mdquery.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('313', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('484', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('517', 'OIDC OP', 'oidc.properties', 'Set the Open ID Connect Issuer value', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.issuer', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('68', 'SessionConfiguration', 'idp.properties', 'A 2-argument predicate that compares a bound session''s address to a client address', 'all', null, null, 'BiPredicate', 'Direct string comparison', 'idp.session.consistentAddressCondition', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('518', 'OPToken', 'oidc.properties', 'Lifetime of ID token', '4.1', 'idp.oidc.OP', '3', null, 'PT1H', 'idp.oidc.idToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('524', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.encodedAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('529', 'OPAuthorization', 'oidc.properties', 'Bean ID of StorageService for revocation cache requires server-side storage', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.StorageService', 'idp.oidc.revocationCache.StorageService', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('545', 'OPSecurity', 'oidc.properties', 'Allows override of default signing configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.SigningConfiguration', 'idp.oidc.signing.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('546', 'OPSecurity', 'oidc.properties', 'Allows override of default encryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.EncryptionConfiguration', 'idp.oidc.encryption.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('547', 'OPSecurity', 'oidc.properties', 'Allows override of default request decryption configuration', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.oidc.requestObjectDecryptionConfiguration', 'idp.oidc.rodecrypt.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('519', 'OPToken', 'oidc.properties', 'Lifetime of access token', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oidc.accessToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('520', 'OPAuthorization', 'oidc.properties', 'Lifetime of authorization code', '4.1', 'idp.oidc.OP', '3', null, 'PT5M', 'idp.oidc.authorizeCode.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('521', 'OPToken', 'oidc.properties', 'Lifetime of refresh token', '4.1', 'idp.oidc.OP', '3', null, 'PT2H', 'idp.oidc.refreshToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('528', 'OPRevocation', 'oidc.properties', 'Lifetime of entries in revocation cache for authorize code', '4.1', 'idp.oidc.OP', '3', null, 'PT6H', 'idp.oidc.revocationCache.authorizeCode.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('535', 'OPToken', 'oidc.properties', 'Lifetime of access token issued to client for resource server', '4.1', 'idp.oidc.OP', '3', null, 'PT10M', 'idp.oauth2.accessToken.defaultLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('544', 'OPSecurity', 'oidc.properties', 'JWK RSA decryption keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-encryption-rsa.jwk', 'idp.signing.oidc.rsa.enc.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('543', 'OPSecurity', 'oidc.properties', 'JWK EC signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-es.jwk', 'idp.signing.oidc.es.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('449', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('451', 'MetadataQuery', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.mdquery.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('455', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('542', 'OPSecurity', 'oidc.properties', 'JWK RSA signing keypair', '4.1', 'idp.oidc.OP', '3', 'JWK file pathname', '%{idp.home}/credentials/idp-signing-rs.jwk', 'idp.signing.oidc.rs.key', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('452', 'MetricsConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Metrics', 'idp.metrics.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('457', 'MetricsConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.metrics.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('462', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.defaultAuthenticationMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('464', 'HelloWorldConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.hello.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('458', 'HelloWorldConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Hello', 'idp.hello.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('459', 'HelloWorldConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessByAdminUser', 'idp.hello.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('527', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to omit from UserInfo token', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.deniedUserInfoAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('526', 'OPAuthorization', 'oidc.properties', 'Specifies IdPAttributes to always include in ID token regardless of response_type', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', null, 'idp.oidc.alwaysIncludedAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('541', 'OPDynamicClientRegistration', 'oidc.properties', 'The acceptable client authentication methods when using dynamic registration', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.dynreg.tokenEndpointAuthMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('530', 'OPToken', 'oidc.properties', 'The acceptable client authentication methods', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'client_secret_basic,client_secret_post,client_secret_jwt,private_key_jwt', 'idp.oidc.tokenEndpointAuthMethods', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('531', 'OPToken', 'oidc.properties', 'OAuth grant types to allow', '4.1', 'idp.oidc.OP', '3', 'Comma seperated list of values', 'authorization_code,refresh_token', 'idp.oauth2.grantTypes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('553', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.oidc.OP', '3', null, '1000', 'idp.authn.OAuth2Client.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('565', 'OPDynamicClientRegistration', 'oidc.properties', 'Default access token lifetime if not specified', '4.1', 'idp.oidc.OP', '3', null, 'P1D', 'idp.oidc.admin.registration.defaultTokenLifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('572', 'OPClientResolution', 'oidc.properties', 'When non-zero enables monitoring of resources for service reload', '4.1', 'idp.oidc.OP', '3', null, 'PT0S', 'idp.service.clientinfo.checkInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('555', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Bean ID of BiConsumer determining whether flow is usable for request', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.Conditions.TRUE', 'idp.authn.OAuth2Client.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('558', 'OPCustomFilterRegistration', 'oidc.properties', 'By default this configures the values defined by the idp.hsts, idp.frameoptions and idp.csp properties into the corresponding HTTP headers and applies them to the OP plugin as well as the original IdP endpoints', '4.1', 'idp.oidc.OP', '3', null, 'shibboleth.ResponseHeaderFilter', 'idp.oidc.ResponseHeaderFilter', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('35', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean supplying the default EncryptionConfiguration', 'all', null, null, 'Bean ID of EncryptionConfiguration (org.opensaml.xmlsec)', 'shibboleth.EncryptionConfiguration.CBC', 'idp.encryption.config', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('43', 'SecurityConfiguration', 'idp.properties', 'Overrides the BasicKeyInfoGeneratorFactory used by default', '4.1', null, null, 'Bean ID of KeyInfoGeneratorManager (org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorManager)', 'shibboleth.BasicKeyInfoGeneratorFactory', 'idp.security.basicKeyInfoFactory', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('39', 'SecurityConfiguration', 'idp.properties', 'Name of Spring bean for the trust engine used to verify TLS certificates', 'all', null, null, 'Bean ID of TrustEngine (org.opensaml.security.trust)', 'shibboleth.ChainingX509TrustEngine', 'idp.trust.certificates', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('550', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether all validators must succeed or just one', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.authn.OAuth2Client.requireAll', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('552', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to keep the password around as a private credential in the Java Subject for use in later stages such as attribute resolution', '4.1', 'idp.oidc.OP', '3', 'use with caution as it retains the password and makes it available in plaintext from within server memory at various stages.', 'false', 'idp.authn.OAuth2Client.retainAsPrivateCredential', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('563', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to enable user authentication for requests', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('466', 'AccountLockoutManagement', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.lockout.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('472', '?', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'Storage', 'idp.storage.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('473', '?', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.storage.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('478', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Audit log identifier for flow', '4.1', null, null, null, 'UnlockKeys', 'idp.unlock-keys.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('561', 'OPDynamicClientRegistration', 'oidc.properties', 'Audit logging label for this profile', '4.1', 'idp.oidc.OP', '3', null, 'IssueRegistrationAccessToken', 'idp.oidc.admin.registration.logging', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('566', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to all requests', '4.1', 'idp.oidc.OP', '3', null, 'AccessByIPAddress', 'idp.oidc.admin.registration.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('584', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.DuoOIDC.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('610', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI factor', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Factor', 'idp.duo.oidc.nonbrowser.header.factor', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('580', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.DuoOIDC', '1', null, '1000', 'idp.authn.DuoOIDC.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('587', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.DuoOIDC.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('479', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Name of access control policy for request authorization', '4.1', null, null, null, 'AccessDenied', 'idp.unlock-keys.accessPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('483', 'AttendedRestartConfiguration', 'admin/admin.properties', '?', '4.1', null, null, null, null, 'idp.unlock-keys.postAuthenticationFlows', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('490', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to resolve (an empty list directs the resolver to resolve everything it can)', '4.1', null, null, null, null, 'idp.c14n.attribute.attributesToResolve', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('588', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.DuoOIDC.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('491', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Comma-delimited list of attributes to search for in the results looking for a StringAttributeValue or ScopedStringAttributeValue', '4.1', null, null, null, null, 'idp.c14n.attribute.attributeSourceIds', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('503', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml1sso', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('591', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.authn.DuoOIDC.subjectDecorator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('589', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('590', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.DuoOIDC', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.DuoOIDC.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('315', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('316', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Duo', null, null, 'false', 'idp.authn.Duo.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('481', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.unlock-keys.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('482', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.unlock-keys.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('485', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.simple.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('581', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('45', 'CSRF', 'idp.properties', 'Enables CSRF protection', '4', null, null, null, 'true', 'idp.csrf.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('522', 'OPToken', 'oidc.properties', 'Whether client is required to use PKCE', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.forcePKCE', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('615', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for the connection to be established', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('612', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI passcode', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Passcode', 'idp.duo.oidc.nonbrowser.header.passcode', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('642', 'Metadatagen', 'mdgen.properties', 'The width of the logo in pixels', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.width', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('635', 'TOTP', 'authn/authn.properties', 'Bean ID ofBiConsumer for subject customization', '4.1', 'idp.authn.TOTP', '1', null, null, 'idp.authn.TOTP.subjectDecorator', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('633', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate controlling result reuse for SSO', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.reuseCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('616', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum length of time to wait for a connection to be returned from the connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.connectionRequestTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('617', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Maximum period inactivity between two consecutive data packets', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'PT1M', 'idp.duo.oidc.socketTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('631', 'TOTP', 'authn/authn.properties', 'Lifetime of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultLifetime:PT1H}', 'idp.authn.TOTP.lifetime', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('632', 'TOTP', 'authn/authn.properties', 'Inactivity timeout of results produced by this flow', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.defaultTimeout:PT30M}', 'idp.authn.TOTP.inactivityTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('641', 'Metadatagen', 'mdgen.properties', 'The height of the logo in pixels.', '4.1', 'idp.metadatagen', '1', null, '80', 'idp.metadata.idpsso.mdui.logo.height', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('634', 'TOTP', 'authn/authn.properties', 'Bean ID ofPredicate determining whether flow is usable for request', '4.1', 'idp.authn.TOTP', '1', null, 'shibboleth.Conditions.TRUE', 'idp.authn.TOTP.activationCondition', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('628', 'TOTP', 'authn/authn.properties', 'Whether the flow enforces upstream IdP-imposed restrictions on proxying', '4.1', 'idp.authn.TOTP', '1', null, '%{idp.authn.enforceProxyRestrictions:true}', 'idp.authn.TOTP.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('620', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'To enable certificate revocation checking', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, 'false', 'idp.duo.oidc.nimbus.checkRevocation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('625', 'TOTP', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('626', 'TOTP', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('53', 'ErrorHandlingConfiguration', 'idp.properties', 'Whether to digitally sign error responses in SAML or similar protocols, if signing is otherwise warranted (this can prevent a simple denial of service vector, since errors are simple to trigger)', 'all', null, null, null, 'true', 'idp.errors.signed', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('504', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml1attrquery', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('505', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml1artifact', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('506', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.saml2sso', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('618', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max total simultaneous connections allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsTotal', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('619', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Max simultaneous connections per route allowed by the pooling connection manager', '4.1', 'idp.authn.DuoOIDC', '1 (nimbus)', null, '100', 'idp.duo.oidc.maxConnectionsPerRoute', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('624', 'TOTP', 'authn/authn.properties', 'Flow priority relative to other enabled login flows (lower is "higher" in priority)', '4.1', 'idp.authn.TOTP', '1', null, '1000', 'idp.authn.TOTP.order', 'INTEGER', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('640', 'Metadatagen', 'mdgen.properties', 'Specifies the path part of the URL which describes a logo for the IdP. The protocol is hard wired to be https:// and the DNS name is used for the host. The is always emitted. If this is absent then then a fixed path (''/path/to/logo'') is use', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.logo.path', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('639', 'Metadatagen', 'mdgen.properties', 'Specifies the path to the certificate protecting the back channel. This should not be used in conjunction with the --backChannel qualifier.', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.backchannel.cert', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('638', 'Metadatagen', 'mdgen.properties', 'Supplies the DNS name used within the URLs specifying the end points. This should not be used in conjunction with the --DNSName qualifier', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.dnsname', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('647', 'OIDC OP', 'oidc.properties', 'The validity of client secret registered', '4.1', 'idp.oidc.OP', '3', 'no doc', 'P12M', 'idp.oidc.dynreg.defaultSecretExpiration', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('652', 'OIDC OP', 'oidc.properties', 'Upgrade interval to the remote JWKs', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT30M', 'idp.oidc.jwksuri.fetchInterval', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('653', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT5M', 'idp.oidc.config.minRefreshDelay', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('654', 'OIDC OP', 'oidc.properties', 'Bounds on the next file refresh of the OP configuration resource', '4.1', 'idp.oidc.OP', '3', 'no doc', 'PT4H', 'idp.oidc.config.maxRefreshDelay', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('507', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'AttributeQuery', 'idp.service.logging.saml2attrquery', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('508', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ArtifactResolution', 'idp.service.logging.saml2artifact', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('509', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.saml2slo', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('510', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Logout', 'idp.service.logging.logout', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('511', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'SSO', 'idp.service.logging.cas', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('512', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Status', 'idp.service.logging.status', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('513', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'ResolverTest', 'idp.service.logging.resolvertest', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('514', 'AuditLoggingConfiguration', 'services.properties', 'Suffix added to audit logging category when various profiles/flows are audited', 'all', null, null, 'you can use this to route different kinds of audit records to different destinations based on general function', 'Reload', 'idp.service.logging.serviceReload', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('515', 'AuditLoggingConfiguration', 'services.properties', 'Hash algorithm to apply to various hashed fields', '4.1', null, null, null, 'SHA-256', 'idp.audit.hashAlgorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('516', 'AuditLoggingConfiguration', 'services.properties', 'Salt to apply to hashed fields must be set to use those fields', '4.1', null, null, null, null, 'idp.audit.salt', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('536', 'OPRevocation', 'oidc.properties', 'The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens). TOKEN refers to revoking single token', '4.1', 'idp.oidc.OP', '3', null, 'CHAIN', 'idp.oauth2.revocationMethod', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('538', 'OPDynamicClientRegistration', 'oidc.properties', 'The default scopes accepted in dynamic registration', '4.1', 'idp.oidc.OP', '3', null, 'openid profile email address phone offline_access', 'idp.oidc.dynreg.defaultScope', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('539', 'OPDynamicClientRegistration', 'oidc.properties', 'The default subject type if not set by client in request. Maybe set to pairwise or public.', '4.1', 'idp.oidc.OP', '3', null, 'public', 'idp.oidc.dynreg.defaultSubjectType', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('533', 'OPToken', 'oidc.properties', 'Format of access token. Supported values are JWT or nothing.', '4.1', 'idp.oidc.OP', '3.2', null, null, 'idp.oauth2.accessToken.type', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('567', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyLocation', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyLocationPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('568', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a policyId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.policyIdPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('569', 'OPDynamicClientRegistration', 'oidc.properties', 'Name of access control policy to apply to requests specifying a clientId', '4.1', 'idp.oidc.OP', '3', null, 'AccessByAdmin', 'idp.oidc.admin.registration.clientIdPolicy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('577', 'OPSubClaim', 'oidc.properties', 'The source attribute used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, null, 'idp.oidc.subject.sourceAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('578', 'OPSubClaim', 'oidc.properties', 'The digest algorithm used in generating the sub claim', '4.1', 'idp.oidc.OP', '3', null, 'SHA', 'idp.oidc.subject.algorithm', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('594', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'DuoOIDC API hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.apiHost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('649', 'OIDC OP', 'oidc.properties', 'Bean to determine whether dynamic registration should validate the remote JWK set if it''s defined in the request', '4.1', 'idp.oidc.OP', '3', 'no doc', 'shibboleth.Conditions.TRUE', 'idp.oidc.dynreg.validateRemoteJwks', 'SPRING_BEAN_ID', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('1', 'Core', 'idp.properties', 'Auto-load all files matching conf/**/*.properties', '4', null, null, null, 'true', 'idp.searchForProperties', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('5', 'RelyingPartyConfiguration', 'idp.properties', 'Whether to allow use of the SAML artifact bindings when sending messages', 'all', null, null, null, 'true', 'idp.artifact.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('6', 'RelyingPartyConfiguration', 'idp.properties', 'Whether preparation of messages to be communicated via SAML artifact should assume use of a secure channel (allowing signing and encryption to be skipped)', 'all', null, null, null, 'true', 'idp.artifact.secureChannel', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('9', 'RelyingPartyConfiguration', 'idp.properties', 'Controls whether the outbound binding selection is ordered by the SP''s metadata or the IdP''s preferred bindings (the inbuilt default order is Redirect -> POST -> Artifact -> SOAP). Set to false to leave artifact support on, but favor use of POST. Set also', '4.1', null, null, null, 'true', 'idp.bindings.inMetadataOrder', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('13', 'SecurityConfiguration', 'idp.properties', 'If true all cookies issued by the IdP (not including the container) will contain the HttpOnly property', 'all', null, null, null, 'true', 'idp.cookie.httpOnly', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('595', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The OAuth 2.0 Client Identifier valid at the Authorization Server', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.clientId', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('596', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Redirection URI to which the 2FA response will be sent', '4.1', 'idp.authn.DuoOIDC', '1', 'ex. https://:/idp/profile/Authn/Duo/2FA/duo-callback', null, 'idp.duo.oidc.redirectURL', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('592', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'saml2/http://example.org/ac/classes/mfa, saml1/http://example.org/ac/classes/mfa', 'idp.authn.DuoOIDC.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('597', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'If the idp.duo.oidc.redirectURL is not set one will be computed dynamically and checked against this list of allowed origins - to prevent Http Host Header injection.', '4.1', 'idp.authn.DuoOIDC', '1', null, null, 'idp.duo.oidc.redirecturl.allowedOrigins', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('599', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 health check endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/health_check', 'idp.duo.oidc.endpoint.health', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('600', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 token endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.endpoint.token', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('601', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo''s OAuth 2.0 authorization endpoint', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/authorize', 'idp.duo.oidc.endpoint.authorize', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('604', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The path component of the Duo token issuer. The full issuer string takes the format: HTTPS://+', '4.1', 'idp.authn.DuoOIDC', '1', null, '/oauth/v1/token', 'idp.duo.oidc.jwt.verifier.issuerPath', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('605', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'The result token JWT claim name that represents the username sent in the duo_uname field in the authorization request.', '4.1', 'idp.authn.DuoOIDC', '1', null, 'preferred_username', 'idp.duo.oidc.jwt.verifier.preferredUsername', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('607', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Duo AuthAPI hostname assigned to the integration', '4.1', 'idp.authn.DuoOIDC', '1', null, '%{idp.duo.oidc.apiHost}', 'idp.duo.oidc.nonbrowser.apiHost', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('611', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Name of HTTP request header for Duo AuthAPI device ID or name', '4.1', 'idp.authn.DuoOIDC', '1', null, 'X-Shibboleth-Duo-Device', 'idp.duo.oidc.nonbrowser.header.device', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('621', 'TOTP', 'authn/authn.properties', 'Name of request header to use for extracting non-browser submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'X-Shibboleth-TOTP', 'idp.authn.TOTP.headerName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('622', 'TOTP', 'authn/authn.properties', 'Name of HTML form field to use for locating browser-submitted token codes', '4.1', 'idp.authn.TOTP', '1', null, 'tokencode', 'idp.authn.TOTP.fieldName', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('623', 'TOTP', 'authn/authn.properties', 'Name of IdPAttribute to resolve to obtain token seeds for users', '4.1', 'idp.authn.TOTP', '1', null, 'tokenSeeds', 'idp.authn.TOTP.tokenSeedAttribute', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('636', 'TOTP', 'authn/authn.properties', 'Comma-delimited list of protocol-specific Principalstrings associated with flow', '4.1', 'idp.authn.TOTP', '1', null, 'saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken, saml1/urn:oasis:names:tc:SAML:1.0:am:HardwareToken', 'idp.authn.TOTP.supportedPrincipals', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('645', 'Metadatagen', 'mdgen.properties', 'Description for the IdP in the specified language. If this is absent for a language specified above then not is emitted for that language', '4.1', 'idp.metadatagen', '1', null, null, 'idp.metadata.idpsso.mdui.description.', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('365', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'Whether or not the previous property has access to unreleased attributes', 'all', null, null, null, 'true', 'idp.persistentId.useUnfilteredAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('150', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections in the background', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.pool.LDAP.validatePeriodically', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('142', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to use the Password Expired Control.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.usePasswordExpiration', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('614', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Pass client address to Duo in API calls to support logging', '4.1', 'idp.authn.DuoOIDC', '1', 'push display', 'true', 'idp.duo.oidc.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('140', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be resolved with the bindDN credentials rather than as the authenticated user.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryWithBindDN', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('129', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'How to establish trust in the server''s TLS certificate: one of jvmTrust, certificateTrust, or keyStoreTrust', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'certificateTrust', 'idp.authn.LDAP.sslConfig', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('125', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether StartTLS should be used after connecting with LDAP alone.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'true', 'idp.authn.LDAP.useStartTLS', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('149', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to validate connections when checking them out of the pool', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.pool.LDAP.validateOnCheckout', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('144', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the FreeIPA LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.freeIPADirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('143', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using Active Directory this switch will attempt to use the account states defined by AD. Note that this flag is unnecessary if you are using the ''adAuthenticator''. It is meant to be specified with one of the other authenticator types.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.activeDirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('146', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether connection pools should be used for LDAP authentication and DN resolution', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.disablePooling', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('145', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'If you are using the EDirectory LDAP this switch will attempt to use the account states defined by that product.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.eDirectory', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('126', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for the TCP connection to occur.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.connectTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('157', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls how connections in the bind pool are passivated. Connections in the bind pool may be in an authenticated state that will not allow validation searches to succeed. This property controls how bind connections are placed back into the pool. If your ', '4.0.1', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindPoolPassivator', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('128', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Connection strategy to use when multiple URLs are supplied: one of ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'ACTIVE_PASSIVE', 'idp.authn.LDAP.connectionStrategy', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('127', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Time to wait for an LDAP response message', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'PT3S', 'idp.authn.LDAP.responseTimeout', 'DURATION', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('123', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Controls the workflow for how authentication occurs against LDAP: one of anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'anonSearchAuthenticator', 'idp.authn.LDAP.authenticator', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('136', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'DN to bind with during search when using an LDAP.authenticator = bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.bindDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('139', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether the user''s LDAP entry should be returned in the authentication response even when the user bind fails.', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.resolveEntryOnFailure', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('133', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Base DN to search against when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.baseDN', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('132', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'List of attributes to request during authentication', 'all', null, null, 'Comma seperated list of values. The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.returnAttributes', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('135', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'LDAP search filter when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', null, 'idp.authn.LDAP.userFilter', 'STRING', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('134', 'LDAPAuthnConfiguration', 'authn/authn.properties', 'Whether to search recursively when using an LDAP.authenticator of anonSearchAuthenticator or bindSearchAuthenticator', 'all', null, null, 'The target file for the value depends on the version of Shibboleth being used:\n for v4: ldap.properties , for V4.1: authn/authn.properties', 'false', 'idp.authn.LDAP.subtreeSearch', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('62', 'StorageConfiguration', 'idp.properties', 'Whether storage errors during replay checks should be treated as a replay', 'all', null, null, null, 'true', 'idp.replayCache.strict', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('63', 'SessionConfiguration', 'idp.properties', 'Whether to enable the IdP''s session tracking feature', 'all', null, null, null, 'true', 'idp.session.enabled', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('67', 'SessionConfiguration', 'idp.properties', 'Whether to bind IdP sessions to IP addresses', 'all', null, null, null, 'true', 'idp.session.consistentAddress', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('78', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to enforce restrictions placed on further proxying of assertions from upstream IdPs when relying on proxied authentication', '4.1', null, null, null, 'true', 'idp.authn.proxyRestrictionsEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('80', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to populate information about the relying party into the tree for user interfaces during login and interceptors', 'all', null, null, null, 'true', 'idp.authn.rpui', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('94', 'ConsentConfiguration', 'idp.properties', 'Whether not remembering/storing consent is allowed', 'all', null, null, null, 'true', 'idp.consent.allowDoNotRemember', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('95', 'ConsentConfiguration', 'idp.properties', 'Whether consent to any attribute and to any relying party is allowed', 'all', null, null, null, 'true', 'idp.consent.allowGlobal', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('102', 'LogoutConfiguration', 'idp.properties', 'Whether to require signed logout messages in accordance with the SAML 2.0 standard', 'all', null, null, null, 'true', 'idp.logout.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('118', 'AuditLoggingConfiguration', 'services.properties', 'Set false if you want SAML bindings "spelled out" in audit log', 'all', null, null, null, 'true', 'idp.audit.shortenBindings', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('179', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.External', null, null, 'true', 'idp.authn.External.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('195', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUser', null, null, 'true', 'idp.authn.RemoteUser.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('196', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to check REMOTE_USER for a username', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.checkRemoteUser', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('199', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to trim leading and trailing whitespace from the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('220', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'true', 'idp.authn.RemoteUserInternal.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('646', 'OIDC OP', 'oidc.properties', 'Set false to preclude issuing unencrypted ID/UserInfo tokens without specific overrides', '4.1', 'idp.oidc.OP', '3', 'no doc', 'false', 'idp.oidc.encryptionOptional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('239', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.SPNEGO', null, null, 'true', 'idp.authn.SPNEGO.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('254', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.X509', null, null, 'true', 'idp.authn.X509.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('255', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to save the certificate into the Subject''s public credential set. Disable to reduce the size if not relying on the certificate for subject c14n.', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.saveCertificateToCredentialSet', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('269', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.X509Internal.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('283', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.IPAddress', null, null, 'true', 'idp.authn.IPAddress.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('297', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Function', null, null, 'true', 'idp.authn.Function.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('308', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Allow the factor to be defaulted to auto if no headers are received', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.auto', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('309', 'DuoAuthnConfiguration', 'authn/duo.properties', 'Pass client address to Duo in API calls to support logging, push display, and network-based Duo policies', '4.1', 'idp.authn.Duo', null, 'this sould be set in conf/authn/duo.properties due to the sensitivity of the secret key', 'true', 'idp.duo.nonbrowser.clientAddressTrusted', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('323', 'DuoAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.Duo', null, null, 'true', 'idp.authn.Duo.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('342', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', null, null, null, 'true', 'idp.authn.SAML.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('343', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether login flows should only be run with regard for forceAuthn/isPassive/nonBrowser (and similar) conditions', '4.1', null, null, null, 'true', 'idp.authn.MFA.validateLoginTransitions', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('357', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.authn.MFA', null, null, 'true', 'idp.authn.MFA.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('374', 'PersistentNameIDGenerationConfiguration', 'saml-nameid.properties', 'When true the connection and layout of the database is verified at bean initialization time and any failures are fatal.', '4.1', null, null, null, 'true', 'idp.persistentId.verifyDatabase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('386', 'ReloadableServices', 'services.properties', 'Fail at startup if logging configuration is invalid', 'all', null, null, null, 'true', 'idp.service.logging.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('395', 'ReloadableServices', 'services.properties', 'Disabling this turns off internal support for the ByReferenceFilter feature which provides a very small performance boost', 'all', null, null, null, 'true', 'idp.service.metadata.enableByReferenceFilters', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('409', 'ReloadableServices', 'services.properties', 'Whether attribute filtering failure should silently produce no attributes or causes an overall profile request failure event', 'all', null, null, null, 'true', 'idp.service.attribute.filter.maskFailures', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('414', 'ReloadableServices', 'services.properties', 'Fail at startup if AccessControlConfiguration is invalid', 'all', null, null, null, 'true', 'idp.service.access.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('460', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('463', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.hello.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('480', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'true', 'idp.unlock-keys.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('486', 'SimplePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.simple.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('489', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.attribute.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('496', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to trim leading and trailing whitespace from the username', '4.1', null, null, null, 'true', 'idp.c14n.x500.trim', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('551', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to remove the object holding the password from the request''s active state after validating it (to avoid it being preserved in the session any longer than needed)', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.removeAfterValidation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('557', 'OAuth2ClientAuthnConfiguration', 'oidc.properties', 'Whether to auto-attach the preceding set of Principal objects to each Subject produced by this flow', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.authn.OAuth2Client.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('562', 'OPDynamicClientRegistration', 'oidc.properties', 'Enables support for non-browser-based authentication', '4.1', 'idp.oidc.OP', '3', null, 'true', 'idp.oidc.admin.registration.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('583', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.authn.DuoOIDC.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('613', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Allow the factor to be defaulted in as "auto" if no headers are received', '4.1', 'idp.authn.DuoOIDC', '1', null, 'true', 'idp.duo.oidc.nonbrowser.auto', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('627', 'TOTP', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.TOTP', '1', null, 'true', 'idp.authn.TOTP.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('648', 'OIDC OP', 'oidc.properties', 'Regardless of what signing algorithms are configured allow none for request object signing', '4.1', 'idp.oidc.OP', '3', 'no doc', 'true', 'idp.oidc.dynreg.allowNoneForRequestSigning', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('83', 'AuthenticationConfiguration', 'authn/authn.properties', 'Whether to override an explicit element in an SP’s request with a configuration-imposed rule via the defaultAuthenticationMethods profile configuration setting. Note this is a violation of the SAML standard and is also a global set', '4', null, null, null, 'false', 'idp.authn.overrideRequestedAuthnContext', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('96', 'ConsentConfiguration', 'idp.properties', 'Whether per-attribute consent is allowed', 'all', null, null, null, 'false', 'idp.consent.allowPerAttribute', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('97', 'ConsentConfiguration', 'idp.properties', 'Whether attribute values and terms of use text are stored and compared for equality', 'all', null, null, null, 'false', 'idp.consent.compareValues', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('101', 'LogoutConfiguration', 'idp.properties', 'Whether to search metadata for user interface information associated with every service involved in logout propagation', 'all', null, null, null, 'false', 'idp.logout.elaboration', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('104', 'LogoutConfiguration', 'idp.properties', 'Processes arbitrary query parameters to the Simple Logout endpoint and stashes them in a ScratchContext for use by subsequent view logic', '4.1', null, null, null, 'false', 'idp.logout.preserveQuery', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('105', 'LogoutConfiguration', 'idp.properties', 'When true allows inbound SAML LogoutRequests to be processed even if the SP lacks metadata containing response endpoints', '4.2', null, null, null, 'false', 'idp.logout.assumeAsync', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('111', 'CasProtocolConfiguration', 'idp.properties', 'If true CAS services provisioned with SAML metadata are identified via entityID', 'all', null, null, null, 'false', 'idp.cas.relyingPartyIdFromMetadata', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('160', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', null, null, null, 'false', 'idp.authn.Krb5.refreshConfig', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('523', 'OPToken', 'oidc.properties', 'Whether client is allowed to use PKCE code challenge method plain', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.allowPKCEPlain', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('161', 'KerberosAuthnConfiguration', 'authn/authn.properties', 'Whether to preserve the resulting Kerberos TGT in the Java Subject''s private credential set', '4.1', null, null, null, 'false', 'idp.authn.Krb5.preserveTicket', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('167', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('168', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('169', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('171', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('172', 'ExternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.External', null, null, 'false', 'idp.authn.External.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('188', 'RemoteUserAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUser', null, null, 'false', 'idp.authn.RemoteUser.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('200', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to lowercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('201', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to uppercase the username before validating it', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('209', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('210', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('212', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('213', 'RemoteUserInternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.RemoteUserInternal', null, null, 'false', 'idp.authn.RemoteUserInternal.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('222', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to always try to run SPNEGO independent of the user''s auto-login setting', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.enforceRun', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('223', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to reload the underlying Kerberos configuration (generally in /etc/krb5.conf) on every login attempt', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.refreshKrbConfig', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('227', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('228', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('229', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('231', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('232', 'SPNEGOAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.SPNEGO', null, null, 'false', 'idp.authn.SPNEGO.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('246', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('247', 'X509AuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.X509', null, null, 'false', 'idp.authn.X509.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('257', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('258', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('259', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('261', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('262', 'X509InternalAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', null, null, null, 'false', 'idp.authn.X509Internal.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('273', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('275', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('276', 'IPAddressAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.IPAddress', null, null, 'false', 'idp.authn.IPAddress.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('285', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('286', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('287', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('289', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('290', 'FunctionAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.Function', null, null, 'false', 'idp.authn.Function.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('334', 'SAMLAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', null, null, null, 'false', 'idp.authn.SAML.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('345', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow should handle non-browser request profiles (e.g., ECP)', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('346', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('347', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow supports forced authentication', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.forcedAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('349', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether the flow considers itself to be proxying and therefore enforces SP signaled restrictions on proxying', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('350', 'MultiFactorAuthnConfiguration', 'authn/authn.properties', 'Whether to invoke IdP discovery prior to running flow', '4.1', 'idp.authn.MFA', null, null, 'false', 'idp.authn.MFA.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('420', 'ReloadableServices', 'services.properties', 'Fail at startup if ManagedBeanConfiguration is invalid', 'all', null, null, null, 'false', 'idp.service.managedBean.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('426', 'Status', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('427', 'Status', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.status.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('429', 'Status', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.status.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('436', 'MetadataReload', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.reload.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('440', 'AACLI', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('441', 'AACLI', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.resolvertest.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('443', 'AACLI', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.resolvertest.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('447', 'MetadataQuery', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('448', 'MetadataQuery', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.mdquery.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('450', 'MetadataQuery', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.mdquery.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('453', 'MetricsConfiguration', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('454', 'MetricsConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.metrics.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('456', 'MetricsConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.metrics.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('461', 'HelloWorldConfiguration', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.hello.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('467', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('468', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.lockout.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('470', 'AccountLockoutManagement', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.lockout.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('474', '?', 'admin/admin.properties', 'Whether authentication should be performed prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.authenticated', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('475', '?', 'admin/admin.properties', 'Whether the flow should allow for non-browser clients during authentication', '4.1', null, null, null, 'false', 'idp.storage.nonBrowserSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('477', 'AttendedRestartConfiguration', 'admin/admin.properties', 'Whether attributes should be resolved prior to access control evaluation', '4.1', null, null, null, 'false', 'idp.storage.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('487', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('488', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.attribute.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('492', 'AttributePostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to examine the input Subject for IdPAttributePrincipal objects to pull from directly instead of from the output of the Attribute Resolver service', '4.1', null, null, null, 'false', 'idp.c14n.attribute.resolveFromSubject', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('494', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('495', 'X500PostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.x500.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('499', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('500', 'SAML2ProxyTransformPostLoginC14NConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.proxy.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('501', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to lowercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.lowercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('502', 'NameIDConsumptionConfiguration', 'c14n/subject-c14n.properties', 'Whether to uppercase the username', '4.1', null, null, null, 'false', 'idp.c14n.saml.uppercase', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('525', 'OPAuthorization', 'oidc.properties', 'Whether to embed consent decisions in access/refresh tokens and authorization code to allow for client-side consent storage', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.encodeConsentInTokens', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('532', 'OPToken', 'oidc.properties', 'Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token.', '4.1', 'idp.oidc.OP', '3.2', null, 'false', 'idp.oauth2.enforceRefreshTokenRotation', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('534', 'OPToken', 'oidc.properties', 'Whether the absence of encryption details in a resource server’s metadata should fail when issuing an access token', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oauth2.encryptionOptional', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('564', 'OPDynamicClientRegistration', 'oidc.properties', 'Whether to resolve attributes if authentication is enabled', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.oidc.admin.registration.resolveAttributes', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('571', 'OPClientResolution', 'oidc.properties', 'If true any failures during initialization of any resolvers result in IdP startup failure', '4.1', 'idp.oidc.OP', '3', null, 'false', 'idp.service.clientinfo.failFast', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('582', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow allows for passive authentication', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.passiveAuthenticationSupported', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('585', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.DuoOIDC', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.DuoOIDC.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('586', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('593', 'DuoOIDCAuthnConfiguration', 'authn/duo-oidc.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.DuoOIDC', '1', null, 'false', 'idp.authn.DuoOIDC.addDefaultPrincipals', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('629', 'TOTP', 'authn/authn.properties', 'Whether the flow considers itself to be proxying', '4.1', 'idp.authn.TOTP', '1', 'and therefore enforces SP-signaled restrictions on proxying', 'false', 'idp.authn.TOTP.proxyScopingEnforced', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('630', 'TOTP', 'authn/authn.properties', 'Whether to invoke IdP-discovery prior to running flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.discoveryRequired', 'BOOLEAN', null, null); -INSERT INTO public.shib_configuration_prop (resource_id, category, config_file, description, idp_version, module, module_version, note, default_value, property_name, property_type, selection_items, property_value) VALUES ('637', 'TOTP', 'authn/authn.properties', 'Whether to auto-attach the preceding set ofPrincipalobjects to eachSubjectproduced by this flow', '4.1', 'idp.authn.TOTP', '1', null, 'false', 'idp.authn.TOTP.addDefaultPrincipals', 'BOOLEAN', null, null); \ No newline at end of file From f7ef7669f75f2cc4e0ebf4bf4c0bf978e64387ba Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 23 Aug 2022 10:35:56 -0700 Subject: [PATCH 31/63] Updated POC --- ui/public/assets/data/configurations.json | 6 +++ ui/public/assets/data/properties.json | 1 - ui/src/app/admin/IdpConfiguration.js | 4 +- .../app/admin/component/ConfigurationForm.js | 48 +++++++++++-------- .../app/admin/container/ConfigurationList.js | 16 +++---- .../app/admin/hoc/ConfigurationsProvider.js | 2 +- ui/src/app/admin/hooks.js | 2 +- 7 files changed, 47 insertions(+), 32 deletions(-) create mode 100644 ui/public/assets/data/configurations.json delete mode 100644 ui/public/assets/data/properties.json diff --git a/ui/public/assets/data/configurations.json b/ui/public/assets/data/configurations.json new file mode 100644 index 000000000..82d601b1e --- /dev/null +++ b/ui/public/assets/data/configurations.json @@ -0,0 +1,6 @@ +[ + { + "resourceId": "foo", + "name": "Configuration 1" + } +] \ No newline at end of file diff --git a/ui/public/assets/data/properties.json b/ui/public/assets/data/properties.json deleted file mode 100644 index 0637a088a..000000000 --- a/ui/public/assets/data/properties.json +++ /dev/null @@ -1 +0,0 @@ -[] \ No newline at end of file diff --git a/ui/src/app/admin/IdpConfiguration.js b/ui/src/app/admin/IdpConfiguration.js index 621b54e71..6f774d9ea 100644 --- a/ui/src/app/admin/IdpConfiguration.js +++ b/ui/src/app/admin/IdpConfiguration.js @@ -14,8 +14,8 @@ export function IdpConfiguration() { - {(properties, onDelete) => - + {(configurations, onDelete) => + } } /> diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 7229a27c3..3f30f6445 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -9,6 +9,8 @@ import { ToggleButton } from '../../form/component/ToggleButton'; import { useProperties, usePropertiesLoading } from '../hoc/PropertiesProvider'; import { groupBy } from 'lodash'; import { useCallback } from 'react'; +import Form from 'react-bootstrap/Form'; +import FloatingLabel from 'react-bootstrap/FloatingLabel'; export function ConfigurationForm({ configuration = {}, errors = [], schema, onSave, onCancel }) { @@ -140,26 +142,34 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS
- - - - - - - - - - - {config.properties.map((p, idx) => ( - - - - - + +
PropertyCategoryTypeValue
{ p.propertyName }
+ + + + + + - ))} - -
PropertyCategoryTypeValue
+ + + {config.properties.map((p, idx) => ( + + { p.propertyName } + { p.category } + { p.displayType } + + + + + + + ))} + + +
diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js index 300aab019..15351312c 100644 --- a/ui/src/app/admin/container/ConfigurationList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -1,5 +1,5 @@ import React from 'react'; -import { faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { faDownload, faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import Button from 'react-bootstrap/Button'; @@ -9,7 +9,7 @@ import { Translate } from '../../i18n/components/translate'; import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; -export function ConfigurationList({ properties, onDelete }) { +export function ConfigurationList({ configurations, onDelete }) { const remove = (id) => { onDelete(id); @@ -44,18 +44,18 @@ export function ConfigurationList({ properties, onDelete }) { - {(properties?.length > 0) ? properties.map((property, i) => + {(configurations?.length > 0) ? configurations.map((c, i) => - {property.name} + {c.name} - - + + - Edit + Download - + ))} diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js index 15351312c..fcad47048 100644 --- a/ui/src/app/admin/container/ConfigurationList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -49,17 +49,13 @@ export function ConfigurationList({ configurations, onDelete }) { {c.name} - + - - Download - +   Download - From 2813d25d8e889ba6002b3632a835fa5f23ef9802 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Mon, 29 Aug 2022 13:25:22 -0700 Subject: [PATCH 34/63] Updated configuration builder --- ui/package-lock.json | 14 +- ui/package.json | 2 +- ui/public/assets/data/configuration.json | 29 +++ .../app/admin/component/ConfigurationForm.js | 174 +++++++----------- .../app/admin/component/PropertySelector.js | 92 +++++++++ .../app/admin/container/ConfigurationList.js | 12 +- .../app/admin/container/EditConfiguration.js | 76 ++++---- .../app/admin/container/NewConfiguration.js | 30 ++- .../app/admin/hoc/ConfigurationsProvider.js | 2 +- ui/src/app/admin/hoc/PropertiesProvider.js | 4 +- ui/src/app/admin/hooks.js | 8 +- ui/src/theme/project/configuration.scss | 11 ++ ui/src/theme/project/index.scss | 1 + 13 files changed, 271 insertions(+), 184 deletions(-) create mode 100644 ui/public/assets/data/configuration.json create mode 100644 ui/src/app/admin/component/PropertySelector.js create mode 100644 ui/src/theme/project/configuration.scss diff --git a/ui/package-lock.json b/ui/package-lock.json index 0cc5f3665..2083b22a0 100644 --- a/ui/package-lock.json +++ b/ui/package-lock.json @@ -25,7 +25,7 @@ "react-bootstrap": "^2.3.0", "react-bootstrap-typeahead": "^5.1.4", "react-dom": "^18.0.0", - "react-hook-form": "^7.30.0", + "react-hook-form": "^7.34.0", "react-infinite-scroll-component": "^6.1.0", "react-router": "^5.1.0", "react-router-dom": "^5.1.0", @@ -13536,9 +13536,9 @@ "dev": true }, "node_modules/react-hook-form": { - "version": "7.30.0", - "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.30.0.tgz", - "integrity": "sha512-DzjiM6o2vtDGNMB9I4yCqW8J21P314SboNG1O0obROkbg7KVS0I7bMtwSdKyapnCPjHgnxc3L7E5PEdISeEUcQ==", + "version": "7.34.2", + "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.34.2.tgz", + "integrity": "sha512-1lYWbEqr0GW7HHUjMScXMidGvV0BE2RJV3ap2BL7G0EJirkqpccTaawbsvBO8GZaB3JjCeFBEbnEWI1P8ZoLRQ==", "engines": { "node": ">=12.22.0" }, @@ -26712,9 +26712,9 @@ "dev": true }, "react-hook-form": { - "version": "7.30.0", - "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.30.0.tgz", - "integrity": "sha512-DzjiM6o2vtDGNMB9I4yCqW8J21P314SboNG1O0obROkbg7KVS0I7bMtwSdKyapnCPjHgnxc3L7E5PEdISeEUcQ==", + "version": "7.34.2", + "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.34.2.tgz", + "integrity": "sha512-1lYWbEqr0GW7HHUjMScXMidGvV0BE2RJV3ap2BL7G0EJirkqpccTaawbsvBO8GZaB3JjCeFBEbnEWI1P8ZoLRQ==", "requires": {} }, "react-infinite-scroll-component": { diff --git a/ui/package.json b/ui/package.json index 25cc8cd8a..b32a48b1d 100644 --- a/ui/package.json +++ b/ui/package.json @@ -21,7 +21,7 @@ "react-bootstrap": "^2.3.0", "react-bootstrap-typeahead": "^5.1.4", "react-dom": "^18.0.0", - "react-hook-form": "^7.30.0", + "react-hook-form": "^7.34.0", "react-infinite-scroll-component": "^6.1.0", "react-router": "^5.1.0", "react-router-dom": "^5.1.0", diff --git a/ui/public/assets/data/configuration.json b/ui/public/assets/data/configuration.json new file mode 100644 index 000000000..82e86dd4d --- /dev/null +++ b/ui/public/assets/data/configuration.json @@ -0,0 +1,29 @@ +{ + "resourceId": 11, + "name": "setname1", + "properties": [ + { + "resourceId":"577", + "category":"OPSubClaim", + "configFile":"oidc.properties", + "description":"The source attribute used in generating the sub claim", + "idpVersion":"4.1", + "module":"idp.oidc.OP", + "moduleVersion":"3", + "propertyName":"idp.oidc.subject.sourceAttribute", + "displayType":"string", + "propertyValue": "foo" + }, + { + "resourceId": "393", + "category": "ReloadableServices", + "configFile": "services.properties", + "defaultValue": "false", + "description": "Fail at startup if MetadataConfiguration is invalid", + "idpVersion": "all", + "propertyName": "idp.service.metadata.failFast", + "displayType": "boolean", + "propertyValue": "true" + } + ] +} diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index ff890a6a2..9db9756da 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -1,74 +1,34 @@ -import React, { Fragment } from 'react'; +import React from 'react'; import Button from 'react-bootstrap/Button'; +import { useFieldArray, useForm } from 'react-hook-form'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner, faSave, faTrash } from '@fortawesome/free-solid-svg-icons'; -import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; + import Translate from '../../i18n/components/translate'; -import { ToggleButton } from '../../form/component/ToggleButton'; +import PropertySelector from './PropertySelector'; import { useProperties, usePropertiesLoading } from '../hoc/PropertiesProvider'; -import { groupBy } from 'lodash'; -import { useCallback } from 'react'; + import Form from 'react-bootstrap/Form'; import FloatingLabel from 'react-bootstrap/FloatingLabel'; -export function ConfigurationForm({ configuration = {}, errors = [], schema, onSave, onCancel }) { - - const properties = useProperties(); - const loading = usePropertiesLoading(); +export function ConfigurationForm({ configuration = {}, schema, onSave, onCancel }) { - const select = (data) => { - console.log(data); - setSelected(data); - }; + const { control, register, getValues, watch, formState: { errors } } = useForm({ + defaultValues: { + ...configuration + } + }); - const [selected, setSelected] = React.useState([]); + const { fields, prepend, remove } = useFieldArray({ + control, + name: "properties", + }); - const [config, setConfig] = React.useState({ name: '', properties: [] }); - - // config.properties.filter(p => p.category === item.category).length === properties.filter(p => p.category === item.category).length - - const menu = useCallback((results, menuProps, state) => { - let index = 0; - const mapped = results.map(p => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); - const grouped = groupBy(mapped, 'category'); - const items = Object.keys(grouped).sort().map((item) => ( - - {index !== 0 && } - - - {item} - Add all - - - {grouped[item].map((i) => { - const item = - p.propertyName === i.propertyName) }> - - {`- ${i.propertyName}`} - - ; - index += 1; - return item; - })} - - )); - - return {items}; - }, [config.properties]); - - const token = (option, { onRemove }, index) => ( - - {`${option.propertyName}`} - - ); + const properties = useProperties(); + const loading = usePropertiesLoading(); const addProperties = (props) => { - const parsed = props.reduce((coll, prop, idx) => { if (prop.isCategory) { return [...coll, ...properties.filter(p => p.category === prop.category)]; @@ -77,17 +37,20 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS } }, []); - setConfig({ - ...config, - properties: [ - ...config.properties, - ...parsed, - ] - }); - setSelected([]); + prepend(parsed); }; - React.useEffect(() => console.log(selected), [selected]); + const saveConfig = (formValues) => { + const parsed = formValues.properties.map(p => ({ + propertyName: p.propertyName, + propertyValue: p.propertyValue, + configFile: p.configFile, + })); + onSave({ + ...formValues, + properties: parsed + }); + }; return (<>
@@ -95,7 +58,7 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS
-
-
-
-
- - select(selected)} - options={[...properties]} - selected={selected} - labelKey={option => `${option.propertyName}`} - filterBy={['propertyName', 'category', 'displayType']} - renderMenu={ menu } - multiple={ true } - renderToken={ token } - > - {({ isMenuShown, toggleMenu }) => ( - toggleMenu()}> - Options - - )} - +
+
+
+ + Name + + +
+
+
+
+
+
-
-
-
-
-
- +
+
+
@@ -154,20 +102,27 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS - {config.properties.map((p, idx) => ( - + {fields.map((p, idx) => ( +
{ p.propertyName } { p.category } { p.displayType } - - - + {p.displayType !== 'boolean' ? + + + + : + + } - @@ -176,10 +131,9 @@ export function ConfigurationForm({ configuration = {}, errors = [], schema, onS ))}
- +
-
+
) -} -/**/ \ No newline at end of file +} \ No newline at end of file diff --git a/ui/src/app/admin/component/PropertySelector.js b/ui/src/app/admin/component/PropertySelector.js new file mode 100644 index 000000000..44cdfd085 --- /dev/null +++ b/ui/src/app/admin/component/PropertySelector.js @@ -0,0 +1,92 @@ +import React, { Fragment, useCallback } from 'react'; +import { groupBy } from 'lodash'; +import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; +import Button from 'react-bootstrap/Button'; + +import { ToggleButton } from '../../form/component/ToggleButton'; + +export function PropertySelector ({ properties, options, onAddProperties }) { + + // React.useEffect(() => console.log(properties), [properties]); + + const menu = useCallback((results, menuProps, state) => { + let index = 0; + const mapped = results.map(p => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); + const grouped = groupBy(mapped, 'category'); + const items = Object.keys(grouped).sort().map((item) => ( + + {index !== 0 && } + + + {item} - Add all + + + {grouped[item].map((i) => { + const item = + p.propertyName === i.propertyName) }> + + {`- ${i.propertyName}`} + + ; + index += 1; + return item; + })} + + )); + + return {items}; + }, [properties]); + + const token = (option, { onRemove }, index) => ( + + {`${option.propertyName}`} + + ); + + const select = (data) => { + setSelected(data); + }; + + const [selected, setSelected] = React.useState([]); + + const add = (s) => { + onAddProperties(s); + setSelected([]); + } + + return ( + +
+ + select(selected)} + options={[...options]} + selected={selected} + labelKey={option => `${option.propertyName}`} + filterBy={['propertyName', 'category', 'displayType']} + renderMenu={ menu } + multiple={ true } + renderToken={ token } + > + {({ isMenuShown, toggleMenu }) => ( + toggleMenu()}> + Options + + )} + +
+ + + ) +} + +export default PropertySelector; \ No newline at end of file diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js index fcad47048..4acffc1c2 100644 --- a/ui/src/app/admin/container/ConfigurationList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -1,5 +1,5 @@ import React from 'react'; -import { faDownload, faEdit, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { faDownload, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import Button from 'react-bootstrap/Button'; @@ -46,13 +46,17 @@ export function ConfigurationList({ configurations, onDelete }) { {(configurations?.length > 0) ? configurations.map((c, i) => - {c.name} + + + {c.name} + + - +
diff --git a/ui/src/app/admin/container/NewConfiguration.js b/ui/src/app/admin/container/NewConfiguration.js index d2ece36a9..a358c1f84 100644 --- a/ui/src/app/admin/container/NewConfiguration.js +++ b/ui/src/app/admin/container/NewConfiguration.js @@ -21,11 +21,11 @@ export function NewConfiguration() { const [blocking, setBlocking] = React.useState(false); - async function save(property) { + async function save(config) { let toast; - const resp = await post(``, property); + const resp = await post(``, config); if (response.ok) { - gotoDetail({ refresh: true }); + gotoList({ refresh: true }); toast = createNotificationAction(`Added property successfully.`, NotificationTypes.SUCCESS); } else { toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); @@ -36,14 +36,16 @@ export function NewConfiguration() { }; const cancel = () => { - gotoDetail(); + gotoList(); }; - const gotoDetail = (state = null) => { + const gotoList = (state = null) => { setBlocking(false); - history.push(`/properties`, state); + history.push(`/configurations`, state); }; + const [configuration] = React.useState({}); + return (
{(schema) => - - {(data, errors) => - save(data)} - onCancel={() => cancel()} />} - } + save(data)} + onCancel={() => cancel()} />}
diff --git a/ui/src/app/admin/hoc/ConfigurationsProvider.js b/ui/src/app/admin/hoc/ConfigurationsProvider.js index 661c00d80..aa23ddd45 100644 --- a/ui/src/app/admin/hoc/ConfigurationsProvider.js +++ b/ui/src/app/admin/hoc/ConfigurationsProvider.js @@ -15,7 +15,7 @@ export function ConfigurationsProvider({ children, cache = 'no-cache' }) { }); async function loadConfigurations() { - const list = await get(`assets/data/configurations.json`); + const list = await get(`shib/property/set`); if (response.ok) { setConfigurations(list); } diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js index 55dde0696..bf62be7cc 100644 --- a/ui/src/app/admin/hoc/PropertiesProvider.js +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -1,8 +1,6 @@ import React from 'react'; import useFetch from 'use-http'; -import API_BASE_PATH, { BASE_PATH } from '../../App.constant'; -import has from 'lodash/has'; -import { groupBy } from 'lodash'; +import API_BASE_PATH from '../../App.constant'; const PropertiesContext = React.createContext(); diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index 50f0b51c7..11184e55e 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -1,7 +1,7 @@ import useFetch from 'use-http'; import isNil from 'lodash/isNil'; import {isValidRegex} from '../core/utility/is_valid_regex'; -import API_BASE_PATH, { BASE_PATH } from '../App.constant'; +import API_BASE_PATH from '../App.constant'; export function useGroups (opts = { cachePolicy: 'no-cache' }) { return useFetch(`${API_BASE_PATH}/admin/groups`, opts); @@ -48,11 +48,11 @@ export function useRoleUiSchema() { } export function useConfigurations (opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${BASE_PATH}/`, opts); + return useFetch(`${API_BASE_PATH}/`, opts); } -export function useConfiguration(id, opts = { cachePolicy: 'no-cache' }) { - return useFetch(`${API_BASE_PATH}/admin/configuration/${id}`, opts); +export function useConfiguration(opts = { cachePolicy: 'no-cache' }) { + return useFetch(`${API_BASE_PATH}/shib/property/set`, opts); } export function useConfigurationUiSchema () { diff --git a/ui/src/theme/project/configuration.scss b/ui/src/theme/project/configuration.scss new file mode 100644 index 000000000..0da05f1ff --- /dev/null +++ b/ui/src/theme/project/configuration.scss @@ -0,0 +1,11 @@ +#property-selector { + .dropdown-header { + padding-right: 0rem; + padding-left: 0rem; + font-size: 1rem; + + .dropdown-item { + font-weight: bold; + } + } +} \ No newline at end of file diff --git a/ui/src/theme/project/index.scss b/ui/src/theme/project/index.scss index 6d0de6f9a..fd2b6a070 100644 --- a/ui/src/theme/project/index.scss +++ b/ui/src/theme/project/index.scss @@ -14,6 +14,7 @@ @import './notifications'; @import './filters'; @import './typeahead'; +@import './configuration'; html, body { height: 100%; From 58fa44542e2b15b5ad117039599c8e0a37834489 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 29 Aug 2022 14:45:49 -0700 Subject: [PATCH 35/63] NOJIRA fixed typo --- .../admin/ui/controller/ShibPropertiesController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index b5895db41..f90392108 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -58,7 +58,7 @@ public ResponseEntity getAllPropertySets() { return ResponseEntity.ok(service.getAllPropertySets()); } - @GetMapping(value="/property/set/{resourceId}", produces="applcation/json") + @GetMapping(value="/property/set/{resourceId}", produces="application/json") @Transactional(readOnly = true) @Operation(description = "Return the property set with the given resourceId", summary = "Return the property set with the given resourceId", method = "GET") From f0211d05a7f14aee4efeeeb647dc07dba9f90783 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Mon, 29 Aug 2022 15:14:28 -0700 Subject: [PATCH 36/63] NOJIRA fixed typo --- .../admin/ui/controller/ShibPropertiesController.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index b5895db41..f90392108 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -58,7 +58,7 @@ public ResponseEntity getAllPropertySets() { return ResponseEntity.ok(service.getAllPropertySets()); } - @GetMapping(value="/property/set/{resourceId}", produces="applcation/json") + @GetMapping(value="/property/set/{resourceId}", produces="application/json") @Transactional(readOnly = true) @Operation(description = "Return the property set with the given resourceId", summary = "Return the property set with the given resourceId", method = "GET") From 61d05800a03a44b7a6fa39a635faa7caeaa1fe6a Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 30 Aug 2022 09:52:46 -0700 Subject: [PATCH 37/63] SHIBUI-2270 Adding export file as a single property file option --- .../controller/ShibPropertiesController.java | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index f90392108..b613c2b4f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -76,6 +76,16 @@ public ResponseEntity getPropertySetAsZip(@PathVariable Integer resourceId) t return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZip(convertPropertiesToMaps(set.getProperties()))); } + @GetMapping(value="/property/set/{resourceId}/onefile", produces="application/zip") + @Transactional(readOnly = true) + @Operation(description = "Return the property set with the given resourceId as a zip file of a single properties files", + summary = "Return the property set with the given resourceId as a zip file of a single properties files", method = "GET") + public ResponseEntity getPropertySetOneFileAsZip(@PathVariable Integer resourceId) throws EntityNotFoundException, IOException { + ShibPropertySet set = service.getSet(resourceId); + StringBuilder sb = new StringBuilder("attachment; filename=\"").append(set.getName()).append(".zip\""); + return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZipWithSingleFile(convertPropertiesToMaps(set.getProperties()))); + } + private Map> convertPropertiesToMaps(List properties) { HashMap> result = new HashMap<>(); for (ShibPropertySetting setting:properties){ @@ -90,6 +100,25 @@ private Map> convertPropertiesToMaps(List> propertiesFiles) throws IOException { + ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); + ZipOutputStream zipOutputStream = new ZipOutputStream(byteOutputStream); + zipOutputStream.putNextEntry(new ZipEntry("shibboleth.properties")); + + for (String filename : propertiesFiles.keySet()) { + Map properties = propertiesFiles.get(filename); + StringBuilder props = new StringBuilder(); + for (String key : properties.keySet()) { + props.append(key).append("=").append(properties.get(key)).append("\n"); + } + ByteArrayInputStream inputStream = new ByteArrayInputStream(props.toString().getBytes()); + IOUtils.copy(inputStream, zipOutputStream); + } + zipOutputStream.closeEntry(); + zipOutputStream.close(); + return byteOutputStream.toByteArray(); + } + private byte[] prepDownloadAsZip(Map> propertiesFiles) throws IOException { ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream(); ZipOutputStream zipOutputStream = new ZipOutputStream(byteOutputStream); From 0e0eff995a2ea0d7846b0bd435b6554c1239f0b9 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 30 Aug 2022 09:59:56 -0700 Subject: [PATCH 38/63] Added spinners --- .../app/admin/component/ConfigurationForm.js | 11 ++++--- .../app/admin/container/ConfigurationList.js | 29 +++++++++++++------ .../app/admin/container/EditConfiguration.js | 22 ++++++++------ 3 files changed, 40 insertions(+), 22 deletions(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index e48062f01..61e82dba6 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -7,12 +7,12 @@ import { faSpinner, faSave, faTrash } from '@fortawesome/free-solid-svg-icons'; import Translate from '../../i18n/components/translate'; import PropertySelector from './PropertySelector'; -import { useProperties, usePropertiesLoading } from '../hoc/PropertiesProvider'; +import { useProperties } from '../hoc/PropertiesProvider'; import Form from 'react-bootstrap/Form'; import FloatingLabel from 'react-bootstrap/FloatingLabel'; -export function ConfigurationForm({ configuration = {}, schema, onSave, onCancel }) { +export function ConfigurationForm({ configuration = {}, loading, onSave, onCancel }) { const { control, register, getValues, watch, formState: { errors } } = useForm({ defaultValues: { @@ -26,7 +26,6 @@ export function ConfigurationForm({ configuration = {}, schema, onSave, onCancel }); const properties = useProperties(); - const loading = usePropertiesLoading(); const addProperties = (props) => { const parsed = props.reduce((coll, prop, idx) => { @@ -52,6 +51,8 @@ export function ConfigurationForm({ configuration = {}, schema, onSave, onCancel }); }; + React.useEffect(() => console.log(configuration), [configuration]); + return (<>
@@ -66,7 +67,9 @@ export function ConfigurationForm({ configuration = {}, schema, onSave, onCancel diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js index 4acffc1c2..527f65c50 100644 --- a/ui/src/app/admin/container/ConfigurationList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -1,15 +1,16 @@ import React from 'react'; -import { faDownload, faPlusCircle, faTrash } from '@fortawesome/free-solid-svg-icons'; +import { faDownload, faEdit, faPlusCircle, faSpinner, faTrash } from '@fortawesome/free-solid-svg-icons'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import Button from 'react-bootstrap/Button'; +import ButtonGroup from 'react-bootstrap/ButtonGroup'; import { Link } from 'react-router-dom'; import { Translate } from '../../i18n/components/translate'; import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; -export function ConfigurationList({ configurations, onDelete }) { +export function ConfigurationList({ configurations, onDelete, loading }) { const remove = (id) => { onDelete(id); @@ -19,6 +20,11 @@ export function ConfigurationList({ configurations, onDelete }) { {(block) =>
+ {loading ? +
+ +
+ :
@@ -52,16 +58,20 @@ export function ConfigurationList({ configurations, onDelete }) { - - - + + + +   Edit + + - + ) : @@ -73,6 +83,7 @@ export function ConfigurationList({ configurations, onDelete }) {
+ }
} diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js index 7ff66b46d..692c353c9 100644 --- a/ui/src/app/admin/container/EditConfiguration.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -10,6 +10,8 @@ import { createNotificationAction, NotificationTypes, useNotificationDispatcher import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; import { PropertiesProvider } from '../hoc/PropertiesProvider'; +import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; +import { faSpinner } from '@fortawesome/free-solid-svg-icons'; export function EditConfiguration() { const history = useHistory(); @@ -73,17 +75,19 @@ export function EditConfiguration() {
+ {loading ? +
+ +
+ : - - {(schema) => - save(data)} - onCancel={() => cancel()} />} - + {configuration && save(data)} + onCancel={() => cancel()} /> } + }
From 0563ebdfc03b3c5f5adc08bc549e1334b28f4025 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 30 Aug 2022 10:42:04 -0700 Subject: [PATCH 39/63] Fixed label --- backend/src/main/resources/i18n/messages.properties | 1 + ui/src/app/admin/container/EditConfiguration.js | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index ddfa6947f..19ab8999c 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -538,6 +538,7 @@ label.role=Role label.configuration-management=Manage Shibboleth configurations label.configuration-name=Shibboleth configuration sets label.new-configuration=Create new configuration set +label.edit-configuration=Edit configuration set message.delete-role-title=Delete Role? diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js index 692c353c9..bad543b69 100644 --- a/ui/src/app/admin/container/EditConfiguration.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -70,7 +70,7 @@ export function EditConfiguration() {
- Create new configuration set + Edit configuration set
From d7228d00018041bb48287e4ad95b06d687395729 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 30 Aug 2022 11:49:16 -0700 Subject: [PATCH 40/63] SHIBUI-2270 Adding category and dsiplay type --- .../ui/domain/shib/properties/ShibPropertySetting.java | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java index 2fa85ff2b..1fd4d73fd 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java @@ -26,4 +26,10 @@ public class ShibPropertySetting { @Column private String propertyValue; + @Column + private String category; + + @Column + private String displayType; + } \ No newline at end of file From 0e7c7aa75d0c938da7c170c685a30a0923f084d6 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 30 Aug 2022 11:52:42 -0700 Subject: [PATCH 41/63] SHIBUI-2270 Adding category and dsiplay type --- .../admin/ui/service/ShibConfigurationServiceImpl.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index 74d9e3637..1c3c2a513 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -118,8 +118,11 @@ private ShibPropertySet save(ShibPropertySet incomingPropSet) { } else { // get the entity from the map, update it, save to update list ShibPropertySetting updatedEntity = existingPropMap.get(prop.getPropertyName()); + // the value is really the only thing that should change... updatedEntity.setConfigFile(prop.getConfigFile()); updatedEntity.setPropertyValue(prop.getPropertyValue()); + updatedEntity.setCategory(prop.getCategory()); + updatedEntity.setDisplayType(prop.getDisplayType()); propertiesToUpdate.add(shibPropertySettingRepository.save(updatedEntity)); } }); From b108413603eb5d4c54689f865a66775d839b3b9b Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 31 Aug 2022 11:46:08 -0700 Subject: [PATCH 42/63] Implemented download buttons --- .../main/resources/i18n/messages.properties | 16 +++++ .../app/admin/component/ConfigurationForm.js | 36 ++++++---- .../app/admin/component/PropertySelector.js | 2 +- .../app/admin/container/ConfigurationList.js | 71 +++++++++++++++++-- .../app/admin/container/EditConfiguration.js | 2 - .../app/admin/hoc/ConfigurationsProvider.js | 2 +- ui/src/app/admin/hooks.js | 8 ++- .../{download_as_xml.js => download_as.js} | 7 +- .../app/core/utility/download_as_xml.test.js | 2 +- .../app/metadata/hoc/FilterTargetPreview.js | 2 +- ui/src/app/metadata/view/MetadataXml.js | 2 +- ui/src/theme/project/forms.scss | 4 ++ 12 files changed, 123 insertions(+), 31 deletions(-) rename ui/src/app/core/utility/{download_as_xml.js => download_as.js} (54%) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 19ab8999c..816a0bf80 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -757,6 +757,22 @@ tooltip.role-description=A description of the purpose of the role. tooltip.contact-information=Add a contact to organization information. Contacts provide information about how to contact the organization responsible for standing up the entity. +tooltip.download-single-config=Putting all the properties in one file can make it easier for deploying or moving among environments. +tooltip.download-multi-config=Putting the properties into individual files will follow the distribution layout and more closely align with the Shibboleth wiki page sections describing each property. +action.download-single-config=Single file +action.download-multi-config=Separated files +label.download-config=Downloads +message.configurations-none=No configurations defined. +label.configuration-name=Name +label.configuration-name-placeholder=Enter name +label.configuration-property=Property +label.configuration-category=Category +label.configuration-type=Type +label.configuration-value=Value +label.configuration-action=Action +message.delete-property-title=Delete Configuration? +message.delete-property-body=You are requesting to delete a configuration set. If you complete this process the set will be removed. This cannot be undone. Do you wish to continue? + label.external-description=Description tooltip.external-description=A brief description of the purpose of this filter. diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 61e82dba6..87a8739dc 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -11,6 +11,7 @@ import { useProperties } from '../hoc/PropertiesProvider'; import Form from 'react-bootstrap/Form'; import FloatingLabel from 'react-bootstrap/FloatingLabel'; +import { useTranslator } from '../../i18n/hooks'; export function ConfigurationForm({ configuration = {}, loading, onSave, onCancel }) { @@ -20,7 +21,7 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance } }); - const { fields, prepend, remove } = useFieldArray({ + const { fields, append, remove } = useFieldArray({ control, name: "properties", }); @@ -36,7 +37,7 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance } }, []); - prepend(parsed); + append(parsed); }; const saveConfig = (formValues) => { @@ -44,6 +45,8 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance propertyName: p.propertyName, propertyValue: p.propertyValue, configFile: p.configFile, + category: p.category, + displayType: p.displayType })); onSave({ ...formValues, @@ -51,7 +54,7 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance }); }; - React.useEffect(() => console.log(configuration), [configuration]); + const translator = useTranslator(); return (<>
@@ -79,8 +82,8 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance
- Name - + Name +
@@ -97,11 +100,11 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance - - - - - + + + + + @@ -114,20 +117,23 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance {p.displayType !== 'boolean' ? - + label={translator('label.configuration-value')}> + : } - diff --git a/ui/src/app/admin/component/PropertySelector.js b/ui/src/app/admin/component/PropertySelector.js index 44cdfd085..976e0d220 100644 --- a/ui/src/app/admin/component/PropertySelector.js +++ b/ui/src/app/admin/component/PropertySelector.js @@ -82,7 +82,7 @@ export function PropertySelector ({ properties, options, onAddProperties }) { diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js index 527f65c50..688535642 100644 --- a/ui/src/app/admin/container/ConfigurationList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -4,11 +4,17 @@ import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import Button from 'react-bootstrap/Button'; import ButtonGroup from 'react-bootstrap/ButtonGroup'; +import Popover from 'react-bootstrap/Popover'; import { Link } from 'react-router-dom'; import { Translate } from '../../i18n/components/translate'; import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; +import OverlayTrigger from 'react-bootstrap/esm/OverlayTrigger'; +import { useTranslator } from '../../i18n/hooks'; +import useFetch from 'use-http'; +import API_BASE_PATH from '../../App.constant'; +import { downloadAsZip } from '../../core/utility/download_as'; export function ConfigurationList({ configurations, onDelete, loading }) { @@ -16,6 +22,25 @@ export function ConfigurationList({ configurations, onDelete, loading }) { onDelete(id); } + const translate = useTranslator(); + + const downloader = useFetch(`${API_BASE_PATH}/shib/property/set`, { + cachePolicy: 'no-cache', + headers: { + 'Content-Type': 'application/zip', + 'Accept': 'application/zip' + } + }); + + const download = async (id, type) => { + await downloader.get(`/${id}${ type === 'single' ? '/onefile' : '' }`); + const file = await downloader.response.blob(); + if (downloader.response.ok) { + downloadAsZip('configuration', file); + console.log(file); + } + }; + return ( {(block) => @@ -46,7 +71,12 @@ export function ConfigurationList({ configurations, onDelete, loading }) { - + + @@ -57,17 +87,42 @@ export function ConfigurationList({ configurations, onDelete, loading }) { {c.name} + ) : - + }
PropertyCategoryTypeValueActionPropertyCategoryTypeValueAction
+
Configuration Name (label) Actions + Download + + Actions +
+
+ + + + + )} + aria-label={translate('')}> + + +
+ + + + )} + aria-label={translate('')}> + + + {downloader.loading && } +
+ 		-   Edit - @@ -75,7 +130,9 @@ export function ConfigurationList({ configurations, onDelete, loading }) {
No configurations. + No configurations. +
diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js index bad543b69..d164c20e0 100644 --- a/ui/src/app/admin/container/EditConfiguration.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -3,12 +3,10 @@ import React from 'react'; import { Prompt, useHistory, useParams } from 'react-router-dom'; import Translate from '../../i18n/components/translate'; import { useConfiguration } from '../hooks'; -import { Schema } from '../../form/Schema'; import { ConfigurationForm } from '../component/ConfigurationForm'; import { createNotificationAction, NotificationTypes, useNotificationDispatcher } from '../../notifications/hoc/Notifications'; import { useTranslator } from '../../i18n/hooks'; -import { BASE_PATH } from '../../App.constant'; import { PropertiesProvider } from '../hoc/PropertiesProvider'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner } from '@fortawesome/free-solid-svg-icons'; diff --git a/ui/src/app/admin/hoc/ConfigurationsProvider.js b/ui/src/app/admin/hoc/ConfigurationsProvider.js index aa23ddd45..2cd146260 100644 --- a/ui/src/app/admin/hoc/ConfigurationsProvider.js +++ b/ui/src/app/admin/hoc/ConfigurationsProvider.js @@ -23,7 +23,7 @@ export function ConfigurationsProvider({ children, cache = 'no-cache' }) { async function removeConfiguration(id) { let toast; - const resp = await del(`/${id}`); + const resp = await del(`shib/property/set/${id}`); if (response.ok) { loadConfigurations(); toast = createNotificationAction(`Deleted property successfully.`, NotificationTypes.SUCCESS); diff --git a/ui/src/app/admin/hooks.js b/ui/src/app/admin/hooks.js index 11184e55e..54d9d3117 100644 --- a/ui/src/app/admin/hooks.js +++ b/ui/src/app/admin/hooks.js @@ -61,4 +61,10 @@ export function useConfigurationUiSchema () { 'ui:widget': 'textarea' } }; -} \ No newline at end of file +} + +export function useConfigDownload () { + return useFetch(`${API_BASE_PATH}/shib/property/set`, { + cachePolicy: 'no-cache' + }); +} diff --git a/ui/src/app/core/utility/download_as_xml.js b/ui/src/app/core/utility/download_as.js similarity index 54% rename from ui/src/app/core/utility/download_as_xml.js rename to ui/src/app/core/utility/download_as.js index a9256fc63..4fc0cc4fd 100644 --- a/ui/src/app/core/utility/download_as_xml.js +++ b/ui/src/app/core/utility/download_as.js @@ -1,6 +1,11 @@ import * as FileSaver from 'file-saver'; +export const downloadAsZip = (fileName, data) => { + // const blob = new Blob([data], { type: 'text/zip;charset=utf-8' }); + FileSaver.saveAs(data, `${fileName}.zip`); +} + export const downloadAsXml = (fileName, xml) => { const blob = new Blob([xml], { type: 'text/xml;charset=utf-8' }); FileSaver.saveAs(blob, `${fileName}.xml`); -} \ No newline at end of file +} diff --git a/ui/src/app/core/utility/download_as_xml.test.js b/ui/src/app/core/utility/download_as_xml.test.js index 38a87e6fe..3e8583fe9 100644 --- a/ui/src/app/core/utility/download_as_xml.test.js +++ b/ui/src/app/core/utility/download_as_xml.test.js @@ -1,5 +1,5 @@ import * as FileSaver from 'file-saver'; -import { downloadAsXml } from './download_as_xml'; +import { downloadAsXml } from './download_as'; jest.mock('file-saver'); it('attempts to save the provided content', () => { diff --git a/ui/src/app/metadata/hoc/FilterTargetPreview.js b/ui/src/app/metadata/hoc/FilterTargetPreview.js index 8bd8550d3..2fd81e4c3 100644 --- a/ui/src/app/metadata/hoc/FilterTargetPreview.js +++ b/ui/src/app/metadata/hoc/FilterTargetPreview.js @@ -4,7 +4,7 @@ import { useFetch } from 'use-http'; import Modal from 'react-bootstrap/Modal'; import Button from 'react-bootstrap/Button'; import Translate from '../../i18n/components/translate'; -import { downloadAsXml } from '../../core/utility/download_as_xml'; +import { downloadAsXml } from '../../core/utility/download_as'; export function FilterTargetPreview ({ entityId, children }) { diff --git a/ui/src/app/metadata/view/MetadataXml.js b/ui/src/app/metadata/view/MetadataXml.js index 17e79d26a..fa6252cd9 100644 --- a/ui/src/app/metadata/view/MetadataXml.js +++ b/ui/src/app/metadata/view/MetadataXml.js @@ -9,7 +9,7 @@ import { MetadataObjectContext } from '../hoc/MetadataSelector'; import { MetadataXmlContext } from '../hoc/MetadataXmlLoader'; import { MetadataViewToggle } from '../component/MetadataViewToggle'; -import { downloadAsXml } from '../../core/utility/download_as_xml'; +import { downloadAsXml } from '../../core/utility/download_as'; export function MetadataXml () { const { xml, reload } = React.useContext(MetadataXmlContext); diff --git a/ui/src/theme/project/forms.scss b/ui/src/theme/project/forms.scss index b60471ce0..daa0d8cb9 100644 --- a/ui/src/theme/project/forms.scss +++ b/ui/src/theme/project/forms.scss @@ -124,6 +124,10 @@ mark { } } +.form-floating > label { + color:#9299A0; +} + @media only screen and (max-width: 1200px) { .form-section:not(:first-child) { border-left: 0px; From 12b9d1ebad5dbddf51268f01999ad9e6a3343f0d Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 31 Aug 2022 13:21:14 -0700 Subject: [PATCH 43/63] Fixed flicker in search --- .../app/admin/component/ConfigurationForm.js | 3 + .../app/admin/component/PropertySelector.js | 71 +++++++++++-------- 2 files changed, 44 insertions(+), 30 deletions(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 87a8739dc..cc13aa791 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -29,8 +29,11 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance const properties = useProperties(); const addProperties = (props) => { + const parsed = props.reduce((coll, prop, idx) => { if (prop.isCategory) { + console.log(properties.filter(p => p.category === prop.category)) + return [...coll, ...properties.filter(p => p.category === prop.category)]; } else { return [...coll, prop]; diff --git a/ui/src/app/admin/component/PropertySelector.js b/ui/src/app/admin/component/PropertySelector.js index 976e0d220..f0016e42e 100644 --- a/ui/src/app/admin/component/PropertySelector.js +++ b/ui/src/app/admin/component/PropertySelector.js @@ -1,5 +1,5 @@ import React, { Fragment, useCallback } from 'react'; -import { groupBy } from 'lodash'; +import { groupBy, orderBy } from 'lodash'; import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; import Button from 'react-bootstrap/Button'; @@ -7,34 +7,44 @@ import { ToggleButton } from '../../form/component/ToggleButton'; export function PropertySelector ({ properties, options, onAddProperties }) { - // React.useEffect(() => console.log(properties), [properties]); - const menu = useCallback((results, menuProps, state) => { let index = 0; - const mapped = results.map(p => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); - const grouped = groupBy(mapped, 'category'); - const items = Object.keys(grouped).sort().map((item) => ( - - {index !== 0 && } - - - {item} - Add all - - - {grouped[item].map((i) => { - const item = - p.propertyName === i.propertyName) }> - - {`- ${i.propertyName}`} - - ; - index += 1; - return item; - })} - - )); + const mapped = results.map((p, idx) => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); + const ordered = orderBy(mapped, 'category'); + const grouped = groupBy(ordered, 'category'); + const items = Object.keys(grouped).sort().map((item) => { + index = index + 1; + const used = grouped[item].filter((i) => properties.some((p) => p.propertyName === i.propertyName)); + if (used.length >= grouped[item].length) { + return + } + return ( + + {index !== 0 && } + + + {item} - Add all + + + {grouped[item].map((i) => { + if (!properties.some((p) => p.propertyName === i.propertyName)) { + index = index + 1; + const item = + + + {`- ${i.propertyName}`} + + ; + return item; + } + return null; + })} + + ); + }); return {items}; }, [properties]); @@ -66,14 +76,15 @@ export function PropertySelector ({ properties, options, onAddProperties }) { select(selected)} - options={[...options]} + options={options} selected={selected} labelKey={option => `${option.propertyName}`} filterBy={['propertyName', 'category', 'displayType']} renderMenu={ menu } + paginate={false} multiple={ true } - renderToken={ token } - > + maxResults={options.length} + renderToken={ token }> {({ isMenuShown, toggleMenu }) => ( toggleMenu()}> Options From 5e41183e5f76368f9603064c13786b42b9580217 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 31 Aug 2022 13:37:43 -0700 Subject: [PATCH 44/63] Fixed build error --- ui/src/app/admin/container/ConfigurationList.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/src/app/admin/container/ConfigurationList.js b/ui/src/app/admin/container/ConfigurationList.js index 688535642..cef6880b2 100644 --- a/ui/src/app/admin/container/ConfigurationList.js +++ b/ui/src/app/admin/container/ConfigurationList.js @@ -10,7 +10,7 @@ import { Link } from 'react-router-dom'; import { Translate } from '../../i18n/components/translate'; import { DeleteConfirmation } from '../../core/components/DeleteConfirmation'; -import OverlayTrigger from 'react-bootstrap/esm/OverlayTrigger'; +import OverlayTrigger from 'react-bootstrap/OverlayTrigger'; import { useTranslator } from '../../i18n/hooks'; import useFetch from 'use-http'; import API_BASE_PATH from '../../App.constant'; From 6ceb83276f7d32dc605fda0e6c4c618065a5b3ff Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 1 Sep 2022 13:02:46 -0700 Subject: [PATCH 45/63] Fixed issue with duplicate properties --- ui/src/app/admin/component/ConfigurationForm.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index cc13aa791..a97b1051e 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -12,6 +12,7 @@ import { useProperties } from '../hoc/PropertiesProvider'; import Form from 'react-bootstrap/Form'; import FloatingLabel from 'react-bootstrap/FloatingLabel'; import { useTranslator } from '../../i18n/hooks'; +import { includes } from 'lodash'; export function ConfigurationForm({ configuration = {}, loading, onSave, onCancel }) { @@ -27,20 +28,23 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance }); const properties = useProperties(); + const selected = watch('properties'); const addProperties = (props) => { const parsed = props.reduce((coll, prop, idx) => { if (prop.isCategory) { - console.log(properties.filter(p => p.category === prop.category)) - return [...coll, ...properties.filter(p => p.category === prop.category)]; } else { return [...coll, prop]; } }, []); - append(parsed); + const names = selected.map(p => p.propertyName); + + const filtered = parsed.filter(p => includes(names, p.propertyName) ? false : true); + + append(filtered); }; const saveConfig = (formValues) => { From cf6f47208ca02bd04a90547bb25d1206c2e2da33 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 1 Sep 2022 13:47:02 -0700 Subject: [PATCH 46/63] Fixed issue with validation on name field --- .../main/resources/i18n/messages.properties | 1 + ui/src/app/admin/IdpConfiguration.js | 13 +++++- .../app/admin/component/ConfigurationForm.js | 40 ++++++++++++++++--- .../app/admin/container/EditConfiguration.js | 3 +- .../app/admin/container/NewConfiguration.js | 3 +- .../app/admin/hoc/ConfigurationsProvider.js | 2 +- 6 files changed, 51 insertions(+), 11 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index fcdf71519..5ce496eca 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -773,6 +773,7 @@ label.configuration-value=Value label.configuration-action=Action message.delete-property-title=Delete Configuration? message.delete-property-body=You are requesting to delete a configuration set. If you complete this process the set will be removed. This cannot be undone. Do you wish to continue? +message.name-required=Name is required. label.external-description=Description diff --git a/ui/src/app/admin/IdpConfiguration.js b/ui/src/app/admin/IdpConfiguration.js index 6f774d9ea..50bacf1e6 100644 --- a/ui/src/app/admin/IdpConfiguration.js +++ b/ui/src/app/admin/IdpConfiguration.js @@ -20,10 +20,19 @@ export function IdpConfiguration() { } /> - + + {(configurations) => + + } + + } /> - + + {(configurations) => + + } + } /> diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index a97b1051e..3744a61df 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -14,12 +14,16 @@ import FloatingLabel from 'react-bootstrap/FloatingLabel'; import { useTranslator } from '../../i18n/hooks'; import { includes } from 'lodash'; -export function ConfigurationForm({ configuration = {}, loading, onSave, onCancel }) { +export function ConfigurationForm({ configurations, configuration = {}, loading, onSave, onCancel }) { - const { control, register, getValues, watch, formState: { errors } } = useForm({ + const [names, setNames] = React.useState([]); + + const { control, register, getValues, watch, formState: { errors, isValid }, handleSubmit } = useForm({ defaultValues: { ...configuration - } + }, + reValidateMode: 'onChange', + mode: 'onChange', }); const { fields, append, remove } = useFieldArray({ @@ -63,6 +67,16 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance const translator = useTranslator(); + React.useEffect(() => { + setNames(configurations.map(p => p.name)); + }, [configurations]); + + React.useEffect(() => console.log(errors, names), [errors, names]); + + const onNext = (data) => { + console.log(data); + }; + return (<>
@@ -70,7 +84,7 @@ export function ConfigurationForm({ configuration = {}, loading, onSave, onCance
-
+
Name - + !includes(names, v) + } + })} /> + + {errors?.name?.type === 'unique' && } + {errors?.name?.type === 'required' && } +
diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js index d164c20e0..f3749f2a0 100644 --- a/ui/src/app/admin/container/EditConfiguration.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -11,7 +11,7 @@ import { PropertiesProvider } from '../hoc/PropertiesProvider'; import { FontAwesomeIcon } from '@fortawesome/react-fontawesome'; import { faSpinner } from '@fortawesome/free-solid-svg-icons'; -export function EditConfiguration() { +export function EditConfiguration({ configurations }) { const history = useHistory(); const notifier = useNotificationDispatcher(); const translator = useTranslator(); @@ -81,6 +81,7 @@ export function EditConfiguration() { {configuration && save(data)} onCancel={() => cancel()} /> } diff --git a/ui/src/app/admin/container/NewConfiguration.js b/ui/src/app/admin/container/NewConfiguration.js index 84477fe40..34a587b45 100644 --- a/ui/src/app/admin/container/NewConfiguration.js +++ b/ui/src/app/admin/container/NewConfiguration.js @@ -11,7 +11,7 @@ import { useTranslator } from '../../i18n/hooks'; import { BASE_PATH } from '../../App.constant'; import { PropertiesProvider } from '../hoc/PropertiesProvider'; -export function NewConfiguration() { +export function NewConfiguration({ configurations }) { const history = useHistory(); const notifier = useNotificationDispatcher(); const translator = useTranslator(); @@ -67,6 +67,7 @@ export function NewConfiguration() { {(schema) => save(data)} diff --git a/ui/src/app/admin/hoc/ConfigurationsProvider.js b/ui/src/app/admin/hoc/ConfigurationsProvider.js index 2cd146260..99220c94c 100644 --- a/ui/src/app/admin/hoc/ConfigurationsProvider.js +++ b/ui/src/app/admin/hoc/ConfigurationsProvider.js @@ -39,4 +39,4 @@ export function ConfigurationsProvider({ children, cache = 'no-cache' }) { React.useEffect(() => { loadConfigurations() }, []); return (<>{children(configurations, removeConfiguration, loading)}); -} \ No newline at end of file +} From d2d567d4a1d5e44ee7595a9f805eddc803ed6e2a Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 1 Sep 2022 13:49:02 -0700 Subject: [PATCH 47/63] Removed console log --- ui/src/app/admin/component/ConfigurationForm.js | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 3744a61df..49f8abb7f 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -71,11 +71,7 @@ export function ConfigurationForm({ configurations, configuration = {}, loading, setNames(configurations.map(p => p.name)); }, [configurations]); - React.useEffect(() => console.log(errors, names), [errors, names]); - - const onNext = (data) => { - console.log(data); - }; + const onNext = (data) => {}; return (<>
From b4d56c5bfdbea5497a4fe866e8ae04e31afa0840 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 1 Sep 2022 13:58:23 -0700 Subject: [PATCH 48/63] Fixed sets without properties --- backend/src/main/resources/i18n/messages.properties | 1 + ui/src/app/admin/component/ConfigurationForm.js | 12 +++++++++++- ui/src/app/admin/component/PropertySelector.js | 3 +-- ui/src/app/admin/hoc/PropertiesProvider.js | 2 +- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 5ce496eca..dcd97aee4 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -774,6 +774,7 @@ label.configuration-action=Action message.delete-property-title=Delete Configuration? message.delete-property-body=You are requesting to delete a configuration set. If you complete this process the set will be removed. This cannot be undone. Do you wish to continue? message.name-required=Name is required. +message.properties-none=At least one property is required. label.external-description=Description diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 49f8abb7f..90bd31db9 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -29,6 +29,9 @@ export function ConfigurationForm({ configurations, configuration = {}, loading, const { fields, append, remove } = useFieldArray({ control, name: "properties", + rules: { + minLength: 1 + } }); const properties = useProperties(); @@ -80,7 +83,7 @@ export function ConfigurationForm({ configurations, configuration = {}, loading,
diff --git a/ui/src/app/admin/component/PropertySelector.js b/ui/src/app/admin/component/PropertySelector.js index f0016e42e..85da52888 100644 --- a/ui/src/app/admin/component/PropertySelector.js +++ b/ui/src/app/admin/component/PropertySelector.js @@ -9,8 +9,7 @@ export function PropertySelector ({ properties, options, onAddProperties }) { const menu = useCallback((results, menuProps, state) => { let index = 0; - const mapped = results.map((p, idx) => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p); - const ordered = orderBy(mapped, 'category'); + const ordered = orderBy(results, 'category'); const grouped = groupBy(ordered, 'category'); const items = Object.keys(grouped).sort().map((item) => { index = index + 1; diff --git a/ui/src/app/admin/hoc/PropertiesProvider.js b/ui/src/app/admin/hoc/PropertiesProvider.js index 95bbc5d04..5ab7bde75 100644 --- a/ui/src/app/admin/hoc/PropertiesProvider.js +++ b/ui/src/app/admin/hoc/PropertiesProvider.js @@ -30,7 +30,7 @@ function PropertiesProvider({ children, cache = 'no-cache' }) { function useProperties() { const { properties } = React.useContext(PropertiesContext); - return properties; + return properties.map((p, idx) => !p.category || p.category === '?' ? { ...p, category: 'Misc' } : p);; } function usePropertiesLoading() { From b0ff7e20db1a0cafc28834cf90d9ef98bc2cc134 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 1 Sep 2022 14:43:14 -0700 Subject: [PATCH 49/63] Updated text for notifications --- ui/src/app/admin/component/PropertySelector.js | 4 ++-- ui/src/app/admin/container/EditConfiguration.js | 2 +- ui/src/app/admin/container/NewConfiguration.js | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ui/src/app/admin/component/PropertySelector.js b/ui/src/app/admin/component/PropertySelector.js index 85da52888..375b75747 100644 --- a/ui/src/app/admin/component/PropertySelector.js +++ b/ui/src/app/admin/component/PropertySelector.js @@ -11,11 +11,11 @@ export function PropertySelector ({ properties, options, onAddProperties }) { let index = 0; const ordered = orderBy(results, 'category'); const grouped = groupBy(ordered, 'category'); - const items = Object.keys(grouped).sort().map((item) => { + const items = Object.keys(grouped).sort().map((item, idx) => { index = index + 1; const used = grouped[item].filter((i) => properties.some((p) => p.propertyName === i.propertyName)); if (used.length >= grouped[item].length) { - return + return } return ( diff --git a/ui/src/app/admin/container/EditConfiguration.js b/ui/src/app/admin/container/EditConfiguration.js index f3749f2a0..dfa90aa8e 100644 --- a/ui/src/app/admin/container/EditConfiguration.js +++ b/ui/src/app/admin/container/EditConfiguration.js @@ -28,7 +28,7 @@ export function EditConfiguration({ configurations }) { const resp = await put(`${config.resourceId}`, config); if (response.ok) { gotoList({ refresh: true }); - toast = createNotificationAction(`Added property successfully.`, NotificationTypes.SUCCESS); + toast = createNotificationAction(`Updated configuration successfully.`, NotificationTypes.SUCCESS); } else { toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); } diff --git a/ui/src/app/admin/container/NewConfiguration.js b/ui/src/app/admin/container/NewConfiguration.js index 34a587b45..d9a1bf33c 100644 --- a/ui/src/app/admin/container/NewConfiguration.js +++ b/ui/src/app/admin/container/NewConfiguration.js @@ -25,7 +25,7 @@ export function NewConfiguration({ configurations }) { const resp = await post(``, config); if (response.ok) { gotoList({ refresh: true }); - toast = createNotificationAction(`Added property successfully.`, NotificationTypes.SUCCESS); + toast = createNotificationAction(`Added configuration successfully.`, NotificationTypes.SUCCESS); } else { toast = createNotificationAction(`${resp.errorCode} - ${translator(resp.errorMessage)}`, NotificationTypes.ERROR); } From 7eead4a72b75a71aac6c4308b1f15c5ce62d2a4f Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 2 Sep 2022 10:00:34 -0700 Subject: [PATCH 50/63] SHIBUI-2270 / SHIBUI-2373 Fixing output JSON for the UI so type values are correct --- .../shib/properties/ShibPropertySetting.java | 2 + .../ShibPropertySettingJacksonSerializer.java | 43 +++++++++++++ .../ShibPropertiesControllerTests.groovy | 60 +++++++++++++++++++ 3 files changed, 105 insertions(+) create mode 100644 backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java index 1fd4d73fd..aeb1bd579 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySetting.java @@ -1,5 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; +import com.fasterxml.jackson.databind.annotation.JsonSerialize; import lombok.Data; import org.hibernate.envers.Audited; @@ -12,6 +13,7 @@ @Entity(name = "shib_property_setting") @Audited @Data +@JsonSerialize(using = ShibPropertySettingJacksonSerializer.class) public class ShibPropertySetting { @Id @GeneratedValue diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java new file mode 100644 index 000000000..6bd5b926c --- /dev/null +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java @@ -0,0 +1,43 @@ +package edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties; + +import com.fasterxml.jackson.core.JsonGenerator; +import com.fasterxml.jackson.databind.SerializerProvider; +import com.fasterxml.jackson.databind.ser.std.StdSerializer; + +import java.io.IOException; + +public class ShibPropertySettingJacksonSerializer extends StdSerializer { + public ShibPropertySettingJacksonSerializer() { + this(null); + } + + public ShibPropertySettingJacksonSerializer(Class t) { + super(t); + } + + @Override + public void serialize(ShibPropertySetting sps, JsonGenerator generator, SerializerProvider provider) throws IOException { + generator.writeStartObject(); + generator.writeNumberField("resourceId", sps.getResourceId()); + generator.writeStringField("configFile", sps.getConfigFile()); + generator.writeStringField("propertyName", sps.getPropertyName()); + if (sps.getCategory() != null) { + generator.writeStringField("category", sps.getCategory()); + } + generator.writeStringField("displayType", sps.getDisplayType()); + + switch (sps.getDisplayType()) { + case "boolean": + generator.writeBooleanField("propertyValue", Boolean.valueOf(sps.getPropertyValue())); + break; + case "number": + generator.writeNumberField("propertyValue", Long.parseLong(sps.getPropertyValue())); + break; + default: + generator.writeStringField("propertyValue", sps.getPropertyValue()); + } + + generator.writeEndObject(); + } + +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy index e5c418f9d..c5ab4a003 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy @@ -63,6 +63,7 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { it.propertyName = 'foo' it.configFile = 'defaults.properties' it.propertyValue = 'bar' + it.displayType = 'string' it } @@ -71,6 +72,7 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { it.propertyName = 'foo2' it.configFile = 'defaults.properties' it.propertyValue = 'bar2' + it.displayType = 'string' it } @@ -151,6 +153,7 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { it.propertyName = 'food.for.thought' it.configFile = 'defaults.properties' it.propertyValue = 'true' + it.displayType = 'boolean' it } @@ -158,6 +161,7 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { it.propertyName = 'food2.for2.thought' it.configFile = 'defaults.properties' it.propertyValue = 'true' + it.displayType = 'boolean' it } @@ -207,4 +211,60 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { result.andExpect(status().isOk()).andExpect(jsonPath("\$.name").value("newName")) propertySetRepo.findByResourceId(defaultSetResourceId).name.equals("newName") } + + @WithMockAdmin + def "Validate that JSON data is correct for UI"() { + given: + ShibPropertySetting prop = new ShibPropertySetting().with { it -> + it.propertyName = 'asBoolean' + it.configFile = 'defaults.properties' + it.propertyValue = 'true' + it.displayType = 'boolean' + + it + } + propertySettingRepo.save(prop) + ShibPropertySetting prop2 = new ShibPropertySetting().with { it -> + it.propertyName = 'asNumber' + it.configFile = 'defaults.properties' + it.propertyValue = '33' + it.displayType = 'number' + + it + } + propertySettingRepo.save(prop2) + ShibPropertySetting prop3 = new ShibPropertySetting().with { it -> + it.propertyName = 'anythingElse' + it.configFile = 'defaults.properties' + it.propertyValue = '33' + it.displayType = 'string' + + it + } + propertySettingRepo.save(prop3) + ShibPropertySet set = new ShibPropertySet().with {it -> + it.properties.add(prop) + it.properties.add(prop2) + it.properties.add(prop3) + it.name = 'somerandom' + + it + } + def savedSet = propertySetRepo.save(set) + entityManager.flush() + entityManager.clear() + + when: + def result = mockMvc.perform(get("/api/shib/property/set/" + savedSet.getResourceId())) + System.println(result.andReturn().getResponse().getContentAsString()) + then: + result.andExpect(status().isOk()) + .andExpect(jsonPath("\$.resourceId").value(savedSet.getResourceId())) + .andExpect(jsonPath("\$.properties[0].propertyName").value("asBoolean")) + .andExpect(jsonPath("\$.properties[0].propertyValue").value(Boolean.TRUE)) + .andExpect(jsonPath("\$.properties[1].propertyName").value("asNumber")) + .andExpect(jsonPath("\$.properties[1].propertyValue").value(33)) + .andExpect(jsonPath("\$.properties[2].propertyName").value("anythingElse")) + .andExpect(jsonPath("\$.properties[2].propertyValue").value("33")) + } } \ No newline at end of file From be32e8644d805e9ebc1650877fe655a07876028f Mon Sep 17 00:00:00 2001 From: chasegawa Date: Fri, 2 Sep 2022 10:49:47 -0700 Subject: [PATCH 51/63] SHIBUI-2270 fixed broken test --- .../ui/service/ShibConfigurationServiceTests.groovy | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy index 36f548215..4454ef8ca 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceTests.groovy @@ -30,7 +30,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { * We use the object mapper to transform to json and then back to new objects so that what we send to the service is never * the actual hibernate entity from the db, but an unattached copy (ie what the service would be getting as input in reality) */ - def ObjectMapper objectMapper = new ObjectMapper(); + ObjectMapper objectMapper = new ObjectMapper() @Transactional def setup() { @@ -38,6 +38,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { it.propertyName = 'foo' it.configFile = 'defaults.properties' it.propertyValue = 'bar' + it.displayType = 'string' it } @@ -46,6 +47,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { it.propertyName = 'foo2' it.configFile = 'defaults.properties' it.propertyValue = 'bar2' + it.displayType = 'string' it } @@ -68,8 +70,8 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { def "check delete"() { given: - def long setCount = propertySetRepo.count() - def long propsCount = propertySettingRepo.count() + long setCount = propertySetRepo.count() + long propsCount = propertySettingRepo.count() expect: setCount == 1 @@ -120,6 +122,7 @@ class ShibConfigurationServiceTests extends AbstractBaseDataJpaTest { it.propertyName = 'food.for.thought' it.configFile = 'defaults.properties' it.propertyValue = 'true' + it.displayType = 'boolean' it } From 31ef5a3ba07b552c96f7c4af4377d4f84c5881ee Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 2 Sep 2022 11:06:28 -0700 Subject: [PATCH 52/63] Fixed x mark in dropdown --- ui/src/theme/project/typeahead.scss | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/src/theme/project/typeahead.scss b/ui/src/theme/project/typeahead.scss index 0fca115fa..5bf91a8ca 100644 --- a/ui/src/theme/project/typeahead.scss +++ b/ui/src/theme/project/typeahead.scss @@ -35,7 +35,7 @@ height: 1em; padding: .25em .25em; color: inherit; - background: transparent url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 16 16' fill='#007bff' %3e%3cpath d='M.293.293a1 1 0 0 1 1.414 0L8 6.586 14.293.293a1 1 0 1 1 1.414 1.414L9.414 8l6.293 6.293a1 1 0 0 1-1.414 1.414L8 9.414l-6.293 6.293a1 1 0 0 1-1.414-1.414L6.586 8 .293 1.707a1 1 0 0 1 0-1.414z'/%3e%3c/svg%3e") center/1em auto no-repeat; + background: transparent center/1em auto no-repeat; border: 0; border-radius: .375rem; } From 8ed3fe3b52c1f6359873a5c661d789ed55b93c83 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 2 Sep 2022 12:19:42 -0700 Subject: [PATCH 53/63] Fixed issue with validation of set names --- ui/src/app/admin/component/ConfigurationForm.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 90bd31db9..e4088f98d 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -110,8 +110,9 @@ export function ConfigurationForm({ configurations, configuration = {}, loading, placeholder={translator('label.configuration-name-placeholder')} {...register(`name`, { required: true, + value: configuration.value || null, validate: { - unique: v => !includes(names, v) + unique: v => v.trim() === configuration.name || !includes(names, v) } })} /> From c2cb961b9cd5f8629c4e22168d78491779febbf8 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Fri, 2 Sep 2022 12:34:15 -0700 Subject: [PATCH 54/63] Fixed issue with duplicated properties from categories --- .../app/admin/component/PropertySelector.js | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/ui/src/app/admin/component/PropertySelector.js b/ui/src/app/admin/component/PropertySelector.js index 375b75747..9f219e403 100644 --- a/ui/src/app/admin/component/PropertySelector.js +++ b/ui/src/app/admin/component/PropertySelector.js @@ -1,11 +1,12 @@ import React, { Fragment, useCallback } from 'react'; -import { groupBy, orderBy } from 'lodash'; +import { groupBy, includes, orderBy } from 'lodash'; import { Highlighter, Menu, MenuItem, Token, Typeahead } from 'react-bootstrap-typeahead'; import Button from 'react-bootstrap/Button'; import { ToggleButton } from '../../form/component/ToggleButton'; export function PropertySelector ({ properties, options, onAddProperties }) { + const [selected, setSelected] = React.useState([]); const menu = useCallback((results, menuProps, state) => { let index = 0; @@ -14,17 +15,20 @@ export function PropertySelector ({ properties, options, onAddProperties }) { const items = Object.keys(grouped).sort().map((item, idx) => { index = index + 1; const used = grouped[item].filter((i) => properties.some((p) => p.propertyName === i.propertyName)); - if (used.length >= grouped[item].length) { + if (used.length >= grouped[item].length || includes(selected, item)) { return } + const cat = {category: item, propertyName: item, isCategory: true}; + const catSelected = selected.some(s => s.propertyName === item); return ( {index !== 0 && } + className="fw-bold" + disabled={catSelected}> {item} - Add all @@ -32,7 +36,7 @@ export function PropertySelector ({ properties, options, onAddProperties }) { if (!properties.some((p) => p.propertyName === i.propertyName)) { index = index + 1; const item = - + s.propertyName === i.propertyName)}> {`- ${i.propertyName}`} @@ -46,7 +50,7 @@ export function PropertySelector ({ properties, options, onAddProperties }) { }); return {items}; - }, [properties]); + }, [properties, selected]); const token = (option, { onRemove }, index) => ( { onAddProperties(s); setSelected([]); - } + }; return ( From 5197db034398b0e671b6a98b9d6c5132cc450eff Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Tue, 6 Sep 2022 09:50:20 -0700 Subject: [PATCH 55/63] Fixed issue with duplicate properties --- ui/src/app/admin/component/ConfigurationForm.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index e4088f98d..751e94310 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -12,7 +12,7 @@ import { useProperties } from '../hoc/PropertiesProvider'; import Form from 'react-bootstrap/Form'; import FloatingLabel from 'react-bootstrap/FloatingLabel'; import { useTranslator } from '../../i18n/hooks'; -import { includes } from 'lodash'; +import { includes, uniqBy } from 'lodash'; export function ConfigurationForm({ configurations, configuration = {}, loading, onSave, onCancel }) { @@ -51,7 +51,9 @@ export function ConfigurationForm({ configurations, configuration = {}, loading, const filtered = parsed.filter(p => includes(names, p.propertyName) ? false : true); - append(filtered); + const deduped = uniqBy(filtered, (i) => i.propertyName); + + append(deduped); }; const saveConfig = (formValues) => { From 47168290b9da41b946f1b2457e385f904993544d Mon Sep 17 00:00:00 2001 From: chasegawa Date: Tue, 6 Sep 2022 13:32:44 -0700 Subject: [PATCH 56/63] SHIBUI-2270 Added cleanup of settings to the danger controller --- .../admin/ui/controller/DangerController.java | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java index 2ab357a03..7af217eb2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/DangerController.java @@ -7,6 +7,8 @@ import edu.internet2.tier.shibboleth.admin.ui.repository.FilterRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository; +import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.OwnershipRepository; import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; @@ -59,6 +61,12 @@ public class DangerController { @Autowired private OwnershipRepository ownershipRepository; + @Autowired + private ShibPropertySetRepository shibPropertySetRepository; + + @Autowired + private ShibPropertySettingRepository shibPropertySettingRepository; + @Autowired UserRepository userRepository; @@ -84,9 +92,18 @@ public ResponseEntity wipeOut() { clearUsersAndGroups(); + clearShibSettings(); + return ResponseEntity.ok("yes, you did it"); } + private void clearShibSettings() { + shibPropertySetRepository.findAll().forEach(shibPropSet -> { + shibPropertySettingRepository.deleteAll(shibPropSet.getProperties()); + shibPropertySetRepository.delete(shibPropSet); + }); + } + private void clearUsersAndGroups() { groupRepository.deleteAll(); ownershipRepository.clearAllOwnedByGroup(); @@ -99,4 +116,4 @@ private void clearUsersAndGroups() { groupService.ensureAdminGroupExists(); devConfig.createDevUsersAndGroups(); } -} +} \ No newline at end of file From 4e96769041300d8aa97f4f54f833ca5e5664efde Mon Sep 17 00:00:00 2001 From: Bill Smith Date: Wed, 7 Sep 2022 10:29:50 -0400 Subject: [PATCH 57/63] SHIBUI-2270 Added selenium tests for properties CRUD operations. --- .../admin/ui/SeleniumSIDETest.groovy | 2 + .../integration/resources/SHIBUI-2270-1.side | 562 +++++ .../integration/resources/SHIBUI-2270-2.side | 2143 +++++++++++++++++ 3 files changed, 2707 insertions(+) create mode 100644 backend/src/integration/resources/SHIBUI-2270-1.side create mode 100644 backend/src/integration/resources/SHIBUI-2270-2.side diff --git a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy index beb593a70..4a903610e 100644 --- a/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy +++ b/backend/src/integration/groovy/edu/internet2/tier/shibboleth/admin/ui/SeleniumSIDETest.groovy @@ -157,6 +157,8 @@ class SeleniumSIDETest extends Specification { 'SHIBUI-1674: Verify metadata source tooltips' | '/SHIBUI-1674-1.side' 'SHIBUI-1674: Verify metadata provider tooltips' | '/SHIBUI-1674-2.side' 'SHIBUI-1674: Verify advanced menu tooltips' | '/SHIBUI-1674-3.side' + 'SHIBUI-2270: Verify property set CRUD' | '/SHIBUI-2270-1.side' + 'SHIBUI-2270: Verify full property set' | '/SHIBUI-2270-2.side' 'SHIBUI-2268: Verify Algorithm Filter' | '/SHIBUI-2268.side' 'SHIBUI-2269: Verify XML generation of external filters' | '/SHIBUI-2269.side' } diff --git a/backend/src/integration/resources/SHIBUI-2270-1.side b/backend/src/integration/resources/SHIBUI-2270-1.side new file mode 100644 index 000000000..b9d67cff4 --- /dev/null +++ b/backend/src/integration/resources/SHIBUI-2270-1.side @@ -0,0 +1,562 @@ +{ + "id": "1b31a551-eb09-4bd4-8db9-694bf1539a46", + "version": "2.0", + "name": "SHIBUI-2270-1", + "url": "http://localhost:10101", + "tests": [{ + "id": "841ade0e-83bd-4a4b-94f2-de6bd5c536b2", + "name": "SHIBUI-2270-1", + "commands": [{ + "id": "d6b23986-6d14-4b10-be7b-a7e6f576e3b2", + "comment": "", + "command": "open", + "target": "/login", + "targets": [], + "value": "" + }, { + "id": "f77ecd77-01c2-4463-944e-1a69600f5297", + "comment": "", + "command": "type", + "target": "name=username", + "targets": [ + ["name=username", "name"], + ["css=tr:nth-child(1) input", "css:finder"], + ["xpath=//input[@name='username']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "admin" + }, { + "id": "c9bf0a22-faa9-494c-b2ed-6c9653248551", + "comment": "", + "command": "type", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "adminpass" + }, { + "id": "7ab1d854-3582-4101-bd19-f94b8f438090", + "comment": "", + "command": "sendKeys", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "${KEY_ENTER}" + }, { + "id": "4059cae7-b9f9-49d0-a213-343bcaba66d1", + "comment": "", + "command": "waitForElementVisible", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "f03af8d5-5875-4a2c-b93a-c3ddcbd4b16a", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "081f495b-4d84-4758-824c-1e85b6311e7f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }, { + "id": "9e912dd5-6ace-45be-bafd-2d1655906575", + "comment": "", + "command": "open", + "target": "/", + "targets": [], + "value": "" + }, { + "id": "d388e4d3-79b7-4948-a6f6-907d0a46f35c", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-toggle", + "targets": [ + ["id=advanced-nav-dropdown-toggle", "id"], + ["css=#advanced-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='advanced-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[3]/button", "xpath:position"], + ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "14841cc4-c8f1-48c2-9f85-a7aaf9f0a91d", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-properties", + "targets": [ + ["id=advanced-nav-dropdown-properties", "id"], + ["linkText=Shibboleth configurations", "linkText"], + ["css=#advanced-nav-dropdown-properties", "css:finder"], + ["xpath=//a[contains(text(),'Shibboleth configurations')]", "xpath:link"], + ["xpath=//a[@id='advanced-nav-dropdown-properties']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/div/a[5]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations')]", "xpath:href"], + ["xpath=//a[5]", "xpath:position"], + ["xpath=//a[contains(.,'Shibboleth configurations')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "8a824b21-89be-4531-baa3-db217375dfb1", + "comment": "", + "command": "click", + "target": "linkText=Create Shibboleth configuration set", + "targets": [ + ["linkText=Create Shibboleth configuration set", "linkText"], + ["css=.btn-success", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Create Shibboleth configuration set')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "da25d3be-ebb4-4ad7-8264-dfb688ef157d", + "comment": "", + "command": "type", + "target": "id=formName", + "targets": [ + ["id=formName", "id"], + ["name=name", "name"], + ["css=#formName", "css:finder"], + ["xpath=//input[@id='formName']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "Test Configuration" + }, { + "id": "7d40119c-c87f-4743-bdfb-3368f556ce89", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "a9ae0330-b553-49d6-aafd-0566d6ef8015", + "comment": "", + "command": "click", + "target": "id=property-selector-item-2", + "targets": [ + ["id=property-selector-item-2", "id"], + ["linkText=- idp.resolvertest.accessPolicy", "linkText"], + ["css=#property-selector-item-2", "css:finder"], + ["xpath=//a[contains(text(),'- idp.resolvertest.accessPolicy')]", "xpath:link"], + ["xpath=//a[@id='property-selector-item-2']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[2]", "xpath:href"], + ["xpath=//div[2]/div/div/div/div/div[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'- idp.resolvertest.accessPolicy')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "e9a4a85f-b6bb-4d3a-9042-4d873c3b6cc6", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[8]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "e4bc2487-9f04-45ee-b6ac-dd2b0de2b54e", + "comment": "", + "command": "click", + "target": "id=property-selector-item-10", + "targets": [ + ["id=property-selector-item-10", "id"], + ["linkText=- idp.lockout.defaultAuthenticationMethods", "linkText"], + ["css=#property-selector-item-10", "css:finder"], + ["xpath=//a[contains(text(),'- idp.lockout.defaultAuthenticationMethods')]", "xpath:link"], + ["xpath=//a[@id='property-selector-item-10']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/a[8]", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[10]", "xpath:href"], + ["xpath=//a[8]", "xpath:position"], + ["xpath=//a[contains(.,'- idp.lockout.defaultAuthenticationMethods')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "1384295d-fed8-42f4-9651-27a900fbb2ac", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[10]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "e90d0c3a-ef37-4c83-a7d1-1fc053e6404c", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.resolvertest.accessPolicy", + "targets": [ + ["id=valueInput-idp.resolvertest.accessPolicy", "id"], + ["name=properties.0.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.accessPolicy", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.accessPolicy']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr/td[4]/div/input", "xpath:idRelative"], + ["xpath=//td[4]/div/input", "xpath:position"] + ], + "value": "test1" + }, { + "id": "fa61e81b-309a-4e32-b5ce-61f7dcd06eb3", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.lockout.defaultAuthenticationMethods", + "targets": [ + ["id=valueInput-idp.lockout.defaultAuthenticationMethods", "id"], + ["name=properties.1.propertyValue", "name"], + ["css=#valueInput-idp\\.lockout\\.defaultAuthenticationMethods", "css:finder"], + ["xpath=//input[@id='valueInput-idp.lockout.defaultAuthenticationMethods']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[2]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[2]/td[4]/div/input", "xpath:position"] + ], + "value": "test2" + }, { + "id": "18d127f8-a5b9-4634-bf44-d4432fe4122d", + "comment": "", + "command": "click", + "target": "css=tr:nth-child(2) .svg-inline--fa", + "targets": [ + ["css=tr:nth-child(2) .svg-inline--fa", "css:finder"] + ], + "value": "" + }, { + "id": "63f4e5a3-8846-4d80-8c42-3d1f5d8ec5c9", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "420da5f7-5e5d-46c9-b58c-ff33e51bcd04", + "comment": "", + "command": "click", + "target": "id=property-selector-item-10", + "targets": [ + ["id=property-selector-item-10", "id"], + ["linkText=- idp.lockout.defaultAuthenticationMethods", "linkText"], + ["css=#property-selector-item-10", "css:finder"], + ["xpath=//a[contains(text(),'- idp.lockout.defaultAuthenticationMethods')]", "xpath:link"], + ["xpath=//a[@id='property-selector-item-10']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/a[8]", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[10]", "xpath:href"], + ["xpath=//a[8]", "xpath:position"], + ["xpath=//a[contains(.,'- idp.lockout.defaultAuthenticationMethods')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f54f3946-a1f5-4392-99c0-0e1ce5958993", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "7206299c-901e-4273-86f2-7f14002ff78b", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.lockout.defaultAuthenticationMethods", + "targets": [ + ["id=valueInput-idp.lockout.defaultAuthenticationMethods", "id"], + ["name=properties.1.propertyValue", "name"], + ["css=#valueInput-idp\\.lockout\\.defaultAuthenticationMethods", "css:finder"], + ["xpath=//input[@id='valueInput-idp.lockout.defaultAuthenticationMethods']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[2]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[2]/td[4]/div/input", "xpath:position"] + ], + "value": "test3" + }, { + "id": "23de6d39-9745-47a5-a3e1-84c0fb35d1e1", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "dfaa87c9-7a0b-445d-aa7a-942bc73d2f02", + "comment": "", + "command": "click", + "target": "linkText=Edit", + "targets": [ + ["linkText=Edit", "linkText"], + ["css=.btn-primary", "css:finder"], + ["xpath=//a[contains(text(),'Edit')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '/configurations/28/edit')])[2]", "xpath:href"], + ["xpath=//td[3]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Edit')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ed029697-17af-4ca6-9299-862ba5c43864", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "9b66c662-75a5-4ad8-9e19-ebe65905a108", + "comment": "", + "command": "click", + "target": "id=property-selector-item-58", + "targets": [ + ["id=property-selector-item-58", "id"], + ["linkText=- idp.csrf.token.parameter", "linkText"], + ["css=#property-selector-item-58", "css:finder"], + ["xpath=//a[contains(text(),'- idp.csrf.token.parameter')]", "xpath:link"], + ["xpath=//a[@id='property-selector-item-58']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/a[51]", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[58]", "xpath:href"], + ["xpath=//a[51]", "xpath:position"], + ["xpath=//a[contains(.,'- idp.csrf.token.parameter')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "2c2ccf47-4386-4e3d-8a2b-0b3e183462a7", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "e5a94855-f4c7-404c-8fa6-06c19f0f16f6", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.csrf.token.parameter", + "targets": [ + ["id=valueInput-idp.csrf.token.parameter", "id"], + ["name=properties.2.propertyValue", "name"], + ["css=#valueInput-idp\\.csrf\\.token\\.parameter", "css:finder"], + ["xpath=//input[@id='valueInput-idp.csrf.token.parameter']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[3]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[3]/td[4]/div/input", "xpath:position"] + ], + "value": "test4" + }, { + "id": "4e763745-940a-410b-9e49-89483a0927fd", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "137da111-edeb-4e27-a9f0-8b00d8f44e9f", + "comment": "", + "command": "click", + "target": "linkText=Create Shibboleth configuration set", + "targets": [ + ["linkText=Create Shibboleth configuration set", "linkText"], + ["css=.btn-success", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Create Shibboleth configuration set')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3348ed8d-812e-46cc-bfb4-bc751893291a", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a74652db-1910-473f-8f3a-7c955182895d", + "comment": "", + "command": "click", + "target": "id=property-selector-item-17", + "targets": [ + ["id=property-selector-item-17", "id"], + ["linkText=AttendedRestartConfiguration - Add all", "linkText"], + ["css=#property-selector-item-17", "css:finder"], + ["xpath=//a[@id='property-selector-item-17']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[6]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[17]", "xpath:href"], + ["xpath=//div[6]/a", "xpath:position"], + ["xpath=//a[contains(.,'AttendedRestartConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a7279237-b6c7-47ca-a16b-145405569c44", + "comment": "", + "command": "type", + "target": "id=formName", + "targets": [ + ["id=formName", "id"], + ["name=name", "name"], + ["css=#formName", "css:finder"], + ["xpath=//input[@id='formName']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "Test Configuration 2" + }, { + "id": "eadfb399-b11f-46d1-a665-a526a53f90b0", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "309348c8-22c7-4ff6-90c2-43a0aa2c68cc", + "comment": "", + "command": "assertText", + "target": "css=tr:nth-child(7) > td:nth-child(1)", + "targets": [ + ["css=tr:nth-child(7) > td:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[7]/td", "xpath:idRelative"], + ["xpath=//tr[7]/td", "xpath:position"], + ["xpath=//td[contains(.,'idp.unlock-keys.authenticated')]", "xpath:innerText"] + ], + "value": "idp.unlock-keys.authenticated" + }, { + "id": "2be9a988-be21-4258-9c8f-21928e860a24", + "comment": "", + "command": "click", + "target": "css=.fa-floppy-disk > path", + "targets": [ + ["css=.fa-floppy-disk > path", "css:finder"] + ], + "value": "" + }, { + "id": "728c88fd-020a-49dc-a979-ba123f7ed53a", + "comment": "", + "command": "click", + "target": "css=tr:nth-child(1) .btn-danger", + "targets": [ + ["css=tr:nth-child(1) .btn-danger", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/button", "xpath:idRelative"], + ["xpath=//td[3]/div/button", "xpath:position"], + ["xpath=//button[contains(.,'  Delete')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9c03d978-0d3b-4590-af7e-3b024c699e15", + "comment": "", + "command": "click", + "target": "css=.btn-danger:nth-child(1)", + "targets": [ + ["css=.btn-danger:nth-child(1)", "css:finder"], + ["xpath=(//button[@type='button'])[11]", "xpath:attributes"], + ["xpath=//div[4]/div/div/div[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "a8a0060c-a5d9-4597-ba57-f390073fc98b", + "comment": "", + "command": "click", + "target": "css=.btn-danger", + "targets": [ + ["css=.btn-danger", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/button", "xpath:idRelative"], + ["xpath=//td[3]/div/button", "xpath:position"], + ["xpath=//button[contains(.,'  Delete')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "7dc604df-8358-43bb-9401-49717be23ac6", + "comment": "", + "command": "click", + "target": "css=.btn-danger:nth-child(1)", + "targets": [ + ["css=.btn-danger:nth-child(1)", "css:finder"], + ["xpath=(//button[@type='button'])[8]", "xpath:attributes"], + ["xpath=//div[4]/div/div/div[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "e339a2e6-6e87-4a37-899c-8f7e9e309866", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "7e35b427-036a-49f6-a9f2-b31bc916490c", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] + }], + "suites": [{ + "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", + "name": "Default Suite", + "persistSession": false, + "parallel": false, + "timeout": 300, + "tests": ["841ade0e-83bd-4a4b-94f2-de6bd5c536b2"] + }], + "urls": ["http://localhost:10101/"], + "plugins": [] +} \ No newline at end of file diff --git a/backend/src/integration/resources/SHIBUI-2270-2.side b/backend/src/integration/resources/SHIBUI-2270-2.side new file mode 100644 index 000000000..2872ad331 --- /dev/null +++ b/backend/src/integration/resources/SHIBUI-2270-2.side @@ -0,0 +1,2143 @@ +{ + "id": "1b31a551-eb09-4bd4-8db9-694bf1539a46", + "version": "2.0", + "name": "SHIBUI-2270-2", + "url": "http://localhost:10101", + "tests": [{ + "id": "841ade0e-83bd-4a4b-94f2-de6bd5c536b2", + "name": "SHIBUI-2270-2", + "commands": [{ + "id": "d6b23986-6d14-4b10-be7b-a7e6f576e3b2", + "comment": "", + "command": "open", + "target": "/login", + "targets": [], + "value": "" + }, { + "id": "f77ecd77-01c2-4463-944e-1a69600f5297", + "comment": "", + "command": "type", + "target": "name=username", + "targets": [ + ["name=username", "name"], + ["css=tr:nth-child(1) input", "css:finder"], + ["xpath=//input[@name='username']", "xpath:attributes"], + ["xpath=//input", "xpath:position"] + ], + "value": "admin" + }, { + "id": "c9bf0a22-faa9-494c-b2ed-6c9653248551", + "comment": "", + "command": "type", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "adminpass" + }, { + "id": "7ab1d854-3582-4101-bd19-f94b8f438090", + "comment": "", + "command": "sendKeys", + "target": "name=password", + "targets": [ + ["name=password", "name"], + ["css=tr:nth-child(2) input", "css:finder"], + ["xpath=//input[@name='password']", "xpath:attributes"], + ["xpath=//tr[2]/td[2]/input", "xpath:position"] + ], + "value": "${KEY_ENTER}" + }, { + "id": "4059cae7-b9f9-49d0-a213-343bcaba66d1", + "comment": "", + "command": "waitForElementVisible", + "target": "id=metadata-nav-dropdown-toggle", + "targets": [], + "value": "30000" + }, { + "id": "f03af8d5-5875-4a2c-b93a-c3ddcbd4b16a", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "081f495b-4d84-4758-824c-1e85b6311e7f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }, { + "id": "9e912dd5-6ace-45be-bafd-2d1655906575", + "comment": "", + "command": "open", + "target": "/", + "targets": [], + "value": "" + }, { + "id": "d388e4d3-79b7-4948-a6f6-907d0a46f35c", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-toggle", + "targets": [ + ["id=advanced-nav-dropdown-toggle", "id"], + ["css=#advanced-nav-dropdown-toggle", "css:finder"], + ["xpath=//button[@id='advanced-nav-dropdown-toggle']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/button", "xpath:idRelative"], + ["xpath=//div[3]/button", "xpath:position"], + ["xpath=//button[contains(.,'Advanced')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "14841cc4-c8f1-48c2-9f85-a7aaf9f0a91d", + "comment": "", + "command": "click", + "target": "id=advanced-nav-dropdown-properties", + "targets": [ + ["id=advanced-nav-dropdown-properties", "id"], + ["linkText=Shibboleth configurations", "linkText"], + ["css=#advanced-nav-dropdown-properties", "css:finder"], + ["xpath=//a[contains(text(),'Shibboleth configurations')]", "xpath:link"], + ["xpath=//a[@id='advanced-nav-dropdown-properties']", "xpath:attributes"], + ["xpath=//div[@id='advanced-nav-dropdown']/div/a[5]", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations')]", "xpath:href"], + ["xpath=//a[5]", "xpath:position"], + ["xpath=//a[contains(.,'Shibboleth configurations')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "8a824b21-89be-4531-baa3-db217375dfb1", + "comment": "", + "command": "click", + "target": "linkText=Create Shibboleth configuration set", + "targets": [ + ["linkText=Create Shibboleth configuration set", "linkText"], + ["css=.btn-success", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '/configurations/new')]", "xpath:href"], + ["xpath=//div[2]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Create Shibboleth configuration set')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "da25d3be-ebb4-4ad7-8264-dfb688ef157d", + "comment": "", + "command": "type", + "target": "id=formName", + "targets": [ + ["id=formName", "id"], + ["name=name", "name"], + ["css=#formName", "css:finder"], + ["xpath=//input[@id='formName']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div/div/div/input", "xpath:idRelative"], + ["xpath=//input", "xpath:position"] + ], + "value": "Test Configuration" + }, { + "id": "3fae037d-0e59-4b9d-adf2-dbd624b72613", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div/input", "xpath:idRelative"], + ["xpath=//div/div/div/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "2fe0a124-dfe0-4c40-a3b3-b1d8861505a8", + "comment": "", + "command": "click", + "target": "id=property-selector-item-1", + "targets": [ + ["id=property-selector-item-1", "id"], + ["linkText=AACLI - Add all", "linkText"], + ["css=#property-selector-item-1", "css:finder"], + ["xpath=//a[@id='property-selector-item-1']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[2]/a", "xpath:idRelative"], + ["xpath=//a[contains(@href, '#')]", "xpath:href"], + ["xpath=//div[2]/a", "xpath:position"], + ["xpath=//a[contains(.,'AACLI - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "be761931-fb77-4030-bc2c-2577d3a99580", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div[2]/input", "xpath:idRelative"], + ["xpath=//div[2]/input", "xpath:position"] + ], + "value": "" + }, { + "id": "eb50041f-bf6e-4ef4-92ee-9319f79b8336", + "comment": "", + "command": "click", + "target": "id=property-selector-item-9", + "targets": [ + ["id=property-selector-item-9", "id"], + ["linkText=AccountLockoutManagement - Add all", "linkText"], + ["css=#property-selector-item-9", "css:finder"], + ["xpath=//a[@id='property-selector-item-9']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[4]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[9]", "xpath:href"], + ["xpath=//div[4]/a", "xpath:position"], + ["xpath=//a[contains(.,'AccountLockoutManagement - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "de63d0c0-9504-4339-b76f-ce21b7c9f5f8", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[9]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9f0ee002-e494-4409-9461-35d70ec30bf3", + "comment": "", + "command": "click", + "target": "id=property-selector-item-17", + "targets": [ + ["id=property-selector-item-17", "id"], + ["linkText=AttendedRestartConfiguration - Add all", "linkText"], + ["css=#property-selector-item-17", "css:finder"], + ["xpath=//a[@id='property-selector-item-17']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[6]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[17]", "xpath:href"], + ["xpath=//div[6]/a", "xpath:position"], + ["xpath=//a[contains(.,'AttendedRestartConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b1cb5ac9-027c-45f2-b7c2-d1a661378928", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div[4]/input", "xpath:idRelative"], + ["xpath=//div[4]/input", "xpath:position"] + ], + "value": "" + }, { + "id": "53354967-a636-428a-8dea-c771e2ee3add", + "comment": "", + "command": "click", + "target": "id=property-selector-item-25", + "targets": [ + ["id=property-selector-item-25", "id"], + ["linkText=AttributePostLoginC14NConfiguration - Add all", "linkText"], + ["css=#property-selector-item-25", "css:finder"], + ["xpath=//a[@id='property-selector-item-25']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[8]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[25]", "xpath:href"], + ["xpath=//div[8]/a", "xpath:position"], + ["xpath=//a[contains(.,'AttributePostLoginC14NConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ff91bfaf-f6ce-42c2-9dd4-1c52268d140d", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "825680dd-0180-4b92-a2df-40d041c24831", + "comment": "", + "command": "click", + "target": "id=property-selector-item-33", + "targets": [ + ["id=property-selector-item-33", "id"], + ["linkText=AuditLoggingConfiguration - Add all", "linkText"], + ["css=#property-selector-item-33", "css:finder"], + ["xpath=//a[@id='property-selector-item-33']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[10]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[33]", "xpath:href"], + ["xpath=//div[10]/a", "xpath:position"], + ["xpath=//a[contains(.,'AuditLoggingConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "1c671949-1992-4cbd-930c-0153e1fea983", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[12]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "7e6f1147-95fa-4f2e-b71c-bdc2265c8537", + "comment": "", + "command": "click", + "target": "id=property-selector-item-49", + "targets": [ + ["id=property-selector-item-49", "id"], + ["linkText=AuthenticationConfiguration - Add all", "linkText"], + ["css=#property-selector-item-49", "css:finder"], + ["xpath=//a[@id='property-selector-item-49']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[12]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[49]", "xpath:href"], + ["xpath=//div[12]/a", "xpath:position"], + ["xpath=//a[contains(.,'AuthenticationConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "384ea0fc-0bc1-4f63-b736-7e1d67277662", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div[7]/input", "xpath:idRelative"], + ["xpath=//div[7]/input", "xpath:position"] + ], + "value": "" + }, { + "id": "2158cbdc-85be-4082-938c-00a14e0d6d63", + "comment": "", + "command": "click", + "target": "id=property-selector-item-59", + "targets": [ + ["id=property-selector-item-59", "id"], + ["linkText=CSRF - Add all", "linkText"], + ["css=#property-selector-item-59", "css:finder"], + ["xpath=//a[@id='property-selector-item-59']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[14]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[59]", "xpath:href"], + ["xpath=//div[14]/a", "xpath:position"], + ["xpath=//a[contains(.,'CSRF - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a861c6d1-277e-438f-a49c-d47521f67dcc", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[14]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f71b15c0-ff1b-4f26-8630-b755e1af00aa", + "comment": "", + "command": "click", + "target": "id=property-selector-item-62", + "targets": [ + ["id=property-selector-item-62", "id"], + ["linkText=CasProtocolConfiguration - Add all", "linkText"], + ["css=#property-selector-item-62", "css:finder"], + ["xpath=//a[@id='property-selector-item-62']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[16]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[62]", "xpath:href"], + ["xpath=//div[16]/a", "xpath:position"], + ["xpath=//a[contains(.,'CasProtocolConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "50f0c334-c0ca-43dc-8464-6d5d5b64de3e", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[15]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ab25fbad-3959-4b65-ae5b-cd8cf81679d3", + "comment": "", + "command": "click", + "target": "id=property-selector-item-66", + "targets": [ + ["id=property-selector-item-66", "id"], + ["linkText=ConsentConfiguration - Add all", "linkText"], + ["css=#property-selector-item-66", "css:finder"], + ["xpath=//a[@id='property-selector-item-66']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[18]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[66]", "xpath:href"], + ["xpath=//div[18]/a", "xpath:position"], + ["xpath=//a[contains(.,'ConsentConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5b5e0325-1735-4b9a-9920-5dac993cbb13", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[16]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d06957b0-f5fa-4960-ac87-750566eb8484", + "comment": "", + "command": "click", + "target": "id=property-selector-item-84", + "targets": [ + ["id=property-selector-item-84", "id"], + ["linkText=Core - Add all", "linkText"], + ["css=#property-selector-item-84", "css:finder"], + ["xpath=//a[@id='property-selector-item-84']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[20]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[84]", "xpath:href"], + ["xpath=//div[20]/a", "xpath:position"], + ["xpath=//a[contains(.,'Core - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cf7d85ba-7edc-4bf1-938a-a88fd04c7252", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[17]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "630e9dc2-89d6-435e-bd3d-040814109f16", + "comment": "", + "command": "click", + "target": "id=property-selector-item-100", + "targets": [ + ["id=property-selector-item-100", "id"], + ["linkText=DuoAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-100", "css:finder"], + ["xpath=//a[@id='property-selector-item-100']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[22]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[100]", "xpath:href"], + ["xpath=//div[22]/a", "xpath:position"], + ["xpath=//a[contains(.,'DuoAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9f2f0c50-7465-4879-bb68-822bca1f0fa3", + "comment": "", + "command": "click", + "target": "css=.rbt-input-main", + "targets": [ + ["css=.rbt-input-main", "css:finder"], + ["xpath=//input[@value='']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/div/div/div[12]/input", "xpath:idRelative"], + ["xpath=//div[12]/input", "xpath:position"] + ], + "value": "" + }, { + "id": "6f28c9cc-1006-456b-ae72-b70006636829", + "comment": "", + "command": "click", + "target": "id=property-selector-item-127", + "targets": [ + ["id=property-selector-item-127", "id"], + ["linkText=DuoOIDCAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-127", "css:finder"], + ["xpath=//a[@id='property-selector-item-127']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[24]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[127]", "xpath:href"], + ["xpath=//div[24]/a", "xpath:position"], + ["xpath=//a[contains(.,'DuoOIDCAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3b326c6f-96d3-4f6c-ba82-e9ffd95517f1", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "ec3ac03f-c46b-4e1c-a89d-e2dc9826ca98", + "comment": "", + "command": "click", + "target": "id=property-selector-item-169", + "targets": [ + ["id=property-selector-item-169", "id"], + ["linkText=ErrorHandlingConfiguration - Add all", "linkText"], + ["css=#property-selector-item-169", "css:finder"], + ["xpath=//a[@id='property-selector-item-169']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[26]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[169]", "xpath:href"], + ["xpath=//div[26]/a", "xpath:position"], + ["xpath=//a[contains(.,'ErrorHandlingConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ce43ffb1-3979-4381-a155-9a2a59d1ac95", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[20]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "62d42fb7-00e2-400d-a1be-adcbf826ce3a", + "comment": "", + "command": "click", + "target": "id=property-selector-item-175", + "targets": [ + ["id=property-selector-item-175", "id"], + ["linkText=ExternalAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-175", "css:finder"], + ["xpath=//a[@id='property-selector-item-175']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[28]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[175]", "xpath:href"], + ["xpath=//div[28]/a", "xpath:position"], + ["xpath=//a[contains(.,'ExternalAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b1c01f80-778c-4ea3-b952-dd84c18e5904", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[21]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "8a3757ee-2564-436e-abc5-e0584a59a82e", + "comment": "", + "command": "click", + "target": "id=property-selector-item-192", + "targets": [ + ["id=property-selector-item-192", "id"], + ["linkText=FTICKSLoggingConfiguration - Add all", "linkText"], + ["css=#property-selector-item-192", "css:finder"], + ["xpath=//a[@id='property-selector-item-192']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[30]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[192]", "xpath:href"], + ["xpath=//div[30]/a", "xpath:position"], + ["xpath=//a[contains(.,'FTICKSLoggingConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "c6bfe838-9027-4c25-990e-e451e9d04a4d", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "0c462504-cb92-421d-aeb0-8afecac90aec", + "comment": "", + "command": "click", + "target": "id=property-selector-item-199", + "targets": [ + ["id=property-selector-item-199", "id"], + ["linkText=FunctionAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-199", "css:finder"], + ["xpath=//a[@id='property-selector-item-199']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[32]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[199]", "xpath:href"], + ["xpath=//div[32]/a", "xpath:position"], + ["xpath=//a[contains(.,'FunctionAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "892d14a0-9ab0-4c05-945b-bd96d461eba8", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[23]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9a809145-1f01-4a6b-8eaf-836f91a9bd5a", + "comment": "", + "command": "click", + "target": "id=property-selector-item-214", + "targets": [ + ["id=property-selector-item-214", "id"], + ["linkText=HelloWorldConfiguration - Add all", "linkText"], + ["css=#property-selector-item-214", "css:finder"], + ["xpath=//a[@id='property-selector-item-214']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[34]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[214]", "xpath:href"], + ["xpath=//div[34]/a", "xpath:position"], + ["xpath=//a[contains(.,'HelloWorldConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "8e3dc610-99f9-4a85-a0c0-cd572ccf0a84", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[24]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "fa182a6d-bba7-4f50-a6d8-a5391b592004", + "comment": "", + "command": "click", + "target": "id=property-selector-item-222", + "targets": [ + ["id=property-selector-item-222", "id"], + ["linkText=IPAddressAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-222", "css:finder"], + ["xpath=//a[@id='property-selector-item-222']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[36]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[222]", "xpath:href"], + ["xpath=//div[36]/a", "xpath:position"], + ["xpath=//a[contains(.,'IPAddressAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "17e45a4b-9d00-478f-9add-c1a7138a7959", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[25]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "2a3578cb-56d5-4805-8e82-2058e17c3ad5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-237", + "targets": [ + ["id=property-selector-item-237", "id"], + ["linkText=JAASAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-237", "css:finder"], + ["xpath=//a[@id='property-selector-item-237']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[38]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[237]", "xpath:href"], + ["xpath=//div[38]/a", "xpath:position"], + ["xpath=//a[contains(.,'JAASAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3aedee37-3445-4679-afe8-62e53b348e52", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down > path", + "targets": [ + ["css=.fa-caret-down > path", "css:finder"] + ], + "value": "" + }, { + "id": "fce00a94-ffe3-4771-b33d-e6c8cde6c690", + "comment": "", + "command": "click", + "target": "id=property-selector-item-240", + "targets": [ + ["id=property-selector-item-240", "id"], + ["linkText=KerberosAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-240", "css:finder"], + ["xpath=//a[@id='property-selector-item-240']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[40]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[240]", "xpath:href"], + ["xpath=//div[40]/a", "xpath:position"], + ["xpath=//a[contains(.,'KerberosAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "37642e97-2b2a-4cfd-9b71-d150c13b1b2d", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[27]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "fdae4c41-909b-44b1-b245-469c430a09a0", + "comment": "", + "command": "click", + "target": "id=property-selector-item-245", + "targets": [ + ["id=property-selector-item-245", "id"], + ["linkText=LDAPAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-245", "css:finder"], + ["xpath=//a[@id='property-selector-item-245']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[42]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[245]", "xpath:href"], + ["xpath=//div[42]/a", "xpath:position"], + ["xpath=//a[contains(.,'LDAPAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f34f0217-ff82-441b-a73b-b25f791bc546", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[28]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d30d9da8-65e0-41a1-b27f-c4cc998c97fd", + "comment": "", + "command": "click", + "target": "id=property-selector-item-281", + "targets": [ + ["id=property-selector-item-281", "id"], + ["linkText=LogoutConfiguration - Add all", "linkText"], + ["css=#property-selector-item-281", "css:finder"], + ["xpath=//a[@id='property-selector-item-281']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[44]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[281]", "xpath:href"], + ["xpath=//div[44]/a", "xpath:position"], + ["xpath=//a[contains(.,'LogoutConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cb442dbe-c609-4b8b-ac55-2d32362be80b", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[29]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "19b1de66-7601-4e41-a345-657c5417f23f", + "comment": "", + "command": "click", + "target": "id=property-selector-item-288", + "targets": [ + ["id=property-selector-item-288", "id"], + ["linkText=MetadataQuery - Add all", "linkText"], + ["css=#property-selector-item-288", "css:finder"], + ["xpath=//a[@id='property-selector-item-288']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[46]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[288]", "xpath:href"], + ["xpath=//div[46]/a", "xpath:position"], + ["xpath=//a[contains(.,'MetadataQuery - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "513c8bd3-cbb4-443f-9a90-8a2ae9d5c0ce", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[30]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "515cc435-61ee-430a-8cdc-ac41e3926fbc", + "comment": "", + "command": "click", + "target": "id=property-selector-item-296", + "targets": [ + ["id=property-selector-item-296", "id"], + ["linkText=MetadataReload - Add all", "linkText"], + ["css=#property-selector-item-296", "css:finder"], + ["xpath=//a[@id='property-selector-item-296']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[48]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[296]", "xpath:href"], + ["xpath=//div[48]/a", "xpath:position"], + ["xpath=//a[contains(.,'MetadataReload - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "6d5dcd3a-0d08-4140-9634-196e2e2fdb90", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "2b2a05d9-4e8b-45cf-882f-08328cb0b6e5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-304", + "targets": [ + ["id=property-selector-item-304", "id"], + ["linkText=Metadatagen - Add all", "linkText"], + ["css=#property-selector-item-304", "css:finder"], + ["xpath=//a[@id='property-selector-item-304']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[50]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[304]", "xpath:href"], + ["xpath=//div[50]/a", "xpath:position"], + ["xpath=//a[contains(.,'Metadatagen - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f1709162-b102-48da-81b0-5862158fd74d", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[32]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "643c1db8-10f8-4146-94fb-bf920b007c00", + "comment": "", + "command": "click", + "target": "id=property-selector-item-313", + "targets": [ + ["id=property-selector-item-313", "id"], + ["linkText=MetricsConfiguration - Add all", "linkText"], + ["css=#property-selector-item-313", "css:finder"], + ["xpath=//a[@id='property-selector-item-313']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[52]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[313]", "xpath:href"], + ["xpath=//div[52]/a", "xpath:position"], + ["xpath=//a[contains(.,'MetricsConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "206468ff-7786-4e32-96dd-4c0e9a2194b7", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[33]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "00f2e151-13aa-4ac0-bb0c-d7e531f422a5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-320", + "targets": [ + ["id=property-selector-item-320", "id"], + ["linkText=Misc - Add all", "linkText"], + ["css=#property-selector-item-320", "css:finder"], + ["xpath=//a[@id='property-selector-item-320']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[54]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[320]", "xpath:href"], + ["xpath=//div[54]/a", "xpath:position"], + ["xpath=//a[contains(.,'Misc - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "c06b4caf-e093-49b4-8cac-f71bda476995", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "031e88e8-bde7-4d25-8aab-919bc8882901", + "comment": "", + "command": "click", + "target": "id=property-selector-item-326", + "targets": [ + ["id=property-selector-item-326", "id"], + ["linkText=MultiFactorAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-326", "css:finder"], + ["xpath=//a[@id='property-selector-item-326']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[56]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[326]", "xpath:href"], + ["xpath=//div[56]/a", "xpath:position"], + ["xpath=//a[contains(.,'MultiFactorAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "7ab63a23-e0ab-4a07-8ef8-9fdb6af9f59b", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[35]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "34cbdae8-4b4c-4faa-a38c-f3a9c5475e45", + "comment": "", + "command": "click", + "target": "id=property-selector-item-342", + "targets": [ + ["id=property-selector-item-342", "id"], + ["linkText=NameIDConsumptionConfiguration - Add all", "linkText"], + ["css=#property-selector-item-342", "css:finder"], + ["xpath=//a[@id='property-selector-item-342']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[58]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[342]", "xpath:href"], + ["xpath=//div[58]/a", "xpath:position"], + ["xpath=//a[contains(.,'NameIDConsumptionConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "15c61405-c967-475f-b494-6bdb461b5283", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[36]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "6e13ab35-510b-4e7b-976c-457d59f65606", + "comment": "", + "command": "click", + "target": "id=property-selector-item-345", + "targets": [ + ["id=property-selector-item-345", "id"], + ["linkText=NameIDGenerationConfiguration - Add all", "linkText"], + ["css=#property-selector-item-345", "css:finder"], + ["xpath=//a[@id='property-selector-item-345']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[60]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[345]", "xpath:href"], + ["xpath=//div[60]/a", "xpath:position"], + ["xpath=//a[contains(.,'NameIDGenerationConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "74505e9c-1a4b-441d-9e21-fce8077576b4", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[37]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ec03564e-9ff9-4c53-914e-e33e8efec3b8", + "comment": "", + "command": "click", + "target": "id=property-selector-item-349", + "targets": [ + ["id=property-selector-item-349", "id"], + ["linkText=OAuth2ClientAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-349", "css:finder"], + ["xpath=//a[@id='property-selector-item-349']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[62]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[349]", "xpath:href"], + ["xpath=//div[62]/a", "xpath:position"], + ["xpath=//a[contains(.,'OAuth2ClientAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "9bc758f1-8c06-429e-abf4-78fadd181d56", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[38]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a81e8d28-41b8-47d1-901b-6d36fb90398d", + "comment": "", + "command": "click", + "target": "id=property-selector-item-358", + "targets": [ + ["id=property-selector-item-358", "id"], + ["linkText=OIDC OP - Add all", "linkText"], + ["css=#property-selector-item-358", "css:finder"], + ["xpath=//a[@id='property-selector-item-358']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[64]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[358]", "xpath:href"], + ["xpath=//div[64]/a", "xpath:position"], + ["xpath=//a[contains(.,'OIDC OP - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5e1646f3-7841-4b97-96c9-639c6f7ef3ca", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[39]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f3865e29-6b36-49ab-99a4-44370b5ed974", + "comment": "", + "command": "click", + "target": "id=property-selector-item-371", + "targets": [ + ["id=property-selector-item-371", "id"], + ["linkText=OPAuthorization - Add all", "linkText"], + ["css=#property-selector-item-371", "css:finder"], + ["xpath=//a[@id='property-selector-item-371']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[66]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[371]", "xpath:href"], + ["xpath=//div[66]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPAuthorization - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "821c3a6d-b9a6-45bf-bda3-46c2f1e87303", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[40]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "72620249-22a8-436b-b506-670fad77fefa", + "comment": "", + "command": "click", + "target": "id=property-selector-item-378", + "targets": [ + ["id=property-selector-item-378", "id"], + ["linkText=OPClientAuthentication - Add all", "linkText"], + ["css=#property-selector-item-378", "css:finder"], + ["xpath=//a[@id='property-selector-item-378']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[68]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[378]", "xpath:href"], + ["xpath=//div[68]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPClientAuthentication - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "e8d736c8-be22-4411-87d4-0a1eefcc821e", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "d8ef3cf9-1398-4bcd-b976-92a2a471ce1c", + "comment": "", + "command": "click", + "target": "id=property-selector-item-380", + "targets": [ + ["id=property-selector-item-380", "id"], + ["linkText=OPClientCredentialsGrant - Add all", "linkText"], + ["css=#property-selector-item-380", "css:finder"], + ["xpath=//a[@id='property-selector-item-380']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[70]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[380]", "xpath:href"], + ["xpath=//div[70]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPClientCredentialsGrant - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ed236cf8-e185-4b41-a47f-2a9219eab773", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "d4965727-9cc9-465a-9d4d-9e3a16c9507a", + "comment": "", + "command": "click", + "target": "id=property-selector-item-383", + "targets": [ + ["id=property-selector-item-383", "id"], + ["linkText=OPClientResolution - Add all", "linkText"], + ["css=#property-selector-item-383", "css:finder"], + ["xpath=//a[@id='property-selector-item-383']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[72]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[383]", "xpath:href"], + ["xpath=//div[72]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPClientResolution - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "899a5897-0786-4f40-8d1f-2c3cc64f4666", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[43]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a08f536a-166d-45e0-a477-b7aece98a6bc", + "comment": "", + "command": "click", + "target": "id=property-selector-item-387", + "targets": [ + ["id=property-selector-item-387", "id"], + ["linkText=OPCustomFilterRegistration - Add all", "linkText"], + ["css=#property-selector-item-387", "css:finder"], + ["xpath=//a[@id='property-selector-item-387']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[74]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[387]", "xpath:href"], + ["xpath=//div[74]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPCustomFilterRegistration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "90ec186d-d13c-49a1-9912-744f62873feb", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[44]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "185cd9b2-0f1b-4f64-a4a5-b62f5a881d45", + "comment": "", + "command": "click", + "target": "css=.p-3", + "targets": [ + ["css=.p-3", "css:finder"], + ["xpath=//div[@id='root']/div/main/div", "xpath:idRelative"], + ["xpath=//main/div", "xpath:position"] + ], + "value": "" + }, { + "id": "2a295dc3-422a-436e-8450-03dbcc88a1b0", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[44]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "6fdf6ef4-52e8-44a9-8dc5-8126e2ba11b0", + "comment": "", + "command": "click", + "target": "id=property-selector-item-389", + "targets": [ + ["id=property-selector-item-389", "id"], + ["linkText=OPDiscovery - Add all", "linkText"], + ["css=#property-selector-item-389", "css:finder"], + ["xpath=//a[@id='property-selector-item-389']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[76]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[389]", "xpath:href"], + ["xpath=//div[76]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPDiscovery - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "614f715d-8fcc-4e84-8d0d-dd947fc7c99f", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "a3bbcc78-ce50-4b17-9419-f228664dc9fc", + "comment": "", + "command": "click", + "target": "id=property-selector-item-392", + "targets": [ + ["id=property-selector-item-392", "id"], + ["linkText=OPDynamicClientRegistration - Add all", "linkText"], + ["css=#property-selector-item-392", "css:finder"], + ["xpath=//a[@id='property-selector-item-392']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[78]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[392]", "xpath:href"], + ["xpath=//div[78]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPDynamicClientRegistration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ec8f2a2b-b45d-4345-af4b-dd5965f9dc54", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[46]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "ba6779d8-9a40-4981-a41f-c8c22df7027a", + "comment": "", + "command": "click", + "target": "id=property-selector-item-407", + "targets": [ + ["id=property-selector-item-407", "id"], + ["linkText=OPMetadataPolicies - Add all", "linkText"], + ["css=#property-selector-item-407", "css:finder"], + ["xpath=//a[@id='property-selector-item-407']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[80]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[407]", "xpath:href"], + ["xpath=//div[80]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPMetadataPolicies - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "b93aed8b-bd95-496a-ad07-b9bfe23f8522", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down > path", + "targets": [ + ["css=.fa-caret-down > path", "css:finder"] + ], + "value": "" + }, { + "id": "57fc676c-34fc-4220-915e-be3c30821030", + "comment": "", + "command": "click", + "target": "id=property-selector-item-409", + "targets": [ + ["id=property-selector-item-409", "id"], + ["linkText=OPRevocation - Add all", "linkText"], + ["css=#property-selector-item-409", "css:finder"], + ["xpath=//a[@id='property-selector-item-409']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[82]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[409]", "xpath:href"], + ["xpath=//div[82]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPRevocation - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "85efb0c2-9a2b-4816-b77d-4c84816f3499", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[48]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "0c424441-f80c-4f42-9a4a-2df0be1ad937", + "comment": "", + "command": "click", + "target": "id=property-selector-item-412", + "targets": [ + ["id=property-selector-item-412", "id"], + ["linkText=OPSecurity - Add all", "linkText"], + ["css=#property-selector-item-412", "css:finder"], + ["xpath=//a[@id='property-selector-item-412']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[84]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[412]", "xpath:href"], + ["xpath=//div[84]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPSecurity - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "686dc5ad-4686-4364-865e-e8c95210f7e3", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[49]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "da318a35-6cdf-4346-b357-3aadeaf46640", + "comment": "", + "command": "click", + "target": "id=property-selector-item-420", + "targets": [ + ["id=property-selector-item-420", "id"], + ["linkText=OPSubClaim - Add all", "linkText"], + ["css=#property-selector-item-420", "css:finder"], + ["xpath=//a[@id='property-selector-item-420']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[86]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[420]", "xpath:href"], + ["xpath=//div[86]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPSubClaim - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5f8f249d-2052-4b6f-be83-9cdde0f5a06d", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[50]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f36fb2c2-bf28-4fb0-8a6e-083b8a7d854e", + "comment": "", + "command": "click", + "target": "id=property-selector-item-424", + "targets": [ + ["id=property-selector-item-424", "id"], + ["linkText=OPToken - Add all", "linkText"], + ["css=#property-selector-item-424", "css:finder"], + ["xpath=//a[@id='property-selector-item-424']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[88]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[424]", "xpath:href"], + ["xpath=//div[88]/a", "xpath:position"], + ["xpath=//a[contains(.,'OPToken - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5e7fc6cc-c7e3-4d4b-b682-ec939c8a5db1", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[51]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "24fa8f94-9a62-4e11-9125-a6c576695e77", + "comment": "", + "command": "click", + "target": "id=property-selector-item-436", + "targets": [ + ["id=property-selector-item-436", "id"], + ["linkText=PersistentNameIDGenerationConfiguration - Add all", "linkText"], + ["css=#property-selector-item-436", "css:finder"], + ["xpath=//a[@id='property-selector-item-436']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[90]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[436]", "xpath:href"], + ["xpath=//div[90]/a", "xpath:position"], + ["xpath=//a[contains(.,'PersistentNameIDGenerationConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "f7c7f42d-b4cb-4f92-997f-d9677a00758f", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "7bfdfde0-3399-4161-9cbc-e67f10ae44b5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-460", + "targets": [ + ["id=property-selector-item-460", "id"], + ["linkText=ReloadableServices - Add all", "linkText"], + ["css=#property-selector-item-460", "css:finder"], + ["xpath=//a[@id='property-selector-item-460']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[92]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[460]", "xpath:href"], + ["xpath=//div[92]/a", "xpath:position"], + ["xpath=//a[contains(.,'ReloadableServices - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5a3ad5c4-37e2-4060-88bd-ed96b94d037e", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "db192d5c-0857-4059-869d-d1ff40fd8844", + "comment": "", + "command": "click", + "target": "id=property-selector-item-501", + "targets": [ + ["id=property-selector-item-501", "id"], + ["linkText=RelyingPartyConfiguration - Add all", "linkText"], + ["css=#property-selector-item-501", "css:finder"], + ["xpath=//a[@id='property-selector-item-501']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[94]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[501]", "xpath:href"], + ["xpath=//div[94]/a", "xpath:position"], + ["xpath=//a[contains(.,'RelyingPartyConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "46e1fd14-ca91-4f92-a919-695dcff58622", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[54]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "bf5ba1a6-ba55-4397-91fa-7f1c1cd28e0d", + "comment": "", + "command": "click", + "target": "id=property-selector-item-507", + "targets": [ + ["id=property-selector-item-507", "id"], + ["linkText=RemoteUserAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-507", "css:finder"], + ["xpath=//a[@id='property-selector-item-507']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[96]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[507]", "xpath:href"], + ["xpath=//div[96]/a", "xpath:position"], + ["xpath=//a[contains(.,'RemoteUserAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "fde12162-843c-4425-bc3e-f404f52cd232", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "e1313d05-d1ff-4196-8ae7-eb04c1088afd", + "comment": "", + "command": "click", + "target": "id=property-selector-item-524", + "targets": [ + ["id=property-selector-item-524", "id"], + ["linkText=RemoteUserInternalAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-524", "css:finder"], + ["xpath=//a[@id='property-selector-item-524']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[98]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[524]", "xpath:href"], + ["xpath=//div[98]/a", "xpath:position"], + ["xpath=//a[contains(.,'RemoteUserInternalAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "1b2b7432-6d03-4b84-922c-59b9cee6ccc5", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[56]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "31fff123-cc89-4473-9943-a7b5d1206de7", + "comment": "", + "command": "click", + "target": "id=property-selector-item-549", + "targets": [ + ["id=property-selector-item-549", "id"], + ["linkText=SAML2ProxyTransformPostLoginC14NConfiguration - Add all", "linkText"], + ["css=#property-selector-item-549", "css:finder"], + ["xpath=//a[@id='property-selector-item-549']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[100]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[549]", "xpath:href"], + ["xpath=//div[100]/a", "xpath:position"], + ["xpath=//a[contains(.,'SAML2ProxyTransformPostLoginC14NConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "10926b24-5952-4685-be81-802f5fc7ca4a", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "746398e5-d85c-412c-8a64-45c6d2a669ee", + "comment": "", + "command": "click", + "target": "id=property-selector-item-552", + "targets": [ + ["id=property-selector-item-552", "id"], + ["linkText=SAMLAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-552", "css:finder"], + ["xpath=//a[@id='property-selector-item-552']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[102]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[552]", "xpath:href"], + ["xpath=//div[102]/a", "xpath:position"], + ["xpath=//a[contains(.,'SAMLAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5558c433-213a-49de-b68d-e6d9ac396b86", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "a85d9957-d3f3-4304-bd85-dd25ae70592b", + "comment": "", + "command": "click", + "target": "id=property-selector-item-572", + "targets": [ + ["id=property-selector-item-572", "id"], + ["linkText=SPNEGOAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-572", "css:finder"], + ["xpath=//a[@id='property-selector-item-572']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[104]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[572]", "xpath:href"], + ["xpath=//div[104]/a", "xpath:position"], + ["xpath=//a[contains(.,'SPNEGOAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "62dcb81a-9265-4f8f-ac8e-6ae7027a3601", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[59]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "18da3cfc-943f-43e5-ab16-6a9070336d5c", + "comment": "", + "command": "click", + "target": "id=property-selector-item-592", + "targets": [ + ["id=property-selector-item-592", "id"], + ["linkText=SecurityConfiguration - Add all", "linkText"], + ["css=#property-selector-item-592", "css:finder"], + ["xpath=//a[@id='property-selector-item-592']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[106]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[592]", "xpath:href"], + ["xpath=//div[106]/a", "xpath:position"], + ["xpath=//a[contains(.,'SecurityConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "894853a1-2202-4ff4-bc06-f0f7faf32505", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[60]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "12440bab-1419-4d7d-948c-71811b067df2", + "comment": "", + "command": "click", + "target": "id=property-selector-item-626", + "targets": [ + ["id=property-selector-item-626", "id"], + ["linkText=SessionConfiguration - Add all", "linkText"], + ["css=#property-selector-item-626", "css:finder"], + ["xpath=//a[@id='property-selector-item-626']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[108]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[626]", "xpath:href"], + ["xpath=//div[108]/a", "xpath:position"], + ["xpath=//a[contains(.,'SessionConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5bf0b70b-e413-49eb-bfcb-f97a4265c70b", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down > path", + "targets": [ + ["css=.fa-caret-down > path", "css:finder"] + ], + "value": "" + }, { + "id": "eb83e85f-6924-44ac-9922-9c5a1fcbcbc5", + "comment": "", + "command": "click", + "target": "id=property-selector-item-639", + "targets": [ + ["id=property-selector-item-639", "id"], + ["linkText=SimplePostLoginC14NConfiguration - Add all", "linkText"], + ["css=#property-selector-item-639", "css:finder"], + ["xpath=//a[@id='property-selector-item-639']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[110]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[639]", "xpath:href"], + ["xpath=//div[110]/a", "xpath:position"], + ["xpath=//a[contains(.,'SimplePostLoginC14NConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d941d154-a6a3-4684-ad04-ca9d45acf2aa", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[62]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cd98777e-1800-417f-af35-9f6d531decfa", + "comment": "", + "command": "click", + "target": "css=form", + "targets": [ + ["css=form", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form", "xpath:idRelative"], + ["xpath=//form", "xpath:position"] + ], + "value": "" + }, { + "id": "2ac41455-f406-4e71-88c0-8c30b7c23eab", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "a729126e-0c39-4db6-882c-b506db087119", + "comment": "", + "command": "click", + "target": "id=property-selector-item-643", + "targets": [ + ["id=property-selector-item-643", "id"], + ["linkText=Status - Add all", "linkText"], + ["css=#property-selector-item-643", "css:finder"], + ["xpath=//a[@id='property-selector-item-643']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[112]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[643]", "xpath:href"], + ["xpath=//div[112]/a", "xpath:position"], + ["xpath=//a[contains(.,'Status - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "602156fa-9fed-4a42-9182-4aa66338dd24", + "comment": "", + "command": "click", + "target": "css=td", + "targets": [ + ["css=td", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr/td", "xpath:idRelative"], + ["xpath=//td", "xpath:position"], + ["xpath=//td[contains(.,'At least one property is required.')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "878447bd-6424-440f-8dcf-461f994a6478", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[63]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "3b964802-50ee-4a2a-8db6-d24a51a61483", + "comment": "", + "command": "click", + "target": "id=property-selector-item-651", + "targets": [ + ["id=property-selector-item-651", "id"], + ["linkText=StorageConfiguration - Add all", "linkText"], + ["css=#property-selector-item-651", "css:finder"], + ["xpath=//a[@id='property-selector-item-651']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[114]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[651]", "xpath:href"], + ["xpath=//div[114]/a", "xpath:position"], + ["xpath=//a[contains(.,'StorageConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "eca7bf2d-db81-4cad-873b-eba9440bd0e5", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down", + "targets": [ + ["css=.fa-caret-down", "css:finder"] + ], + "value": "" + }, { + "id": "40ca1af5-e808-4b69-a5dd-3b545c1b233d", + "comment": "", + "command": "click", + "target": "id=property-selector-item-659", + "targets": [ + ["id=property-selector-item-659", "id"], + ["linkText=TOTP - Add all", "linkText"], + ["css=#property-selector-item-659", "css:finder"], + ["xpath=//a[@id='property-selector-item-659']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[116]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[659]", "xpath:href"], + ["xpath=//div[116]/a", "xpath:position"], + ["xpath=//a[contains(.,'TOTP - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "d6e986cb-865d-4472-b791-ea9ba459a849", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[65]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "26be9d61-f3c2-482e-8d0d-759a00c9b28f", + "comment": "", + "command": "click", + "target": "id=property-selector-item-677", + "targets": [ + ["id=property-selector-item-677", "id"], + ["linkText=X500PostLoginC14NConfiguration - Add all", "linkText"], + ["css=#property-selector-item-677", "css:finder"], + ["xpath=//a[@id='property-selector-item-677']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[118]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[677]", "xpath:href"], + ["xpath=//div[118]/a", "xpath:position"], + ["xpath=//a[contains(.,'X500PostLoginC14NConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "966c35be-39a4-4fa9-aded-8ba6fa1394a2", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[66]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "5124a661-4c33-4468-9c08-505268f78ff0", + "comment": "", + "command": "click", + "target": "id=property-selector-item-683", + "targets": [ + ["id=property-selector-item-683", "id"], + ["linkText=X509AuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-683", "css:finder"], + ["xpath=//a[@id='property-selector-item-683']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[120]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[683]", "xpath:href"], + ["xpath=//div[120]/a", "xpath:position"], + ["xpath=//a[contains(.,'X509AuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "a11e93fd-5a1b-4456-a875-f0b8a8582058", + "comment": "", + "command": "click", + "target": "css=.fa-caret-down > path", + "targets": [ + ["css=.fa-caret-down > path", "css:finder"] + ], + "value": "" + }, { + "id": "299da229-ce40-43ac-87c6-2bb6c1122d93", + "comment": "", + "command": "click", + "target": "id=property-selector-item-699", + "targets": [ + ["id=property-selector-item-699", "id"], + ["linkText=X509InternalAuthnConfiguration - Add all", "linkText"], + ["css=#property-selector-item-699", "css:finder"], + ["xpath=//a[@id='property-selector-item-699']", "xpath:attributes"], + ["xpath=//div[@id='property-selector']/div[122]/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '#')])[699]", "xpath:href"], + ["xpath=//div[122]/a", "xpath:position"], + ["xpath=//a[contains(.,'X509InternalAuthnConfiguration - Add all')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "2a8c3086-a40d-4e9c-857a-7fda2bd2e8f5", + "comment": "", + "command": "click", + "target": "css=.toggle-button", + "targets": [ + ["css=.toggle-button", "css:finder"], + ["xpath=(//button[@type='button'])[68]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,'Options')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "93a9c033-0fcc-4af9-85b5-7e18d882bf68", + "comment": "", + "command": "click", + "target": "css=.col-12 > .d-flex", + "targets": [ + ["css=.col-12 > .d-flex", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div", "xpath:position"] + ], + "value": "" + }, { + "id": "d06a3e9a-849f-4b8d-83a1-797f8abf6794", + "comment": "", + "command": "click", + "target": "css=.ms-2", + "targets": [ + ["css=.ms-2", "css:finder"], + ["xpath=(//button[@type='button'])[69]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//form/div[2]/div/div/button", "xpath:position"] + ], + "value": "" + }, { + "id": "1e726b4f-8ae7-40eb-ba52-747c88ae2e89", + "comment": "", + "command": "assertText", + "target": "css=tr:nth-child(653) > td:nth-child(1)", + "targets": [ + ["css=tr:nth-child(653) > td:nth-child(1)", "css:finder"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[653]/td", "xpath:idRelative"], + ["xpath=//tr[653]/td", "xpath:position"], + ["xpath=//td[contains(.,'idp.authn.X509Internal.discoveryRequired')]", "xpath:innerText"] + ], + "value": "idp.authn.X509Internal.discoveryRequired" + }, { + "id": "9af817b8-7f25-4f90-8b9a-f24582b7c19b", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "0e2f3bef-0c6c-457f-83c0-d1b464508daa", + "comment": "", + "command": "click", + "target": "linkText=Edit", + "targets": [ + ["linkText=Edit", "linkText"], + ["css=.btn-primary", "css:finder"], + ["xpath=//a[contains(text(),'Edit')]", "xpath:link"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/a", "xpath:idRelative"], + ["xpath=(//a[contains(@href, '/configurations/831/edit')])[2]", "xpath:href"], + ["xpath=//td[3]/div/a", "xpath:position"], + ["xpath=//a[contains(.,'  Edit')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "caeb6c0b-c99d-4e4f-87b1-874ac54f30a8", + "comment": "", + "command": "click", + "target": "id=valueInput-idp.resolvertest.accessPolicy", + "targets": [ + ["id=valueInput-idp.resolvertest.accessPolicy", "id"], + ["name=properties.0.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.accessPolicy", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.accessPolicy']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr/td[4]/div/input", "xpath:idRelative"], + ["xpath=//td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "812d8a90-f462-470a-9a4d-efd2cca679c2", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.resolvertest.accessPolicy", + "targets": [ + ["id=valueInput-idp.resolvertest.accessPolicy", "id"], + ["name=properties.0.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.accessPolicy", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.accessPolicy']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr/td[4]/div/input", "xpath:idRelative"], + ["xpath=//td[4]/div/input", "xpath:position"] + ], + "value": "foo" + }, { + "id": "8c98218b-9d71-42ac-8682-36d2aeb0f39e", + "comment": "", + "command": "click", + "target": "id=valueInput-idp.resolvertest.logging", + "targets": [ + ["id=valueInput-idp.resolvertest.logging", "id"], + ["name=properties.1.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.logging", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.logging']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[2]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[2]/td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "948ac5c1-aa09-44af-a024-c0dc898616d1", + "comment": "", + "command": "type", + "target": "id=valueInput-idp.resolvertest.logging", + "targets": [ + ["id=valueInput-idp.resolvertest.logging", "id"], + ["name=properties.1.propertyValue", "name"], + ["css=#valueInput-idp\\.resolvertest\\.logging", "css:finder"], + ["xpath=//input[@id='valueInput-idp.resolvertest.logging']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[2]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[2]/td[4]/div/input", "xpath:position"] + ], + "value": "bar" + }, { + "id": "46d0e1ac-4706-47cf-9336-683b7b6519f2", + "comment": "", + "command": "click", + "target": "name=properties.2.propertyValue", + "targets": [ + ["name=properties.2.propertyValue", "name"], + ["css=tr:nth-child(3) .form-check-input", "css:finder"], + ["xpath=//input[@name='properties.2.propertyValue']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[3]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[3]/td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "d3898399-e0c0-4ac1-9f66-ab1ef682cc4e", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "47617f08-9b12-47f0-b8bc-bf97636014fb", + "comment": "", + "command": "click", + "target": "css=.fa-pen-to-square > path", + "targets": [ + ["css=.fa-pen-to-square > path", "css:finder"] + ], + "value": "" + }, { + "id": "aaab6ac3-6c55-4b8f-8e97-4913e4d658d6", + "comment": "", + "command": "click", + "target": "name=properties.2.propertyValue", + "targets": [ + ["name=properties.2.propertyValue", "name"], + ["css=tr:nth-child(3) .form-check-input", "css:finder"], + ["xpath=//input[@name='properties.2.propertyValue']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[3]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[3]/td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "dea3ef04-ea08-40ea-8dce-eafc87ab2051", + "comment": "", + "command": "click", + "target": "name=properties.3.propertyValue", + "targets": [ + ["name=properties.3.propertyValue", "name"], + ["css=tr:nth-child(4) .form-check-input", "css:finder"], + ["xpath=//input[@name='properties.3.propertyValue']", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/form/div[4]/div/table/tbody/tr[4]/td[4]/div/input", "xpath:idRelative"], + ["xpath=//tr[4]/td[4]/div/input", "xpath:position"] + ], + "value": "" + }, { + "id": "fea5a053-a52e-4b5c-8477-51325b5baf40", + "comment": "", + "command": "click", + "target": "css=.btn-info", + "targets": [ + ["css=.btn-info", "css:finder"], + ["xpath=(//button[@type='button'])[5]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div[2]/div/div/button", "xpath:idRelative"], + ["xpath=//div[2]/div/div/button", "xpath:position"], + ["xpath=//button[contains(.,' Save')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "cd64daba-9c2c-4523-a17d-8168f91b4f93", + "comment": "", + "command": "click", + "target": "css=.btn-danger", + "targets": [ + ["css=.btn-danger", "css:finder"], + ["xpath=(//button[@type='button'])[7]", "xpath:attributes"], + ["xpath=//div[@id='root']/div/main/div/section/div/div[2]/div[2]/table/tbody/tr/td[3]/div/button", "xpath:idRelative"], + ["xpath=//td[3]/div/button", "xpath:position"], + ["xpath=//button[contains(.,'  Delete')]", "xpath:innerText"] + ], + "value": "" + }, { + "id": "debe5850-a226-47d1-b38b-17015449edf9", + "comment": "", + "command": "click", + "target": "css=.btn-danger:nth-child(1)", + "targets": [ + ["css=.btn-danger:nth-child(1)", "css:finder"], + ["xpath=(//button[@type='button'])[8]", "xpath:attributes"], + ["xpath=//div[4]/div/div/div[3]/button", "xpath:position"] + ], + "value": "" + }, { + "id": "efc6da0e-490c-4c8b-b4d2-07b71059d0ef", + "comment": "", + "command": "open", + "target": "/api/heheheheheheheWipeout", + "targets": [], + "value": "" + }, { + "id": "80cfb61f-79a5-429b-9b7e-b5991b8e279f", + "comment": "", + "command": "assertText", + "target": "css=body", + "targets": [], + "value": "yes, you did it" + }] + }], + "suites": [{ + "id": "d2caeac4-7520-4e3c-96b1-840610b6983c", + "name": "Default Suite", + "persistSession": false, + "parallel": false, + "timeout": 300, + "tests": ["841ade0e-83bd-4a4b-94f2-de6bd5c536b2"] + }], + "urls": ["http://localhost:10101/"], + "plugins": [] +} \ No newline at end of file From 71c3c24b1063ec91fc52d3e8d28f60466fc70a03 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Wed, 7 Sep 2022 09:23:02 -0700 Subject: [PATCH 58/63] Fixed responsive table --- .../app/admin/component/ConfigurationForm.js | 98 ++++++++++--------- 1 file changed, 50 insertions(+), 48 deletions(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 751e94310..747a70452 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -134,56 +134,58 @@ export function ConfigurationForm({ configurations, configuration = {}, loading,
- - - - - - - - - - - - {fields.map((p, idx) => ( - - - - - - +
PropertyCategoryTypeValueAction
{ p.propertyName }{ p.category }{ p.displayType } - {p.displayType !== 'boolean' ? - - - - : - - } - - +
+ + + + + + + + + + + + {fields.map((p, idx) => ( + + + + + + + + ))} + {fields.length === 0 && + + - ))} - {fields.length === 0 && - - - - } - -
PropertyCategoryTypeValueAction
{ p.propertyName }{ p.category }{ p.displayType } + {p.displayType !== 'boolean' ? + + + + : + + } + + +
+ At least one property is required.
- At least one property is required. -
+ } +
+
From b41c6452a5bf056ead8cea4b1f9634b201f98ef4 Mon Sep 17 00:00:00 2001 From: chasegawa Date: Thu, 8 Sep 2022 10:01:30 -0700 Subject: [PATCH 59/63] SHIBUI-2270 Code clean up from Dima's code review comments --- ...rsEntityDescriptorVersionServiceTests.groovy | 4 ++-- .../JPAMetadataResolverServiceImpl.groovy | 6 +++--- .../MigrationTasksContextLoadedListener.java | 4 ---- .../admin/ui/controller/ActivateController.java | 13 +++++++------ .../ui/controller/ActivateExceptionHandler.java | 8 ++++---- .../controller/AttributeBundleController.java | 11 ++++------- .../AttributeBundleExceptionHandler.java | 6 +++--- .../controller/EntityDescriptorController.java | 17 ++++++++--------- ...ityDescriptorControllerExceptionHandler.java | 6 +++--- .../ui/controller/ShibPropertiesController.java | 17 +++++++++-------- ...hibPropertiesControllerExceptionHandler.java | 8 ++++---- ...ption.java => PersistentEntityNotFound.java} | 4 ++-- .../ui/security/controller/GroupController.java | 10 +++++----- .../GroupControllerExceptionHandler.java | 6 +++--- .../ui/security/controller/RolesController.java | 9 +++++---- .../controller/RolesExceptionHandler.java | 8 ++++---- .../ui/security/controller/UsersController.java | 4 ++-- .../ui/security/service/GroupServiceImpl.java | 8 ++++---- .../ui/security/service/IGroupService.java | 7 +++---- .../ui/security/service/IRolesService.java | 8 ++++---- .../ui/security/service/RolesServiceImpl.java | 12 ++++++------ .../admin/ui/security/service/UserService.java | 6 +++--- .../ui/service/AttributeBundleService.java | 14 +++++++------- ...omEntityAttributesDefinitionServiceImpl.java | 5 +---- .../ui/service/EntityDescriptorService.java | 17 +++++++++-------- .../service/EntityDescriptorVersionService.java | 9 +++++---- .../EnversEntityDescriptorVersionService.java | 13 +++++++------ .../admin/ui/service/FilterService.java | 7 ++++--- .../service/JPAEntityDescriptorServiceImpl.java | 17 +++++++++-------- .../admin/ui/service/JPAFilterServiceImpl.java | 8 +++----- .../ui/service/MetadataResolverService.java | 5 ++--- .../ui/service/ShibConfigurationService.java | 8 ++++---- .../service/ShibConfigurationServiceImpl.java | 14 +++++++------- .../ui/configuration/TestConfiguration.groovy | 1 - .../AttributeBundleControllerTests.groovy | 8 ++++---- .../EntityDescriptorControllerTests.groovy | 4 ++-- .../MetadataFiltersControllerTests.groovy | 4 ++-- .../ShibPropertiesControllerTests.groovy | 12 ++++-------- .../EntityDescriptorRepositoryTest.groovy | 3 +-- .../GroupsControllerIntegrationTests.groovy | 7 +++---- 40 files changed, 162 insertions(+), 176 deletions(-) rename backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/{EntityNotFoundException.java => PersistentEntityNotFound.java} (58%) diff --git a/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/service/envers/EnversEntityDescriptorVersionServiceTests.groovy b/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/service/envers/EnversEntityDescriptorVersionServiceTests.groovy index f996c534d..76ca684e8 100644 --- a/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/service/envers/EnversEntityDescriptorVersionServiceTests.groovy +++ b/backend/src/enversTest/groovy/edu/internet2/tier/shibboleth/admin/ui/service/envers/EnversEntityDescriptorVersionServiceTests.groovy @@ -6,7 +6,7 @@ import edu.internet2.tier.shibboleth.admin.ui.configuration.Internationalization import edu.internet2.tier.shibboleth.admin.ui.configuration.SearchConfiguration import edu.internet2.tier.shibboleth.admin.ui.configuration.TestConfiguration import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.repository.EntityDescriptorRepository import edu.internet2.tier.shibboleth.admin.ui.repository.envers.EnversTestsSupport import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService @@ -121,7 +121,7 @@ class EnversEntityDescriptorVersionServiceTests extends Specification { def edRepresentation = entityDescriptorVersionService.findSpecificVersionOfEntityDescriptor(ed.resourceId, '1000') false } - catch (EntityNotFoundException expected) { + catch (PersistentEntityNotFound expected) { true } } diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy index bb86a1915..f207512ae 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JPAMetadataResolverServiceImpl.groovy @@ -26,7 +26,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.ResourceBackedMet import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.TemplateScheme import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.Refilterable -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects @@ -498,10 +498,10 @@ class JPAMetadataResolverServiceImpl implements MetadataResolverService { } } - public edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException { + public edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver findByResourceId(String resourceId) throws PersistentEntityNotFound { edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver result = metadataResolverRepository.findByResourceId(resourceId) if (result == null ) { - throw new EntityNotFoundException("No Provider with resourceId[" + resourceId + "] was found") + throw new PersistentEntityNotFound("No Provider with resourceId[" + resourceId + "] was found") } return result } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/MigrationTasksContextLoadedListener.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/MigrationTasksContextLoadedListener.java index 4dbe3656d..d9dc38c1e 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/MigrationTasksContextLoadedListener.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/auto/MigrationTasksContextLoadedListener.java @@ -1,7 +1,5 @@ package edu.internet2.tier.shibboleth.admin.ui.configuration.auto; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; -import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationListener; import org.springframework.context.event.ContextRefreshedEvent; @@ -16,8 +14,6 @@ import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService; import edu.internet2.tier.shibboleth.admin.ui.security.service.UserService; -import java.util.List; - /** * After the context loads, do any needed migration tasks */ diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java index c9e0f20f5..487bd56c2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateController.java @@ -5,12 +5,10 @@ import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.PatchMapping; import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.PutMapping; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; @@ -18,7 +16,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException; import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService; @@ -41,7 +39,8 @@ public class ActivateController { @PatchMapping(path = "/entityDescriptor/{resourceId}/{mode}") @Transactional - public ResponseEntity enableEntityDescriptor(@PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException { + public ResponseEntity enableEntityDescriptor(@PathVariable String resourceId, @PathVariable String mode) throws + PersistentEntityNotFound, ForbiddenException { boolean status = "enable".equalsIgnoreCase(mode); EntityDescriptorRepresentation edr = entityDescriptorService.updateEntityDescriptorEnabledStatus(resourceId, status); return ResponseEntity.ok(edr); @@ -49,7 +48,8 @@ public ResponseEntity enableEntityDescriptor(@PathVariable String resourceId, @PatchMapping(path = "/MetadataResolvers/{metadataResolverId}/Filter/{resourceId}/{mode}") @Transactional - public ResponseEntity enableFilter(@PathVariable String metadataResolverId, @PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException, ScriptException { + public ResponseEntity enableFilter(@PathVariable String metadataResolverId, @PathVariable String resourceId, @PathVariable String mode) throws + PersistentEntityNotFound, ForbiddenException, ScriptException { boolean status = "enable".equalsIgnoreCase(mode); MetadataFilter persistedFilter = filterService.updateFilterEnabledStatus(metadataResolverId, resourceId, status); return ResponseEntity.ok(persistedFilter); @@ -57,7 +57,8 @@ public ResponseEntity enableFilter(@PathVariable String metadataResolverId, @ @PatchMapping("/MetadataResolvers/{resourceId}/{mode}") @Transactional - public ResponseEntity enableProvider(@PathVariable String resourceId, @PathVariable String mode) throws EntityNotFoundException, ForbiddenException, MetadataFileNotFoundException, InitializationException { + public ResponseEntity enableProvider(@PathVariable String resourceId, @PathVariable String mode) throws + PersistentEntityNotFound, ForbiddenException, MetadataFileNotFoundException, InitializationException { boolean status = "enable".equalsIgnoreCase(mode); MetadataResolver existingResolver = metadataResolverService.findByResourceId(resourceId); existingResolver.setEnabled(status); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java index 0c766c53c..fe6f7c0f2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ActivateExceptionHandler.java @@ -12,15 +12,15 @@ import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler; import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException; @ControllerAdvice(assignableTypes = {ActivateController.class}) public class ActivateExceptionHandler extends ResponseEntityExceptionHandler { - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } @@ -45,4 +45,4 @@ public ResponseEntity handleScriptException(ScriptException e, WebRequest req } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleController.java index 92c498781..53335d340 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleController.java @@ -1,11 +1,8 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; import edu.internet2.tier.shibboleth.admin.ui.domain.AttributeBundle; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; -import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; -import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; -import edu.internet2.tier.shibboleth.admin.ui.security.model.Group; import edu.internet2.tier.shibboleth.admin.ui.service.AttributeBundleService; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; @@ -42,7 +39,7 @@ public ResponseEntity create(@RequestBody AttributeBundle bundle) throws Obje @Secured("ROLE_ADMIN") @DeleteMapping("/{resourceId}") @Transactional - public ResponseEntity delete(@PathVariable String resourceId) throws EntityNotFoundException { + public ResponseEntity delete(@PathVariable String resourceId) throws PersistentEntityNotFound { attributeBundleService.deleteDefinition(resourceId); return ResponseEntity.noContent().build(); } @@ -55,14 +52,14 @@ public ResponseEntity getAll() { @GetMapping("/{resourceId}") @Transactional(readOnly = true) - public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNotFoundException { + public ResponseEntity getOne(@PathVariable String resourceId) throws PersistentEntityNotFound { return ResponseEntity.ok(attributeBundleService.findByResourceId(resourceId)); } @Secured("ROLE_ADMIN") @PutMapping @Transactional - public ResponseEntity update(@RequestBody AttributeBundle bundle) throws EntityNotFoundException { + public ResponseEntity update(@RequestBody AttributeBundle bundle) throws PersistentEntityNotFound { AttributeBundle result = attributeBundleService.updateBundle(bundle); return ResponseEntity.ok(result); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleExceptionHandler.java index 9f5266c3c..44f32f6ea 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleExceptionHandler.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; @@ -12,8 +12,8 @@ @ControllerAdvice(assignableTypes = {AttributeBundleController.class}) public class AttributeBundleExceptionHandler extends ResponseEntityExceptionHandler { - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java index 81d62a1ad..f7cfb019a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorController.java @@ -2,14 +2,13 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects; import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorService; import edu.internet2.tier.shibboleth.admin.ui.service.EntityDescriptorVersionService; -import io.swagger.v3.oas.annotations.Operation; import io.swagger.v3.oas.annotations.tags.Tag; import io.swagger.v3.oas.annotations.tags.Tags; import lombok.extern.slf4j.Slf4j; @@ -34,7 +33,6 @@ import javax.annotation.PostConstruct; import java.net.URI; import java.util.ConcurrentModificationException; -import java.util.Optional; @RestController @RequestMapping("/api") @@ -77,7 +75,7 @@ public ResponseEntity create(@RequestBody EntityDescriptorRepresentation edRe @Secured("ROLE_ADMIN") @DeleteMapping(value = "/EntityDescriptor/{resourceId}") @Transactional - public ResponseEntity deleteOne(@PathVariable String resourceId) throws ForbiddenException, EntityNotFoundException { + public ResponseEntity deleteOne(@PathVariable String resourceId) throws ForbiddenException, PersistentEntityNotFound { entityDescriptorService.delete(resourceId); return ResponseEntity.noContent().build(); } @@ -90,7 +88,7 @@ public ResponseEntity getAll() throws ForbiddenException { @GetMapping("/EntityDescriptor/{resourceId}/Versions") @Transactional - public ResponseEntity getAllVersions(@PathVariable String resourceId) throws EntityNotFoundException, ForbiddenException { + public ResponseEntity getAllVersions(@PathVariable String resourceId) throws PersistentEntityNotFound, ForbiddenException { // this "get by resource id" verifies that both the ED exists and the user has proper access, so needs to remain EntityDescriptor ed = entityDescriptorService.getEntityDescriptorByResourceId(resourceId); return ResponseEntity.ok(versionService.findVersionsForEntityDescriptor(ed.getResourceId())); @@ -105,21 +103,22 @@ public Iterable getDisabledAndNotOwnedByAdmin() @GetMapping("/EntityDescriptor/{resourceId}") @Transactional - public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNotFoundException, ForbiddenException { + public ResponseEntity getOne(@PathVariable String resourceId) throws PersistentEntityNotFound, ForbiddenException { return ResponseEntity.ok(entityDescriptorService .createRepresentationFromDescriptor(entityDescriptorService.getEntityDescriptorByResourceId(resourceId))); } @GetMapping(value = "/EntityDescriptor/{resourceId}", produces = "application/xml") @Transactional - public ResponseEntity getOneXml(@PathVariable String resourceId) throws MarshallingException, EntityNotFoundException, ForbiddenException { + public ResponseEntity getOneXml(@PathVariable String resourceId) throws MarshallingException, PersistentEntityNotFound, ForbiddenException { EntityDescriptor ed = entityDescriptorService.getEntityDescriptorByResourceId(resourceId); final String xml = this.openSamlObjects.marshalToXmlString(ed); return ResponseEntity.ok(xml); } @GetMapping("/EntityDescriptor/{resourceId}/Versions/{versionId}") - public ResponseEntity getSpecificVersion(@PathVariable String resourceId, @PathVariable String versionId) throws EntityNotFoundException, ForbiddenException { + public ResponseEntity getSpecificVersion(@PathVariable String resourceId, @PathVariable String versionId) throws + PersistentEntityNotFound, ForbiddenException { // this "get by resource id" verifies that both the ED exists and the user has proper access, so needs to remain EntityDescriptor ed = entityDescriptorService.getEntityDescriptorByResourceId(resourceId); EntityDescriptorRepresentation result = versionService.findSpecificVersionOfEntityDescriptor(ed.getResourceId(), versionId); @@ -146,7 +145,7 @@ public void initRestTemplate() { @PutMapping("/EntityDescriptor/{resourceId}") @Transactional public ResponseEntity update(@RequestBody EntityDescriptorRepresentation edRepresentation, @PathVariable String resourceId) - throws ForbiddenException, ConcurrentModificationException, EntityNotFoundException, + throws ForbiddenException, ConcurrentModificationException, PersistentEntityNotFound, InvalidPatternMatchException { edRepresentation.setId(resourceId); // This should be the same already, but just to be safe... EntityDescriptorRepresentation result = entityDescriptorService.update(edRepresentation); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerExceptionHandler.java index 32d3cd4be..e1afe9413 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerExceptionHandler.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; @@ -22,8 +22,8 @@ public ResponseEntity handleConcurrentModificationException(ConcurrentModific return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); } - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java index b613c2b4f..b9936633a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesController.java @@ -2,7 +2,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.service.ShibConfigurationService; import io.swagger.v3.oas.annotations.Operation; @@ -41,8 +41,8 @@ public class ShibPropertiesController { @GetMapping("/properties") @Transactional(readOnly = true) - @Operation(description = "Return all the configuration properties - used to populate the UI with the know configuration properties", - summary = "Return all the configuration properties - used to populate the UI with the know configuration properties", method = "GET") + @Operation(description = "Return all the configuration properties - used to populate the UI with the known configuration properties", + summary = "Return all the configuration properties - used to populate the UI with the known configuration properties", method = "GET") public ResponseEntity getAllConfigurationProperties() { return ResponseEntity.ok(service.getAllConfigurationProperties()); } @@ -62,7 +62,7 @@ public ResponseEntity getAllPropertySets() { @Transactional(readOnly = true) @Operation(description = "Return the property set with the given resourceId", summary = "Return the property set with the given resourceId", method = "GET") - public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws PersistentEntityNotFound { return ResponseEntity.ok(service.getSet(resourceId)); } @@ -70,7 +70,7 @@ public ResponseEntity getPropertySet(@PathVariable Integer resourceId) throws @Transactional(readOnly = true) @Operation(description = "Return the property set with the given resourceId as a zip file of the properties files", summary = "Return the property set with the given resourceId as a zip file of the properties files", method = "GET") - public ResponseEntity getPropertySetAsZip(@PathVariable Integer resourceId) throws EntityNotFoundException, IOException { + public ResponseEntity getPropertySetAsZip(@PathVariable Integer resourceId) throws PersistentEntityNotFound, IOException { ShibPropertySet set = service.getSet(resourceId); StringBuilder sb = new StringBuilder("attachment; filename=\"").append(set.getName()).append(".zip\""); return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZip(convertPropertiesToMaps(set.getProperties()))); @@ -80,7 +80,7 @@ public ResponseEntity getPropertySetAsZip(@PathVariable Integer resourceId) t @Transactional(readOnly = true) @Operation(description = "Return the property set with the given resourceId as a zip file of a single properties files", summary = "Return the property set with the given resourceId as a zip file of a single properties files", method = "GET") - public ResponseEntity getPropertySetOneFileAsZip(@PathVariable Integer resourceId) throws EntityNotFoundException, IOException { + public ResponseEntity getPropertySetOneFileAsZip(@PathVariable Integer resourceId) throws PersistentEntityNotFound, IOException { ShibPropertySet set = service.getSet(resourceId); StringBuilder sb = new StringBuilder("attachment; filename=\"").append(set.getName()).append(".zip\""); return ResponseEntity.ok().header("Content-Disposition", sb.toString()).body(prepDownloadAsZipWithSingleFile(convertPropertiesToMaps(set.getProperties()))); @@ -141,7 +141,7 @@ private byte[] prepDownloadAsZip(Map> propertiesFiles @DeleteMapping("/property/set/{resourceId}") @Secured("ROLE_ADMIN") @Transactional - public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) throws EntityNotFoundException { + public ResponseEntity deletePropertySet(@PathVariable Integer resourceId) throws PersistentEntityNotFound { service.delete(resourceId); return ResponseEntity.noContent().build(); } @@ -161,7 +161,8 @@ public ResponseEntity createPropertySet(@RequestBody ShibPropertySet newSet) @Transactional @Operation(description = "Update a property set with with the matching resourceId - must exist", summary = "Update an existing property set with the matching resourceId - must exist", method = "PUT") - public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws EntityNotFoundException { + public ResponseEntity updatePropertySet(@RequestBody ShibPropertySet setToUpdate, @PathVariable int resourceId) throws + PersistentEntityNotFound { ShibPropertySet result = service.update(setToUpdate); return ResponseEntity.status(HttpStatus.OK).body(result); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java index cbc9cb133..c75005a39 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerExceptionHandler.java @@ -1,7 +1,7 @@ package edu.internet2.tier.shibboleth.admin.ui.controller; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; @@ -14,13 +14,13 @@ @ControllerAdvice(assignableTypes = {ShibPropertiesController.class}) public class ShibPropertiesControllerExceptionHandler extends ResponseEntityExceptionHandler { - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } @ExceptionHandler({ IOException.class }) - public ResponseEntity handleIOException(EntityNotFoundException e, WebRequest request) { + public ResponseEntity handleIOException(IOException e, WebRequest request) { return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Error creating file"); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/PersistentEntityNotFound.java similarity index 58% rename from backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java rename to backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/PersistentEntityNotFound.java index 212c9f990..b7dc72f33 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/EntityNotFoundException.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/exception/PersistentEntityNotFound.java @@ -3,8 +3,8 @@ /** * Generically meaning - hibernate entity, not SAML entity */ -public class EntityNotFoundException extends Exception { - public EntityNotFoundException(String message) { +public class PersistentEntityNotFound extends Exception { + public PersistentEntityNotFound(String message) { super(message); } } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java index c287a14a7..8293c9b04 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupController.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.security.controller; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; @@ -40,7 +40,7 @@ public ResponseEntity create(@RequestBody Group group) throws GroupExistsConf @Secured("ROLE_ADMIN") @DeleteMapping("/{resourceId}") @Transactional - public ResponseEntity delete(@PathVariable String resourceId) throws EntityNotFoundException, GroupDeleteException { + public ResponseEntity delete(@PathVariable String resourceId) throws PersistentEntityNotFound, GroupDeleteException { groupService.deleteDefinition(resourceId); return ResponseEntity.noContent().build(); } @@ -53,10 +53,10 @@ public ResponseEntity getAll() { @GetMapping("/{resourceId}") @Transactional(readOnly = true) - public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNotFoundException { + public ResponseEntity getOne(@PathVariable String resourceId) throws PersistentEntityNotFound { Group g = groupService.find(resourceId); if (g == null) { - throw new EntityNotFoundException(String.format("Unable to find group with resource id: [%s]", resourceId)); + throw new PersistentEntityNotFound(String.format("Unable to find group with resource id: [%s]", resourceId)); } return ResponseEntity.ok(g); } @@ -64,7 +64,7 @@ public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNo @Secured("ROLE_ADMIN") @PutMapping @Transactional - public ResponseEntity update(@RequestBody Group group) throws EntityNotFoundException, InvalidGroupRegexException { + public ResponseEntity update(@RequestBody Group group) throws PersistentEntityNotFound, InvalidGroupRegexException { Group result = groupService.updateGroup(group); return ResponseEntity.ok(result); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupControllerExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupControllerExceptionHandler.java index 39778e21a..b382f50ca 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupControllerExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupControllerExceptionHandler.java @@ -11,15 +11,15 @@ import org.springframework.web.servlet.support.ServletUriComponentsBuilder; import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; @ControllerAdvice(assignableTypes = {GroupController.class}) public class GroupControllerExceptionHandler extends ResponseEntityExceptionHandler { - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { HttpHeaders headers = new HttpHeaders(); headers.setLocation(ServletUriComponentsBuilder.fromCurrentServletMapping().path("/api/admin/groups").build().toUri()); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java index 539dc3195..9b549efb3 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesController.java @@ -18,7 +18,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RestController; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.model.Role; @@ -42,7 +42,7 @@ public ResponseEntity create(@RequestBody Role role) throws RoleExistsConflic @Secured("ROLE_ADMIN") @DeleteMapping("/{resourceId}") @Transactional - public ResponseEntity delete(@PathVariable String resourceId) throws EntityNotFoundException, RoleDeleteException { + public ResponseEntity delete(@PathVariable String resourceId) throws PersistentEntityNotFound, RoleDeleteException { rolesService.deleteDefinition(resourceId); return ResponseEntity.noContent().build(); } @@ -55,7 +55,7 @@ public ResponseEntity getAll() { @GetMapping("/{resourceId}") @Transactional(readOnly = true) - public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNotFoundException { + public ResponseEntity getOne(@PathVariable String resourceId) throws PersistentEntityNotFound { Role role = rolesService.findByResourceId(resourceId); return ResponseEntity.ok(role); } @@ -63,7 +63,8 @@ public ResponseEntity getOne(@PathVariable String resourceId) throws EntityNo @Secured("ROLE_ADMIN") @PutMapping(path = {"/", "/{resourceId}" }) @Transactional - public ResponseEntity update(@RequestBody Role incomingRoleDetail, @PathVariable Optional resourceId) throws EntityNotFoundException { + public ResponseEntity update(@RequestBody Role incomingRoleDetail, @PathVariable Optional resourceId) throws + PersistentEntityNotFound { Role updateRole; if (resourceId.isPresent()) { updateRole = rolesService.findByResourceId(resourceId.get()); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java index e4b840f1a..494b1a6b1 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/RolesExceptionHandler.java @@ -10,15 +10,15 @@ import org.springframework.web.servlet.support.ServletUriComponentsBuilder; import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException; @ControllerAdvice(assignableTypes = {RolesController.class}) public class RolesExceptionHandler extends ResponseEntityExceptionHandler { - @ExceptionHandler({ EntityNotFoundException.class }) - public ResponseEntity handleEntityNotFoundException(EntityNotFoundException e, WebRequest request) { + @ExceptionHandler({ PersistentEntityNotFound.class }) + public ResponseEntity handleEntityNotFoundException(PersistentEntityNotFound e, WebRequest request) { return ResponseEntity.status(HttpStatus.NOT_FOUND).body(new ErrorResponse(HttpStatus.NOT_FOUND, e.getMessage())); } @@ -35,4 +35,4 @@ public ResponseEntity handleForbiddenAccess(RoleDeleteException e, WebRequest public ResponseEntity handleRoleExistsConflictException(RoleExistsConflictException e, WebRequest request) { return ResponseEntity.status(HttpStatus.CONFLICT).body(new ErrorResponse(HttpStatus.CONFLICT, e.getMessage())); } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java index a281adc10..ed39250b4 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java @@ -26,7 +26,7 @@ import org.springframework.web.client.HttpClientErrorException; import edu.internet2.tier.shibboleth.admin.ui.controller.ErrorResponse; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.OwnershipConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.model.User; import edu.internet2.tier.shibboleth.admin.ui.security.repository.UserRepository; @@ -56,7 +56,7 @@ public ResponseEntity deleteOne(@PathVariable String username) { try { userService.delete(username); } - catch (EntityNotFoundException e) { + catch (PersistentEntityNotFound e) { throw new HttpClientErrorException(NOT_FOUND, String.format("User with username [%s] not found", username)); } catch (OwnershipConflictException e) { diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java index 65ee10764..f329a5be2 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/GroupServiceImpl.java @@ -1,6 +1,6 @@ package edu.internet2.tier.shibboleth.admin.ui.security.service; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; @@ -52,7 +52,7 @@ public Group createGroup(Group group) throws GroupExistsConflictException, Inval @Override @Transactional - public void deleteDefinition(String resourceId) throws EntityNotFoundException, GroupDeleteException { + public void deleteDefinition(String resourceId) throws PersistentEntityNotFound, GroupDeleteException { Group group = find(resourceId); if (!ownershipRepository.findAllByOwner(group).isEmpty()) { throw new GroupDeleteException(String.format( @@ -116,10 +116,10 @@ public List findAll() { } @Override - public Group updateGroup(Group group) throws EntityNotFoundException, InvalidGroupRegexException { + public Group updateGroup(Group group) throws PersistentEntityNotFound, InvalidGroupRegexException { Group g = find(group.getResourceId()); if (g == null) { - throw new EntityNotFoundException(String.format("Unable to find group with resource id: [%s] and name: [%s]", + throw new PersistentEntityNotFound(String.format("Unable to find group with resource id: [%s] and name: [%s]", group.getResourceId(), group.getName())); } validateGroupRegex(group); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IGroupService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IGroupService.java index d6e44e5ec..66fd089a9 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IGroupService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IGroupService.java @@ -2,8 +2,7 @@ import java.util.List; -import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; @@ -13,7 +12,7 @@ public interface IGroupService { Group createGroup(Group group) throws GroupExistsConflictException, InvalidGroupRegexException; - void deleteDefinition(String resourceId) throws EntityNotFoundException, GroupDeleteException; + void deleteDefinition(String resourceId) throws PersistentEntityNotFound, GroupDeleteException; void ensureAdminGroupExists(); @@ -21,7 +20,7 @@ public interface IGroupService { List findAll(); - Group updateGroup(Group g) throws EntityNotFoundException, InvalidGroupRegexException; + Group updateGroup(Group g) throws PersistentEntityNotFound, InvalidGroupRegexException; boolean doesStringMatchGroupPattern(String groupId, String uri); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java index ac30d986a..46d3f81f5 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/IRolesService.java @@ -4,7 +4,7 @@ import java.util.Optional; import java.util.Set; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.model.Role; @@ -17,13 +17,13 @@ public interface IRolesService { Optional findByName(String roleNone); - Role findByResourceId(String resourceId) throws EntityNotFoundException; + Role findByResourceId(String resourceId) throws PersistentEntityNotFound; Set getAndCreateAllRoles(Set roles); - void deleteDefinition(String resourceId) throws EntityNotFoundException, RoleDeleteException; + void deleteDefinition(String resourceId) throws PersistentEntityNotFound, RoleDeleteException; - Role updateRole(Role role) throws EntityNotFoundException; + Role updateRole(Role role) throws PersistentEntityNotFound; void save(Role newUserRole); } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java index 939be59d8..18385084b 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/RolesServiceImpl.java @@ -8,7 +8,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleDeleteException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.RoleExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.model.Role; @@ -31,7 +31,7 @@ public Role createRole(Role role) throws RoleExistsConflictException { } @Override - public void deleteDefinition(String resourceId) throws EntityNotFoundException, RoleDeleteException { + public void deleteDefinition(String resourceId) throws PersistentEntityNotFound, RoleDeleteException { Optional found = roleRepository.findByResourceId(resourceId); if (found.isPresent() && !found.get().getUsers().isEmpty()) { throw new RoleDeleteException(String.format("Unable to delete role with resource id: [%s] - remove role from all users first", resourceId)); @@ -50,10 +50,10 @@ public Optional findByName(String roleName) { } @Override - public Role findByResourceId(String resourceId) throws EntityNotFoundException { + public Role findByResourceId(String resourceId) throws PersistentEntityNotFound { Optional found = roleRepository.findByResourceId(resourceId); if (found.isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find role with resource id: [%s]", resourceId)); + throw new PersistentEntityNotFound(String.format("Unable to find role with resource id: [%s]", resourceId)); } return found.get(); } @@ -83,10 +83,10 @@ private Role getRoleNone() { } @Override - public Role updateRole(Role role) throws EntityNotFoundException { + public Role updateRole(Role role) throws PersistentEntityNotFound { Optional found = roleRepository.findByName(role.getName()); if (found.isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find role with name: [%s]", role.getName())); + throw new PersistentEntityNotFound(String.format("Unable to find role with name: [%s]", role.getName())); } return roleRepository.save(role); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java index df200f482..dfe21708a 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserService.java @@ -2,7 +2,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.InvalidGroupRegexException; import edu.internet2.tier.shibboleth.admin.ui.security.exception.OwnershipConflictException; @@ -82,9 +82,9 @@ public boolean currentUserIsAdmin() { } @Transactional - public void delete(String username) throws EntityNotFoundException, OwnershipConflictException { + public void delete(String username) throws PersistentEntityNotFound, OwnershipConflictException { Optional userToRemove = userRepository.findByUsername(username); - if (userToRemove.isEmpty()) throw new EntityNotFoundException("User does not exist"); + if (userToRemove.isEmpty()) throw new PersistentEntityNotFound("User does not exist"); if (!ownershipRepository.findOwnedByUser(username).isEmpty()) throw new OwnershipConflictException("User ["+username+"] has ownership of entities in the system. Please remove all items before attempting to delete the user."); // ok, user exists and doesn't own anything in the system, so delete them diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/AttributeBundleService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/AttributeBundleService.java index 916ea99b2..52b869693 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/AttributeBundleService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/AttributeBundleService.java @@ -1,7 +1,7 @@ package edu.internet2.tier.shibboleth.admin.ui.service; import edu.internet2.tier.shibboleth.admin.ui.domain.AttributeBundle; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.AttributeBundleRepository; import org.springframework.beans.factory.annotation.Autowired; @@ -26,17 +26,17 @@ public List findAll() { return attributeBundleRepository.findAll(); } - public void deleteDefinition(String resourceId) throws EntityNotFoundException { + public void deleteDefinition(String resourceId) throws PersistentEntityNotFound { if (attributeBundleRepository.findByResourceId(resourceId).isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find attribute bundle with resource id: [%s] for deletion", resourceId)); + throw new PersistentEntityNotFound(String.format("Unable to find attribute bundle with resource id: [%s] for deletion", resourceId)); } attributeBundleRepository.deleteById(resourceId); } - public AttributeBundle updateBundle(AttributeBundle bundle) throws EntityNotFoundException { + public AttributeBundle updateBundle(AttributeBundle bundle) throws PersistentEntityNotFound { Optional dbBundle = attributeBundleRepository.findByResourceId(bundle.getResourceId()); if (dbBundle.isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find attribute bundle with resource id: [%s] for update", bundle.getResourceId())); + throw new PersistentEntityNotFound(String.format("Unable to find attribute bundle with resource id: [%s] for update", bundle.getResourceId())); } AttributeBundle bundleToUpdate = dbBundle.get(); bundleToUpdate.setName(bundle.getName()); @@ -44,10 +44,10 @@ public AttributeBundle updateBundle(AttributeBundle bundle) throws EntityNotFoun return attributeBundleRepository.save(bundleToUpdate); } - public AttributeBundle findByResourceId(String resourceId) throws EntityNotFoundException { + public AttributeBundle findByResourceId(String resourceId) throws PersistentEntityNotFound { Optional result = attributeBundleRepository.findByResourceId(resourceId); if (result.isEmpty()) { - throw new EntityNotFoundException(String.format("Unable to find attribute bundle with resource id: [%s] for deletion", resourceId)); + throw new PersistentEntityNotFound(String.format("Unable to find attribute bundle with resource id: [%s] for deletion", resourceId)); } return result.get(); } diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java index cd5893c42..98454c058 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/CustomEntityAttributesDefinitionServiceImpl.java @@ -17,10 +17,7 @@ public class CustomEntityAttributesDefinitionServiceImpl implements CustomEntityAttributesDefinitionService { @Autowired private ApplicationEventPublisher applicationEventPublisher; - - @Autowired - EntityManager entityManager; // Why is this here - it isn't used - + @Autowired private CustomEntityAttributeDefinitionRepository repository; diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java index 6ecf9073e..6d66732b0 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorService.java @@ -3,7 +3,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.Attribute; import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; @@ -55,9 +55,9 @@ EntityDescriptorRepresentation createNew(EntityDescriptorRepresentation edRepres /** * @param resourceId - id of the JPA EntityDescriptor * @throws ForbiddenException If user is unauthorized to perform this operation - * @throws EntityNotFoundException If the db entity is not found + * @throws PersistentEntityNotFound If the db entity is not found */ - void delete(String resourceId) throws ForbiddenException, EntityNotFoundException; + void delete(String resourceId) throws ForbiddenException, PersistentEntityNotFound; /** * @return - Iterable set of EntityDescriptorRepresentations of those items which are NOT enabled and not owned by @@ -83,9 +83,9 @@ EntityDescriptorRepresentation createNew(EntityDescriptorRepresentation edRepres * @param resourceId - id of the JPA EntityDescriptor * @return JPA EntityDescriptor * @throws ForbiddenException If user is unauthorized to perform this operation - * @throws EntityNotFoundException If the db entity is not found + * @throws PersistentEntityNotFound If the db entity is not found */ - EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throws EntityNotFoundException, ForbiddenException; + EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throws PersistentEntityNotFound, ForbiddenException; /** * Given a list of attributes, generate a map of relying party overrides @@ -97,12 +97,12 @@ EntityDescriptorRepresentation createNew(EntityDescriptorRepresentation edRepres /** * @throws ForbiddenException If the user is not permitted to perform the action - * @throws EntityNotFoundException If the entity doesn't already exist in the database + * @throws PersistentEntityNotFound If the entity doesn't already exist in the database * @throws ConcurrentModificationException IF the entity is being modified in another session * @throws InvalidPatternMatchException If the entity id or the ACS location urls don't match the supplied regex */ EntityDescriptorRepresentation update(EntityDescriptorRepresentation edRepresentation) - throws ForbiddenException, EntityNotFoundException, ConcurrentModificationException, + throws ForbiddenException, PersistentEntityNotFound, ConcurrentModificationException, InvalidPatternMatchException; /** @@ -113,7 +113,8 @@ EntityDescriptorRepresentation update(EntityDescriptorRepresentation edRepresent */ void updateDescriptorFromRepresentation(final org.opensaml.saml.saml2.metadata.EntityDescriptor entityDescriptor, final EntityDescriptorRepresentation representation); - EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws EntityNotFoundException, ForbiddenException; + EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws + PersistentEntityNotFound, ForbiddenException; EntityDescriptorRepresentation createNewEntityDescriptorFromXMLOrigin(EntityDescriptor ed); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java index c8c67fbc8..365fccb80 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EntityDescriptorVersionService.java @@ -3,7 +3,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.versioning.Version; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import java.util.List; @@ -12,7 +12,8 @@ */ public interface EntityDescriptorVersionService { - List findVersionsForEntityDescriptor(String resourceId) throws EntityNotFoundException; + List findVersionsForEntityDescriptor(String resourceId) throws PersistentEntityNotFound; - EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionId) throws EntityNotFoundException; -} + EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionId) throws + PersistentEntityNotFound; +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EnversEntityDescriptorVersionService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EnversEntityDescriptorVersionService.java index 99906882b..5857ac283 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EnversEntityDescriptorVersionService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/EnversEntityDescriptorVersionService.java @@ -4,7 +4,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.versioning.Version; import edu.internet2.tier.shibboleth.admin.ui.envers.EnversVersionServiceSupport; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import java.util.List; @@ -23,20 +23,21 @@ public EnversEntityDescriptorVersionService(EnversVersionServiceSupport enversVe } @Override - public List findVersionsForEntityDescriptor(String resourceId) throws EntityNotFoundException { + public List findVersionsForEntityDescriptor(String resourceId) throws PersistentEntityNotFound { List results = enversVersionServiceSupport.findVersionsForPersistentEntity(resourceId, EntityDescriptor.class); if (results.isEmpty()) { - throw new EntityNotFoundException(String.format("No versions found for entity descriptor with resource id [%s].", resourceId)); + throw new PersistentEntityNotFound(String.format("No versions found for entity descriptor with resource id [%s].", resourceId)); } return results; } @Override - public EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionId) throws EntityNotFoundException { + public EntityDescriptorRepresentation findSpecificVersionOfEntityDescriptor(String resourceId, String versionId) throws + PersistentEntityNotFound { Object edObject = enversVersionServiceSupport.findSpecificVersionOfPersistentEntity(resourceId, versionId, EntityDescriptor.class); if (edObject == null) { - throw new EntityNotFoundException("Unable to find specific version requested - version: " + versionId); + throw new PersistentEntityNotFound("Unable to find specific version requested - version: " + versionId); } return entityDescriptorService.createRepresentationFromDescriptor((EntityDescriptor) edObject); } -} +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java index 6d752928b..d5823ef9f 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/FilterService.java @@ -5,7 +5,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterRepresentation; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; /** @@ -31,5 +31,6 @@ public interface FilterService { */ FilterRepresentation createRepresentationFromFilter(final EntityAttributesFilter entityAttributesFilter); - MetadataFilter updateFilterEnabledStatus(String metadataResolverId, String resourceId, boolean status) throws EntityNotFoundException, ForbiddenException, ScriptException; -} + MetadataFilter updateFilterEnabledStatus(String metadataResolverId, String resourceId, boolean status) throws + PersistentEntityNotFound, ForbiddenException, ScriptException; +} \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java index ec5c28048..6269020e8 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAEntityDescriptorServiceImpl.java @@ -16,7 +16,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.OrganizationRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.SecurityInfoRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.ServiceProviderSsoDescriptorRepresentation; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; @@ -354,7 +354,7 @@ public EntityDescriptorRepresentation createRepresentationFromDescriptor(org.ope } @Override - public void delete(String resourceId) throws ForbiddenException, EntityNotFoundException { + public void delete(String resourceId) throws ForbiddenException, PersistentEntityNotFound { EntityDescriptor ed = getEntityDescriptorByResourceId(resourceId); if (ed.isServiceEnabled()) { throw new ForbiddenException("Deleting an enabled Metadata Source is not allowed. Disable the source and try again."); @@ -398,10 +398,10 @@ public List getAttributeReleaseListFromAttributeList(List att } @Override - public EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throws EntityNotFoundException, ForbiddenException { + public EntityDescriptor getEntityDescriptorByResourceId(String resourceId) throws PersistentEntityNotFound, ForbiddenException { EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId); if (ed == null) { - throw new EntityNotFoundException(String.format("The entity descriptor with entity id [%s] was not found.", resourceId)); + throw new PersistentEntityNotFound(String.format("The entity descriptor with entity id [%s] was not found.", resourceId)); } if (!userService.isAuthorizedFor(ed)) { throw new ForbiddenException(); @@ -416,10 +416,10 @@ public Map getRelyingPartyOverridesRepresentationFromAttributeLi @Override public EntityDescriptorRepresentation update(EntityDescriptorRepresentation edRep) - throws ForbiddenException, EntityNotFoundException, InvalidPatternMatchException { + throws ForbiddenException, PersistentEntityNotFound, InvalidPatternMatchException { EntityDescriptor existingEd = entityDescriptorRepository.findByResourceId(edRep.getId()); if (existingEd == null) { - throw new EntityNotFoundException(String.format("The entity descriptor with entity id [%s] was not found for update.", edRep.getId())); + throw new PersistentEntityNotFound(String.format("The entity descriptor with entity id [%s] was not found for update.", edRep.getId())); } if (edRep.isServiceEnabled() && !userService.currentUserCanEnable(existingEd)) { throw new ForbiddenException("You do not have the permissions necessary to enable this service."); @@ -456,10 +456,11 @@ public void updateDescriptorFromRepresentation(org.opensaml.saml.saml2.metadata. } @Override - public EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws EntityNotFoundException, ForbiddenException { + public EntityDescriptorRepresentation updateEntityDescriptorEnabledStatus(String resourceId, boolean status) throws + PersistentEntityNotFound, ForbiddenException { EntityDescriptor ed = entityDescriptorRepository.findByResourceId(resourceId); if (ed == null) { - throw new EntityNotFoundException("Entity with resourceid[" + resourceId + "] was not found for update"); + throw new PersistentEntityNotFound("Entity with resourceid[" + resourceId + "] was not found for update"); } if (!userService.currentUserCanEnable(ed)) { throw new ForbiddenException("You do not have the permissions necessary to change the enable status of this entity descriptor."); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java index c42bd7cad..aeab05669 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/JPAFilterServiceImpl.java @@ -1,11 +1,10 @@ package edu.internet2.tier.shibboleth.admin.ui.service; -import edu.internet2.tier.shibboleth.admin.ui.domain.IActivatable; import edu.internet2.tier.shibboleth.admin.ui.domain.filters.EntityAttributesFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter; import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.FilterRepresentation; import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.repository.FilterRepository; import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolverRepository; @@ -16,7 +15,6 @@ import org.springframework.transaction.interceptor.TransactionAspectSupport; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; import java.util.Optional; @@ -108,7 +106,7 @@ private void reloadFiltersAndHandleScriptException(String resolverResourceId) th */ @Override public MetadataFilter updateFilterEnabledStatus(String metadataResolverId, String resourceId, boolean status) - throws EntityNotFoundException, ForbiddenException, ScriptException { + throws PersistentEntityNotFound, ForbiddenException, ScriptException { MetadataResolver metadataResolver = metadataResolverRepository.findByResourceId(metadataResolverId); // Now we operate directly on the filter attached to MetadataResolver, @@ -116,7 +114,7 @@ public MetadataFilter updateFilterEnabledStatus(String metadataResolverId, Strin Optional filterTobeUpdatedOptional = metadataResolver.getMetadataFilters().stream() .filter(it -> it.getResourceId().equals(resourceId)).findFirst(); if (filterTobeUpdatedOptional.isEmpty()) { - throw new EntityNotFoundException("Filter with resource id[" + resourceId + "] not found"); + throw new PersistentEntityNotFound("Filter with resource id[" + resourceId + "] not found"); } MetadataFilter filterTobeUpdated = filterTobeUpdatedOptional.get(); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java index 6c921509e..b32e0d9f9 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/MetadataResolverService.java @@ -4,13 +4,12 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotFoundException; import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException; import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException; -import org.w3c.dom.Node; public interface MetadataResolverService { - public MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException; + public MetadataResolver findByResourceId(String resourceId) throws PersistentEntityNotFound; public Document generateConfiguration(); diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java index 64c029d96..8c1533a6d 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationService.java @@ -2,7 +2,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; @@ -14,7 +14,7 @@ public interface ShibConfigurationService { ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsException; - void delete(int resourceId) throws EntityNotFoundException; + void delete(int resourceId) throws PersistentEntityNotFound; List getAllConfigurationProperties(); @@ -22,9 +22,9 @@ public interface ShibConfigurationService { List getExistingPropertyNames(); - ShibPropertySet getSet(int resourceId) throws EntityNotFoundException; + ShibPropertySet getSet(int resourceId) throws PersistentEntityNotFound; ShibConfigurationProperty save(ShibConfigurationProperty prop); - ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException; + ShibPropertySet update(ShibPropertySet setToUpdate) throws PersistentEntityNotFound; } \ No newline at end of file diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java index 1c3c2a513..21a5605e9 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/service/ShibConfigurationServiceImpl.java @@ -3,7 +3,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibConfigurationProperty; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet; import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting; -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException; +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound; import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException; import edu.internet2.tier.shibboleth.admin.ui.repository.ProjectionIdAndName; import edu.internet2.tier.shibboleth.admin.ui.repository.ShibConfigurationRepository; @@ -39,17 +39,17 @@ public ShibPropertySet create(ShibPropertySet set) throws ObjectIdExistsExceptio getSet(set.getResourceId()); throw new ObjectIdExistsException(Integer.toString(set.getResourceId())); } - catch (EntityNotFoundException e) { + catch (PersistentEntityNotFound e) { // we don't want to find the object } return save(set); } @Override - public void delete(int resourceId) throws EntityNotFoundException { + public void delete(int resourceId) throws PersistentEntityNotFound { ShibPropertySet set = shibPropertySetRepository.findByResourceId(resourceId); if (set == null) { - throw new EntityNotFoundException(String.format("The property set with id [%s] was not found for update.", resourceId)); + throw new PersistentEntityNotFound(String.format("The property set with id [%s] was not found for update.", resourceId)); } shibPropertySettingRepository.deleteAll(set.getProperties()); shibPropertySetRepository.delete(set); @@ -71,10 +71,10 @@ public List getExistingPropertyNames() { } @Override - public ShibPropertySet getSet(int resourceId) throws EntityNotFoundException { + public ShibPropertySet getSet(int resourceId) throws PersistentEntityNotFound { ShibPropertySet result = shibPropertySetRepository.findByResourceId(resourceId); if (result == null) { - throw new EntityNotFoundException((String.format("The property set with id [%s] was not found.", resourceId))); + throw new PersistentEntityNotFound((String.format("The property set with id [%s] was not found.", resourceId))); } return result; } @@ -85,7 +85,7 @@ public ShibConfigurationProperty save(ShibConfigurationProperty prop) { } @Override - public ShibPropertySet update(ShibPropertySet setToUpdate) throws EntityNotFoundException { + public ShibPropertySet update(ShibPropertySet setToUpdate) throws PersistentEntityNotFound { getSet(setToUpdate.getResourceId()); // check that it exists, if not it'll throw an exception return save(setToUpdate); } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/TestConfiguration.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/TestConfiguration.groovy index f46eb33d8..1a044baf2 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/TestConfiguration.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/configuration/TestConfiguration.groovy @@ -61,7 +61,6 @@ class TestConfiguration { @Bean CustomEntityAttributesDefinitionServiceImpl customEntityAttributesDefinitionServiceImpl() { new CustomEntityAttributesDefinitionServiceImpl().with { - it.entityManager = entityManager it.repository = repository return it } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleControllerTests.groovy index 00e624b7e..567639f36 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/AttributeBundleControllerTests.groovy @@ -1,10 +1,10 @@ package edu.internet2.tier.shibboleth.admin.ui.controller -import com.fasterxml.jackson.databind.MapperFeature + import com.fasterxml.jackson.databind.ObjectMapper import edu.internet2.tier.shibboleth.admin.ui.configuration.ShibUIConfiguration import edu.internet2.tier.shibboleth.admin.ui.domain.AttributeBundle -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException import edu.internet2.tier.shibboleth.admin.ui.repository.AttributeBundleRepository import edu.internet2.tier.shibboleth.admin.ui.service.AttributeBundleService @@ -148,7 +148,7 @@ class AttributeBundleControllerTests extends Specification { mockMvc.perform(delete("/api/custom/entity/bundles/randomIDValdoesntexist")) false } catch (NestedServletException expected) { - expected instanceof EntityNotFoundException + expected instanceof PersistentEntityNotFound } when: "Delete what does exist" @@ -180,7 +180,7 @@ class AttributeBundleControllerTests extends Specification { mockMvc.perform(put('/api/custom/entity/bundles').contentType(APPLICATION_JSON).content(objectMapper.writeValueAsString(bundle))) false } catch (NestedServletException expected) { - expected.getCause() instanceof EntityNotFoundException + expected.getCause() instanceof PersistentEntityNotFound } when: "update bundle" diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy index 35bd77ea2..3ffbe12e0 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/EntityDescriptorControllerTests.groovy @@ -5,7 +5,7 @@ import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest import edu.internet2.tier.shibboleth.admin.ui.domain.EntityDescriptor import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.AssertionConsumerServiceRepresentation import edu.internet2.tier.shibboleth.admin.ui.domain.frontend.EntityDescriptorRepresentation -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException import edu.internet2.tier.shibboleth.admin.ui.exception.InvalidPatternMatchException import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException @@ -376,7 +376,7 @@ class EntityDescriptorControllerTests extends AbstractBaseDataJpaTest { mockMvc.perform(get("/api/EntityDescriptor/uuid-1")) } catch (Exception e) { - e instanceof EntityNotFoundException + e instanceof PersistentEntityNotFound } } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy index 2820533e9..6b54c7a0d 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/MetadataFiltersControllerTests.groovy @@ -8,7 +8,7 @@ import edu.internet2.tier.shibboleth.admin.ui.domain.exceptions.MetadataFileNotF import edu.internet2.tier.shibboleth.admin.ui.domain.filters.MetadataFilter import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.MetadataResolver import edu.internet2.tier.shibboleth.admin.ui.domain.resolvers.opensaml.OpenSamlChainingMetadataResolver -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.exception.ForbiddenException import edu.internet2.tier.shibboleth.admin.ui.exception.InitializationException import edu.internet2.tier.shibboleth.admin.ui.opensaml.OpenSamlObjects @@ -107,7 +107,7 @@ class MetadataFiltersControllerTests extends AbstractBaseDataJpaTest { } @Override - MetadataResolver findByResourceId(String resourceId) throws EntityNotFoundException { + MetadataResolver findByResourceId(String resourceId) throws PersistentEntityNotFound { // This won't get called return null } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy index c5ab4a003..8545362c4 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/controller/ShibPropertiesControllerTests.groovy @@ -4,7 +4,7 @@ import com.fasterxml.jackson.databind.ObjectMapper import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySet import edu.internet2.tier.shibboleth.admin.ui.domain.shib.properties.ShibPropertySetting -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.exception.ObjectIdExistsException import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySetRepository import edu.internet2.tier.shibboleth.admin.ui.repository.ShibPropertySettingRepository @@ -18,15 +18,11 @@ import spock.lang.Subject import javax.persistence.EntityManager import javax.transaction.Transactional -import static org.hamcrest.CoreMatchers.containsString import static org.springframework.http.MediaType.APPLICATION_JSON import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.delete import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.put -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath -import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status @@ -107,7 +103,7 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { mockMvc.perform(delete("/api/shib/property/set/010")) } catch (Exception e) { - e instanceof EntityNotFoundException + e instanceof PersistentEntityNotFound } when: @@ -128,7 +124,7 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { mockMvc.perform(get("/api/shib/property/set/0101")) } catch (Exception e) { - e instanceof EntityNotFoundException + e instanceof PersistentEntityNotFound } } @@ -194,7 +190,7 @@ class ShibPropertiesControllerTests extends AbstractBaseDataJpaTest { mockMvc.perform(put('/api/shib/property/set/1234').contentType(APPLICATION_JSON).content(jsonBody)) } catch (Exception e) { - e instanceof EntityNotFoundException + e instanceof PersistentEntityNotFound } } diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy index 1635ed35f..1615a81ee 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/repository/EntityDescriptorRepositoryTest.groovy @@ -122,10 +122,9 @@ class EntityDescriptorRepositoryTest extends AbstractBaseDataJpaTest { @Bean CustomEntityAttributesDefinitionServiceImpl customEntityAttributesDefinitionServiceImpl(EntityManager entityManager, CustomEntityAttributeDefinitionRepository customEntityAttributeDefinitionRepository) { new CustomEntityAttributesDefinitionServiceImpl().with { - it.entityManager = entityManager it.repository = customEntityAttributeDefinitionRepository return it } } } -} +} \ No newline at end of file diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy index c4a76e832..bb4613f6b 100644 --- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy +++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/GroupsControllerIntegrationTests.groovy @@ -1,14 +1,13 @@ package edu.internet2.tier.shibboleth.admin.ui.security.controller import edu.internet2.tier.shibboleth.admin.ui.AbstractBaseDataJpaTest -import edu.internet2.tier.shibboleth.admin.ui.exception.EntityNotFoundException +import edu.internet2.tier.shibboleth.admin.ui.exception.PersistentEntityNotFound import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupDeleteException import edu.internet2.tier.shibboleth.admin.ui.security.exception.GroupExistsConflictException import edu.internet2.tier.shibboleth.admin.ui.security.model.Group import edu.internet2.tier.shibboleth.admin.ui.security.model.Role import edu.internet2.tier.shibboleth.admin.ui.security.model.User import edu.internet2.tier.shibboleth.admin.ui.security.repository.GroupsRepository -import edu.internet2.tier.shibboleth.admin.ui.security.service.IGroupService import edu.internet2.tier.shibboleth.admin.ui.util.WithMockAdmin import groovy.json.JsonOutput import org.springframework.beans.factory.annotation.Autowired @@ -117,7 +116,7 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest { .accept(MediaType.APPLICATION_JSON)) false } catch (Throwable expected) { - expected instanceof EntityNotFoundException + expected instanceof PersistentEntityNotFound } } @@ -158,7 +157,7 @@ class GroupsControllerIntegrationTests extends AbstractBaseDataJpaTest { mockMvc.perform(get("$RESOURCE_URI/CCC")) false } catch (Throwable expected) { - expected instanceof EntityNotFoundException + expected instanceof PersistentEntityNotFound } } From 966485bf4250661672ebc377c6371a5245f7be80 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 8 Sep 2022 10:57:51 -0700 Subject: [PATCH 60/63] Added validation for number --- ui/src/app/admin/component/ConfigurationForm.js | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index 747a70452..d6029481b 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -159,7 +159,9 @@ export function ConfigurationForm({ configurations, configuration = {}, loading, + {...register(`properties.${idx}.propertyValue`, { + valueAsNumber: p.displayType === 'number' + })} /> : Date: Thu, 8 Sep 2022 11:08:36 -0700 Subject: [PATCH 61/63] Updated validation to only allow integers for numbers --- ui/src/app/admin/component/ConfigurationForm.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index d6029481b..a1560ce42 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -160,7 +160,7 @@ export function ConfigurationForm({ configurations, configuration = {}, loading, type={p.displayType === 'number' ? 'number' : 'text'} placeholder="value" {...register(`properties.${idx}.propertyValue`, { - valueAsNumber: p.displayType === 'number' + setValueAs: v => (p.displayType === 'number' ? parseInt(v) : v), })} /> : From eff2efe56b595298653f3e342b96cdf8108f1dd2 Mon Sep 17 00:00:00 2001 From: Ryan Mathis Date: Thu, 8 Sep 2022 11:12:34 -0700 Subject: [PATCH 62/63] Added text displaytype change --- ui/src/app/admin/component/ConfigurationForm.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ui/src/app/admin/component/ConfigurationForm.js b/ui/src/app/admin/component/ConfigurationForm.js index a1560ce42..bceac7a42 100644 --- a/ui/src/app/admin/component/ConfigurationForm.js +++ b/ui/src/app/admin/component/ConfigurationForm.js @@ -150,7 +150,7 @@ export function ConfigurationForm({ configurations, configuration = {}, loading, { p.propertyName } { p.category } - { p.displayType } + { p.displayType === 'number' ? 'integer' : p.displayType } {p.displayType !== 'boolean' ? Date: Thu, 8 Sep 2022 12:40:29 -0700 Subject: [PATCH 63/63] SHIBUI-2270 Bug fix for ints when no value present --- .../properties/ShibPropertySettingJacksonSerializer.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java index 6bd5b926c..c625c9acb 100644 --- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java +++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/domain/shib/properties/ShibPropertySettingJacksonSerializer.java @@ -31,7 +31,11 @@ public void serialize(ShibPropertySetting sps, JsonGenerator generator, Serializ generator.writeBooleanField("propertyValue", Boolean.valueOf(sps.getPropertyValue())); break; case "number": - generator.writeNumberField("propertyValue", Long.parseLong(sps.getPropertyValue())); + try { + generator.writeNumberField("propertyValue", Long.parseLong(sps.getPropertyValue())); + } catch (NumberFormatException notANumber) { + generator.writeStringField("propertyValue", sps.getPropertyValue()); + } break; default: generator.writeStringField("propertyValue", sps.getPropertyValue());